Joe Sandbox Cloud Basic
Register Login
sloganpng
flash

ph0t0.jpg.dll

Status: finished
Submission Time: 16.12.2020 13:32:33
Malicious
E-Banking Trojan
Trojan
Ursnif

Comments

Tags

  • dll
  • gozi
  • isfb
  • status
  • ursnif

Details

  • Analysis ID:
    331190
  • API (Web) ID:
    564211
  • Analysis Started:
    16.12.2020 13:32:34
  • Analysis Finished:
    16.12.2020 13:40:36
  • MD5:
    49fc40f6d58c4f97a38283cd530bf3bb
  • SHA1:
    03a0799b99bef6cabb8e4c704cc1dded20ff6590
  • SHA256:
    4d36701a7ece574dda56feaca4b70d9ee395ccf6c6522142028120b62324efc8
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
72/100

malicious
8/46

IPs

IP Country Detection
143.204.15.36
 United States
151.101.1.44
 United States

Domains

Name IP Detection
contextual.media.net
 104.84.56.24
tls13.taboola.map.fastly.net
 151.101.1.44
ocsp.sca1b.amazontrust.com
 143.204.15.36
Click to see the 7 hidden entries
hblg.media.net
 104.84.56.24
lg3.media.net
 104.84.56.24
web.vortex.data.msn.com
 0.0.0.0
www.msn.com
 0.0.0.0
srtb.msn.com
 0.0.0.0
img.img-taboola.com
 0.0.0.0
cvision.media.net
 0.0.0.0

URLs

Name Detection
http://searchads.msn.net/.cfm?&&kp=1&
https://contextual.media.net/medianet.php?cid=8CU157172
https://www.msn.com/de-ch/nachrichten/coronareisen
Click to see the 97 hidden entries
https://www.msn.com/de-ch/news/other/lieber-ein-prozent-der-z%c3%bcrcher-waldfl%c3%a4che-opfern-als-
https://www.remixd.com/privacy_policy.html
https://onedrive.live.com;Fotos
https://www.msn.com/de-ch/news/other/schwarzenbach-unterliegt-letztinstanzlich-gegen-zolldirektion/a
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
http://ogp.me/ns/fb#
http://ocsp.sca1b.amazontrust.com/images/5JhkJtPD4e/VRhyLoiVLAIr9eFKQ/2lmSp516bWHX/qffYvJ7L20m/7RHhI6LRTXjc2g/GUpKL4tPYabvuYIt4T_2B/e8CNeniQZ9_2F_2F/Wmx1Mb5VZltjnUN/XbcCgnja2ylcPJVoMZ/JiYsLnkKq/J54WbSOrHibAX6o5JE4X/LnstEwdi2_2B3ZTsteA/kNZYymy6/r2lBEdpUc/D.avi
https://outlook.live.com/mail/deeplink/compose;Kalender
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://web.vortex.data.msn.com/collect/v1
https://www.office.com/?omkt=de-ch%26WT.mc_id=MSN_site
https://www.skype.com/
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_fill%
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.msn.com/de-ch/nachrichten/regional
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://clkde.tradedoubler.com/click?p=220135&a=3064090&g=24798862&epi=dech
https://amzn.to/2TTxhNg
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://client-s.gateway.messenger.live.com
https://www.brightcom.com/privacy-policy/
https://www.msn.com/de-ch/
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://bealion.com/politica-de-cookies
https://www.msn.com/de-ch
https://twitter.com/i/notifications;Ich
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://www.gadsme.com/privacy-policy/
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24903118&epi=dech-shoppingstri
https://portal.eu.numbereight.me/policies-license#software-privacy-notice
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://www.msn.com/de-ch/news/other/z%c3%bcrcher-unispital-stellte-zu-hohe-rechnungen/ar-BB1bX9Ae?o
http://ogp.me/ns#
https://docs.prebid.org/privacy.html
https://onedrive.live.com/?qt=mru;OneDrive-App
https://www.skype.com/de
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://www.skype.com/de/download-skype
https://www.stroeer.de/fileadmin/de/Konvergenz_und_Konzepte/Daten_und_Technologien/Stroeer_SSP/Downl
https://clkde.tradedoubler.com/click?p=235514&a=3064090&g=24888006&epi=dech-shoppingstri
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://channelpilot.co.uk/privacy-policy
https://onedrive.live.com;OneDrive-App
https://www.msn.com/de-ch/news/other/zwei-m%c3%a4nner-hantieren-im-wald-mit-waffe-18-j%c3%a4hriger-v
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://www.admo.tv/en/privacy-policy
https://www.bet365affiliates.com/UI/Pages/Affiliates/Affiliates.aspx?ContentPath
https://cdn.cookielaw.org/vendorlist/googleData.json
https://www.msn.com/de-ch/news/other/die-klima-allianz-wird-in-der-budgetdebatte-des-kantonsrats-vom
https://outlook.com/
https://rover.ebay.com/rover/1/5222-53480-19255-0/1?mpre=https%3A%2F%2Fwww.ebay.ch&campid=533862
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://onedrive.live.com/?qt=mru;Aktuelle
https://www.msn.com/de-ch/?ocid=iehp
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://www.msn.com/de-ch/homepage/api/modules/fetch"
https://www.msn.com/de-ch/news/other/die-z%c3%bcrcher-spitaldirektoren-reden-klartext-das-personal-i
https://mem.gfx.ms/meversion/?partner=msn&market=de-ch"
https://www.msn.com/de-ch/news/other/16-j%c3%a4hriger-nach-raub-auf-tankstelle-verhaftet/ar-BB1bYoVK
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
https://www.bidstack.com/privacy-policy/
https://onedrive.live.com/about/en/download/
http://popup.taboola.com/german
https://listonic.com/privacy/
https://www.msn.com/de-ch/news/other/koala-baby-im-zoo-z%c3%bcrich-heisst-uki/ar-BB1bY20c?ocid=hploc
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://twitter.com/
https://quantyoo.de/datenschutz
https://outlook.live.com/calendar
https://www.msn.com/de-ch/news/other/unispital-z%c3%bcrich-erstattet-strafanzeige-der-ehemalige-kief
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
https://onedrive.live.com/#qt=mru
https://api.taboola.com/2.0/json/msn-ch-de-home/recommendations.notify-click?app.type=desktop&ap
https://www.msn.com?form=MY01O4&OCID=MY01O4
https://www.vidstart.com/wp-content/uploads/2018/09/PrivacyPolicyPDF-Vidstart.pdf
https://support.skype.com
https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&vertical=custom&pageType=
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
https://clk.tradedoubler.com/click?p=245744&a=3064090&g=21863656
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&http
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_shop_de&utm
https://related.hu/adatkezeles/
https://login.skype.com/login/oauth/microsoft?client_id=738133
https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.msn[2].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\contextual.media[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E565FD9D-3F9A-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E565FD9F-3F9A-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E565FDA1-3F9A-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F060ADE1-3F9A-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF931D1E-3F9A-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\755f86[1].png
 PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AA3DGHW[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAud6Gv[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bUDo1[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bWZJK[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bXYX5[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bY1En[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x75, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bY1ay[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bY68x[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bY8VN[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bYeya[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bYgi1[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bYksm[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bYlIe[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1bYxhA[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB5kTiV[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BBVuddh[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\a5ea21[1].ico
 PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\auction[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\cfdbd9[1].png
 PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\dnserror[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\down[1]
 PNG image data, 15 x 15, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http___cdn.taboola.com_libtrc_static_thumbnails_06326605864354eef8d69459f54ecc0c[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http___cdn.taboola.com_libtrc_static_thumbnails_7f071e17c75c4ca4021698560cce4677[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http___cdn.taboola.com_libtrc_static_thumbnails_d13c17567194ae739ea2893b05cc0dff[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nrrV37338[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\otFlat[1].json
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\otTCF-ie[1].js
 UTF-8 Unicode text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\41-0bee62-68ddb2ab[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\85-0f8009-68ddb2ab[1].js
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAJwoCz[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 300x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAm2UN1[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bQst5[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bXO1e[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bXOUS[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYaNc[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYi6g[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYjzW[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 240x240, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYn4f[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYuWp[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 100x75, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYwm5[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1bYwsu[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB7gRE[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB7hjL[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BBK9Hzy[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BBK9Ri5[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BBnYSFZ[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\checksync[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\checksync[2].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\http___cdn.taboola.com_libtrc_static_thumbnails_41c53c72b6b824c793704a0cf89c11a0[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\http___cdn.taboola.com_libtrc_static_thumbnails_523c3eaf0f6276e7cbeb9a17607725d1[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\http___cdn.taboola.com_libtrc_static_thumbnails_d809b3bf75677f1637f9e05a0b29dfb7[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\https___console.brax-cdn.com_creatives_b9476698-227d-4478-b354-042472d9181c_TB1002-selfie_marco_paul-1200x800_1000x600_fa422e2ede76a3b5c5f880e9c4670f4a[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-2.1.1.min[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\log[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\medianet[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\medianet[2].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4996b9[1].woff
 Web Open Font Format, TrueType, length 45633, version 1.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AA6SFRQ[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB15AQNm[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 192x192, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bXAWm[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bXEd9[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bXXZJ[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYdih[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYjTS[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYkmE[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYqG1[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYqG1[2].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 310x166, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYtdP[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 311x333, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYtwO[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 622x368, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1bYxKB[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 206x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB6Ma4a[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB7hg4[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBRUB0d[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBXXVfm[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\de-ch[1].json
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\fcmain[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http___cdn.taboola.com_libtrc_static_thumbnails_1e4091290181127afd26f5ddc1896b0d[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http___cdn.taboola.com_libtrc_static_thumbnails_58173fe6bb339f0c1e1ea29dc31fee52[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\iab2Data[1].json
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\otBannerSdk[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\otPcCenter[1].json
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\otSDKStub[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5096d619-1503-4dc7-8fad-e2ece705fa8a[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\5284c00c-0b6e-439c-9e27-03c3bb27bbf0[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\58-acd805-185735b[1].css
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AA3e6zI[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\AAyuliQ[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\BB10MkbM[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #