top title background image
flash

c0nnect1on.dll

Status: finished
Submission Time: 2020-11-23 15:36:12 +01:00
Malicious
E-Banking Trojan
Trojan
Ursnif

Comments

Tags

  • dll
  • gozi
  • isfb
  • tributaria
  • ursnif

Details

  • Analysis ID:
    321698
  • API (Web) ID:
    545209
  • Analysis Started:
    2020-11-23 15:36:12 +01:00
  • Analysis Finished:
    2020-11-23 15:43:05 +01:00
  • MD5:
    f513e66221bb1f41b136bb57f6ac6f8a
  • SHA1:
    fab7b5327f30fc454d1a3e6abbcecafdfc6a8c94
  • SHA256:
    8a6d1c13983162c59ba681bcbad0b8c0b9cbf87fb06750125bb97172b7206605
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 84
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 11/69
malicious
Score: 6/48

IPs

IP Country Detection
13.224.89.213
United States
87.248.118.22
United Kingdom
151.101.1.44
United States

Domains

Name IP Detection
contextual.media.net
104.84.56.24
tls13.taboola.map.fastly.net
151.101.1.44
ocsp.sca1b.amazontrust.com
13.224.89.213
Click to see the 9 hidden entries
hblg.media.net
104.84.56.24
lg3.media.net
104.84.56.24
edge.gycpi.b.yahoodns.net
87.248.118.22
s.yimg.com
0.0.0.0
web.vortex.data.msn.com
0.0.0.0
www.msn.com
0.0.0.0
srtb.msn.com
0.0.0.0
img.img-taboola.com
0.0.0.0
cvision.media.net
0.0.0.0

URLs

Name Detection
https://www.admo.tv/en/privacy-policy
https://www.msn.com/de-ch/news/other/damit-es-nicht-zu-einem-superspreader-event-kommt-der-z%c3%bcrc
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
Click to see the 97 hidden entries
https://cdn.cookielaw.org/vendorlist/iabData.json
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://rover.ebay.com/rover/1/5222-53480-19255-0/1?mpre=https%3A%2F%2Fwww.ebay.ch&campid=533862
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=ObUtL9YGIS.PWvauy0ezMef80.V_I.M3Guu3Gi5BxXBhsn2Y
https://outlook.com/
https://cdn.cookielaw.org/vendorlist/googleData.json
http://www.bullguard.com0
https://www.bet365affiliates.com/UI/Pages/Affiliates/Affiliates.aspx?ContentPath
https://policies.oath.com/us/en/oath/privacy/index.html
http://www.globalsign.net/repository/0
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://www.msn.com/de-ch/news/other/ein-markantes-warenhaus-beim-z%c3%bcrcher-bellevue-erh%c3%a4lt-
https://onedrive.live.com;OneDrive-App
https://channelpilot.co.uk/privacy-policy
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://www.blackfridaydeals.ch/?utm_source=ms&utm_campaign=topnav
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://www.skype.com/de/download-skype
http://popup.taboola.com/german
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://onedrive.live.com/#qt=mru
https://www.msn.com/de-ch/news/other/seniorin-in-villa-get%c3%b6tet-mann-nach-23-jahren-angeklagt/ar
https://www.blackfridaydeals.ch/neuste-angebote?utm_source=ms&utm_campaign=shop-trends
http://secure.globalsign.net/cacert/PrimObject.crt0
https://www.msn.com/de-ch/news/other/neugestaltung-des-hafens-enge-in-z%c3%bcrich-von-der-vision-ein
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
https://outlook.live.com/calendar
https://quantyoo.de/datenschutz
https://twitter.com/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://listonic.com/privacy/
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://onedrive.live.com/about/en/download/
https://www.bidstack.com/privacy-policy/
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://www.blackfridaydeals.ch/?utm_source=ms&utm_campaign=mestripe
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://srtb.msn.com:443/notify/viewedg?rid=60e2a00771ca4ab7b4991de18b94ef3e&r=infopane&i=3&
https://www.msn.com/de-ch/homepage/api/modules/fetch"
https://www.msn.com/de-ch/?ocid=iehp
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
http://www.globalsign.net/repository09
https://onedrive.live.com/?qt=mru;Aktuelle
https://outlook.live.com/mail/deeplink/compose;Kalender
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://www.msn.com/de-ch/nachrichten/regional
https://www.msn.com/de-ch/nachrichten/schweiz/sind-die-badis-in-z%c3%bcrich-bald-gratis-f%c3%bcr-all
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.blackfridaydeals.ch/neuste-angebote?utm_source=ms&utm_campaign=shop-gross
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
https://www.skype.com/
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
https://web.vortex.data.msn.com/collect/v1
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://amzn.to/2TTxhNg
https://s.yimg.com/lo/api/res/1.2/BXjlWewXmZ47HeV5NPvUYA--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
http://ogp.me/ns/fb#
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.msn.com/de-ch/news/other/dank-dna-spur-77-j%c3%a4hriger-kommt-nach-23-jahren-vor-gericht
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://onedrive.live.com;Fotos
https://www.msn.com/de-ch/news/other/polizei-nimmt-15-j%c3%a4hrigen-nach-brand-in-kirche-fest/ar-BB1
https://www.remixd.com/privacy_policy.html
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
http://searchads.msn.net/.cfm?&&kp=1&
https://twitter.com/i/notifications;Ich
https://www.msn.com/de-ch/news/other/z%c3%bcrich-%c3%b6ffnet-die-kasse-im-kampf-gegen-%c3%b6lheizung
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
http://ocsp.sca1b.amazontrust.com/images/Pux8dOBwJZWuSiFDST3_/2BtAMW_2BxiZINj_2Fa/roJ_2F7y_2BDYLNkZO9xqd/D5W_2FNAu6wEU/_2BIs0PY/ClHv9G73ORLpI9tSWpPUhGU/an2FZ86NkD/bTWQCL27ypXMstaf0/wM5YPFPEjKG_/2FgmX0YPs7a/JyEAH_2B/_2ByqTe.avi
https://docs.prebid.org/privacy.html
http://ogp.me/ns#
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://portal.eu.numbereight.me/policies-license#software-privacy-notice
https://www.gadsme.com/privacy-policy/
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
http://secure.globalsign.net/cacert/ObjectSign.crt09
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-verticals-shoppinghub
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=3sR5VNsGIS.ZgTVy66.vQEzcMlMLFv777_3VON92Onrh
https://www.msn.com/de-ch
https://bealion.com/politica-de-cookies
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://www.msn.com/de-ch/
https://www.brightcom.com/privacy-policy/
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB10MkbM[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AA7XCQ3[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\AA3DGHW[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\87e5c478-82d7-43e3-8254-594bbfda55c7[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\41-0bee62-68ddb2ab[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\otSDKStub[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\otPcCenter[1].json
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\otFlat[1].json
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery-2.1.1.min[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\fcmain[1].js
HTML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\de-ch[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1b7QJq[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\checksync[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cfdbd9[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBRUB0d[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BBK9Ri5[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB7hg4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhvFt[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhum3[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhuK1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bho5n[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhnz8[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhmqN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBUE92F[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\1599143076228-3140[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 622x367, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\otTCF-ie[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___res.cloudinary.com_taboola_image_upload_v1605710952_iaw9hiklq59yhcl0e7r9[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___cdn.taboola.com_libtrc_static_thumbnails_d13c17567194ae739ea2893b05cc0dff[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___cdn.taboola.com_libtrc_static_thumbnails_cf4d537aaf8d1a7be3eaac9e354c5338[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http___cdn.taboola.com_libtrc_static_thumbnails_a4ccf350164d3e6271363f0479a8806d[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fcmain[1].js
HTML document, ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\e151e5[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBnYSFZ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BBih5H[1].png
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhlHf[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB7hjL[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bhuhe[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bhqn3[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bhmsl[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bhhzT[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bh9ai[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bh66f[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bgpUC[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bgP6C[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bgI8T[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\BB1bgAem[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1b6vzA[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBO5Geh[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBK9Hzy[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB7gRE[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB6Ma4a[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bhv3t[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bhpVd[2].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bhpVd[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bhaGv[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bh8rt[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bh7Pm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bgTWA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1bgE4r[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBPfCZL[1].png
GIF image data, version 89a, 50 x 50
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB1aUuFe[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB17milU[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BB16XTwx[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\AA42pjY[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\39ab3103-8560-4a55-bfc4-401f897cf6f2[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2F75D3E-2DE4-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9A24DDA-2DE4-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9A24DD8-2DE4-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C9A24DD6-2DE4-11EB-90E4-ECF4BB862DED}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\JYZ7SEN2\www.msn[1].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\58-acd805-185735b[1].css
UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bhCcj[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bh6Bn[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bgJ9x[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bgIOY[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 522x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB1bbLVo[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB15AQNm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\BB14hq0P[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAyuliQ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AAuTnto[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\AA9GNjr[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\85-0f8009-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\755f86[1].png
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\INSEMUCK\contextual.media[1].xml
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\iab2Data[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1536-1200x800_1000x600_3d1f4ee58d128a9df236802b1ad476b2[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_SKP_1158244991__6xZ2SS9S[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\de-ch[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\auction[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\a5ea21[1].ico
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBX2afX[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBVuddh[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\BBSdFEK[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#