flash

ACH WIRE PAYMENT ADVICE..xlsx

Status: finished
Submission Time: 13.01.2021 19:45:46
Malicious
Phishing
Exploiter
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    339280
  • API (Web) ID:
    580481
  • Analysis Started:
    13.01.2021 19:45:47
  • Analysis Finished:
    13.01.2021 20:05:49
  • MD5:
    a66a202e970df086cc265cb646127bfb
  • SHA1:
    c8986173e16bb9b0703490afba594ec5eef08a4a
  • SHA256:
    e29c6206512f1f778f1af9a1ff2af2bb82107271e00c873930398b703294d75e
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
52/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
56/100

IPs

IP Country Detection
13.224.194.7
United States
162.247.242.19
United States
54.190.208.247
United States
Click to see the 7 hidden entries
143.204.93.100
United States
143.204.99.83
United States
162.247.242.21
United States
239.255.255.250
Reserved
108.177.126.132
United States
143.204.93.16
United States
54.69.177.146
United States

Domains

Name IP Detection
d296je7bbdd650.cloudfront.net
143.204.99.83
api.segment.io
54.69.177.146
d2citsn5wf4j9j.cloudfront.net
143.204.93.100
Click to see the 11 hidden entries
d2nvsmtq2poimt.cloudfront.net
143.204.93.16
bam.nr-data.net
162.247.242.21
googlehosted.l.googleusercontent.com
108.177.126.132
d2p6vz8nayi9a3.cloudfront.net
13.224.194.7
clients2.googleusercontent.com
0.0.0.0
cdn.segment.com
0.0.0.0
renderer-assets.typeform.com
0.0.0.0
public-assets.typeform.com
0.0.0.0
js-agent.newrelic.com
0.0.0.0
images.typeform.com
0.0.0.0
24mbw17feyn.typeform.com
0.0.0.0

URLs

Name Detection
https://api.diagnosticssdf.office.com
https://login.microsoftonline.com/
https://shell.suite.office.com:1443
Click to see the 97 hidden entries
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
https://autodiscover-s.outlook.com/
https://renderer-assets.typeform.com/vendors~phonenumber.32d788474b661d4d3074.js
https://renderer-assets.typeform.com/blocks-matrix.0544beec0e1a4e11a24a.js
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://public-assets.typeform.com/public/favicon/favicon-16x16.png
https://cdn.entity.
https://renderer-assets.typeform.com/phonenumber.6ea5ec50b9fa21e816ff.js
https://24mbw17feyn.typeform.com/to/ZlFRrg5sMlCR0S0FT
https://api.addins.omex.office.net/appinfo/query
https://wus2-000.contentsync.
https://clients.config.office.net/user/v1.0/tenantassociationkey
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
https://powerlift.acompli.net
https://rpsticket.partnerservices.getmicrosoftkey.com
https://typeform.com/
https://lookup.onenote.com/lookup/geolocation/v1
https://cdn.segment.com
https://cortana.ai
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://public-assets.typeform.com/public/favicon/browserconfig.xml
https://public-assets.typeform.com/public/favicon/site.webmanifest
https://cloudfiles.onenote.com/upload.aspx
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
https://entitlement.diagnosticssdf.office.com
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://api.aadrm.com/
https://public-assets.typeform.com
https://images.typeform.com
https://ofcrecsvcapi-int.azurewebsites.net/
https://public-assets.typeform.com/public/favicon/apple-touch-icon.png
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://api.microsoftstream.com/api/
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot
https://cr.office.com
https://cdn.segment.com/analytics.js/v1/9at6spGDYXelHDdz4r0cP73b3wV1f0ri/analytics.min.js
https://portal.office.com/account/?ref=ClientMeControl
http://www.reddit.com/
https://ecs.office.com/config/v2/Office
https://graph.ppe.windows.net
https://res.getmicrosoftkey.com/api/redemptionevents
https://powerlift-frontdesk.acompli.net
https://tasks.office.com
https://officeci.azurewebsites.net/api/
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
https://dns.google
https://store.office.cn/addinstemplate
https://wus2-000.pagecontentsync.
https://outlook.office.com/autosuggest/api/v1/init?cvid=
https://globaldisco.crm.dynamics.com
https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://store.officeppe.com/addinstemplate
https://dev0-api.acompli.net/autodetect
https://www.odwebp.svc.ms
https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top
https://api.powerbi.com/v1.0/myorg/groups
https://web.microsoftstream.com/video/
https://graph.windows.net
https://dataservice.o365filtering.com/
https://renderer-assets.typeform.com
https://officesetup.getmicrosoftkey.com
https://analysis.windows.net/powerbi/api
https://prod-global-autodetect.acompli.net/autodetect
https://24mbw17feyn.typeform.com/to/ZlFRrg5sz
https://outlook.office365.com/autodiscover/autodiscover.json
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
http://www.youtube.com/
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
https://public-assets.typeform.com/public/favicon/favicon-32x32.png-
https://github.com/js-cookie/js-cookie
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
http://weather.service.msn.com/data.aspx
https://apis.live.net/v5.0/
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
https://renderer-assets.typeform.com/vendors~attachment.6e37d3fcdf703c1517e1.js
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://feedback.googleusercontent.com
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
https://api.segment.io
https://management.azure.com
https://public-assets.typeform.com/public/favicon/favicon-32x32.png
https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT
https://incidents.diagnostics.office.com
https://clients.config.office.net/user/v1.0/ios
https://renderer-assets.typeform.com/vendors~blocks-ranking.f8aee16223a106724ea1.js
https://insertmedia.bing.office.net/odc/insertmedia
https://o365auditrealtimeingestion.manage.office.com
https://outlook.office365.com/api/v1.0/me/Activities
https://api.office.net
https://incidents.diagnosticssdf.office.com
https://asgsmsproxyapi.azurewebsites.net/
https://clients.config.office.net/user/v1.0/android/policies
https://github.com/kof/animationFrame

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZlFRrg5s[1].htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\06bc3361-d8cd-49e4-8179-fa6669ef9440.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\0793a687-1f65-4732-8b2a-c195738cb07c.tmp
ASCII text, with very long lines, with no line terminators
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\0daa239f-c2f1-497f-a03b-d83a2dde088f.tmp
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\2142d810-d0fd-4283-982d-74e4029f24e3.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\25d33ad3-8e2d-4c82-ac05-468efc067692.tmp
SysEx File -
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\3778490d-51e1-4011-a535-4e5c5b24193b.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\39c4aff4-8de1-4f02-8578-c2433955c8e4.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\748b0c34-1a12-4268-bcec-551967eff599.tmp
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05835c44-982c-44b5-913a-2d082b35336b.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05f90d01-05c6-4c9e-8eee-cd2c527f665c.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\275d7afb-2a2f-471c-8364-036aeb480a2a.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\433510f9-d009-4436-b79d-8362dbef739a.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7db05ec8-0ce4-444f-9033-de204e61a328.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\885d0152-61f9-4bc2-8f6d-3463cb597828.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8fcd80dd-fcff-4532-9690-4adef02e9067.tmp
very short file (no magic)
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\06e7ddbb9e13886c_0
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\45f83ee2a5dff1fd_0
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b4c207083ca8268_0
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75b6d577ef7e1c2b_0
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
x86 executable not stripped
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ea1248e2-0a9f-4741-8e90-d8c262f479e6.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\20e2898a-d285-4d9f-8d10-b7e7f4aba100.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c44fee25-0092-40ac-a9da-5f73eae89e17.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
MPEG-4 LOAS
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa91f3b9-9420-45a4-80ce-8851f76db981.tmp
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
ASCII text
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.18.0\Indexing in Progress
empty
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir1380_2128720777\Ruleset Data
data
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\a53bfe15-510a-4783-8735-83614c03a371.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\a85084f5-fe15-4d9b-8431-bdec6b2b0a77.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\b8b4bedb-dcae-4f37-b100-d8f672b30c59.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\d79b57a5-124b-4867-9ec0-2946e4bc40a5.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\df951774-713f-4ed2-a238-1938e7fec817.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Google\Chrome\User Data\f1518fdb-9dbc-4a48-aa35-2ffa77485d5a.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\24mbw17feyn.typeform[1].xml
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BFCE4E7-55D1-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BFCE4E9-55D1-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D4DE5721-EBA8-4504-8FEE-A00A3563C20B
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B4F4C909.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 816x1056, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\LnkQ4hGmxTTD[1].png
PNG image data, 131 x 109, 8-bit/color RGBA, non-interlaced
#