Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

609110f2d14a6.dll

Status: finished
Submission Time: 2021-05-04 11:23:40 +02:00
Malicious
Trojan
Ursnif

Comments

Tags

  • BRT
  • dll
  • geo
  • Gozi
  • isfb
  • ITA
  • Ursnif

Details

  • Analysis ID:
    403746
  • API (Web) ID:
    709645
  • Analysis Started:
    2021-05-04 11:29:25 +02:00
  • Analysis Finished:
    2021-05-04 11:40:16 +02:00
  • MD5:
    4ea47e933317499aecc740bfd9adcbb8
  • SHA1:
    6b26f847dad738687c05c039d738d2f09293b414
  • SHA256:
    5d002f8a395fcc9a680a9ef4f78a8674cc0757850b02bf12a8ef4df79e2e4bd3
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 64
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
193.239.84.195
 Romania
74.125.133.155
 United States
40.97.156.114
 United States
Click to see the 13 hidden entries
52.98.152.162
 United States
66.254.114.238
 United States
192.229.221.215
 United States
40.101.137.34
 United States
142.250.185.227
 United States
192.229.221.206
 United States
66.254.114.38
 United States
205.185.208.79
 United States
205.185.208.142
 United States
54.154.149.76
 United States
64.210.135.72
 United States
66.254.114.32
 United States
64.210.135.70
 United States

Domains

Name IP Detection
morelunonu.us
 193.239.85.9
dorelunonu.us
 193.239.84.195
outlook.office365.com
 0.0.0.0
Click to see the 34 hidden entries
static.trafficjunky.com
 0.0.0.0
ht-cdn.trafficjunky.net
 0.0.0.0
bmedia.justservingfiles.net
 0.0.0.0
www.sffsdvc.com
 0.0.0.0
www.redtube.com
 0.0.0.0
ci.rdtcdn.com
 0.0.0.0
cdn1d-static-shared.phncdn.com
 0.0.0.0
eu-adsrv.rtbsuperhub.com
 0.0.0.0
sffsdvc.com
 192.99.16.114
stats.g.doubleclick.net
 0.0.0.0
vz-cdn.trafficjunky.net
 0.0.0.0
ht.redtube.com
 0.0.0.0
hw-cdn.trafficjunky.net
 0.0.0.0
www.imglnke.com
 0.0.0.0
www.outlook.com
 0.0.0.0
ei.rdtcdn.com
 0.0.0.0
v.vfgte.com
 0.0.0.0
tp-rtb-adserver-eu.eu-west-1.elasticbeanstalk.com
 54.154.149.76
ht-cdn.trafficjunky.net.sds.rncdn7.com
 64.210.135.72
stivers-ricsovers.com
 18.195.174.160
cs742.wpc.rncdn4.com
 192.229.221.215
stats.l.doubleclick.net
 74.125.133.155
redtube.com
 66.254.114.238
vip0x055.ssl.rncdn5.com
 205.185.208.85
cs733.wpc.rncdn4.com
 192.229.221.206
api.globalsign.cloud
 104.18.25.243
vip0x08e.ssl.rncdn5.com
 205.185.208.142
HHN-efz.ms-acdc.office.com
 40.101.137.34
vip0x04f.ssl.rncdn5.com
 205.185.208.79
hubtraffic.com
 66.254.114.32
outlook.com
 40.97.156.114
ei.rdtcdn.com.sds.rncdn7.com
 64.210.135.72
ads.trafficjunky.net
 66.254.114.38
www.google.de
 142.250.185.227

URLs

Name Detection
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202011/27/38443391/original/10.jpg
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/202011/27/38443391/original/10.jpg
https://ei.rdtcdn.com/m=eah-8f/media/videos/201908/01/19797721/original/12.jpg
Click to see the 97 hidden entries
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/201908/01/19797721/original/12.webp
http://www.twitter.com/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201507/17/1191234/original/10.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202011/14/37995051/original/
https://ci.rdtcdn.com/m=bIa44NVg5p/media/videos/201908/30/21091451/original/12.webp
https://ei.rdtcdn.com/m=eah-8f/media/videos/202009/23/36306321/original/12.jpg
https://ci.rdtcdn.com/m=bIaC8JVg5p/media/videos/201507/17/1191234/original/10.webp
https://ew.rdtcdn.com/media/videos/201905/02/16280471/360P_360K_16280471_fb.mp4
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201908/30/21091451/original/12.jpg
https://ei.rdtcdn.com/www-static/cdn_files/redtube/fonts/rt_font.woff?v=980ebbf246d0ef5eda26cda9f51d
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202002/11/28256221/original/9.jpg
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202003/12/29304471/original/16.webp
https://ci.rdtcdn.com/m=bIaMwLVg5p/media/videos/202002/24/28666111/original/4.webp
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/202009/23/36306321/original/12.jpg
https://ci.rdtcdn.com/m=bIa44NVg5p/media/videos/202002/24/28666111/original/4.webp
https://jp.redtube.com/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202010/07/36737251/original/8.jpg
https://ei.rdtcdn.com/m=ejrk8f/media/videos/201709/01/2415238/original/8.jpg
https://cdn1d-static-shared.phncdn.com/timings-1.0.0.js
https://ew.rdtcdn.com/media/videos/202006/05/32346581/360P_360K_32346581_fb.mp4
https://ei-ph.rdtcdn.com/videos/202105/04/387509491/original/(m=eGJF8f)(mh=FsME_oO0WYGXaerm)
https://de.redtube.com/
https://ei-ph.rdtcdn.com/videos/202105/04/387514001/original/(m=eah-8f)(mh=Bs9HdrhrLlWktZtu)8.jpg
https://ei-ph.rdtcdn.com/videos/202105/04/387513361/original/(m=bIa44NVg5p)(mh=nUe8L30Rt1MZTwic)10.w
https://ei-ph.rdtcdn.com/m=bIWpYLVg5p/pics/pornstars/000/007/683/thumb_249751.webp
https://ei-ph.rdtcdn.com/videos/202105/04/387513361/original/(m=eW0Q8f)(mh=PP2ysDQazprK4HAR)10.jpg
https://ei.rdtcdn.com/m=eah-8f/media/videos/202011/14/37995051/original/12.jpg
https://github.com/mozilla/vtt.js)
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/202001/14/27094701/original/10.jpg
https://ei-ph.rdtcdn.com/videos/202105/04/387508001/original/(m=bIa44NVg5p)(mh=WgkKHt6P3FyGF6tj)9.we
https://ei-ph.rdtcdn.com/videos/201909/10/247562661/thumbs_20/(m=eW0Q8f)(mh=KdEKWpiDmjWWqhNG)11.jpg
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/202004/06/30212591/original/9.jpg
https://cv-ph.rdtcdn.com/videos/202105/04/387509491/360P_360K_387509491_fb.mp4?fSW3w-dksElv8swwn0k2j
https://ci.rdtcdn.com/m=eGJF8f/media/videos/201412/06/975787/original/15.jpg
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202006/05/32346581/original/3.webp
https://ei-ph.rdtcdn.com/videos/201909/10/247562661/thumbs_20/(m=bIa44NVg5p)(mh=1Yaa01-wZF-nhfcu)11.
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/201905/17/16629251/original/10.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201908/02/19844091/original/12.jpg
https://ei-ph.rdtcdn.com/videos/202105/04/387513361/original/(m=eah-8f)(mh=NuBuEPMVJWXaB0aW)10.jpg
https://ei-ph.rdtcdn.com/videos/202105/04/387509491/original/(m=bIa44NVg5p)(mh=7ioICL_bAT_dRt24)16.w
https://ei-ph.rdtcdn.com/videos/202105/04/387509121/original/(m=eGJF8f)(mh=q7xgJWDcWsX4q2UK)
https://ei-ph.rdtcdn.com/videos/202105/04/387509121/original/(m=eGJF8f)(mh=q7xgJWDcWsX4q2UK)1.jpg
https://ei.rdtcdn.com/www-static/cdn_files/redtube/images/pc/site_sprite.png?v=980ebbf246d0ef5eda26c
https://ci.rdtcdn.com/m=eah-8f/media/videos/201908/30/21091451/original/12.jpg
https://ci.rdtcdn.com/m=ejrk8f/media/videos/201503/04/1060348/original/15.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202002/24/28666111/original/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201910/14/23064031/original/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202006/05/32346581/original/
https://ci.rdtcdn.com/m=bIaMwLVg5p/media/videos/202002/11/28256221/original/9.webp
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202004/08/30249761/original/
https://ei.rdtcdn.com/m=eah-8f/media/videos/202003/19/29610931/original/15.jpg
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/201902/14/13563871/original/12.jpg
https://ei.rdtcdn.com/www-static/cdn_files/redtube/images/pc/category/amateur_001.jpg
https://ei.rdtcdn.com/m=eah-8f/media/videos/202004/08/30249761/original/10.jpg
https://ci.rdtcdn.com/m=eah-8f/media/videos/202002/11/28256221/original/9.jpg
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/202010/07/36737251/original/8.jpg
https://ei.rdtcdn.com/m=ejrk8f/media/videos/201609/20/1722305/original/11.jpg
https://www.redtube.com/?page=2
https://ei-ph.rdtcdn.com/m=bIWpYLVg5p/pics/pornstars/000/004/440/thumb_198761.webp
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202003/12/29304471/original/16.webp
https://ei.rdtcdn.com/m=ejrk8f/media/videos/201610/17/1762399/original/9.jpg
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/202004/08/30249761/original/10.jpg
https://ci.rdtcdn.com/m=bIaMwLVg5p/media/videos/201908/30/21091451/original/12.webp
https://ci.rdtcdn.com/m=bIa44NVg5p/media/videos/202009/19/36157821/original/16.webp
https://ei-ph.rdtcdn.com/videos/202105/04/387508001/original/(m=eGJF8f)(mh=uQNiWzsT74LgFO2w)9.jpg
https://ci.rdtcdn.com/m=eah-8f/media/videos/202009/23/36306321/original/12.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201911/25/25032671/original/
https://ci.rdtcdn.com/m=bIa44NVg5p/media/videos/201906/03/17094361/original/6.webp
https://ci.rdtcdn.com/m=eGJF8f/media/videos/201908/30/21091451/original/12.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202011/27/38443391/original/10.jpg
https://ci.rdtcdn.com/m=ejrk8f/media/videos/201610/17/1762399/original/9.jpg
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202010/07/36737251/original/
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202006/05/32346581/original/3.webp
https://ci.rdtcdn.com/m=eah-8f/media/videos/201911/18/24666131/original/1.jpg
https://ei.rdtcdn.com/m=eah-8f/media/videos/201910/05/22663401/original/10.jpg
https://cv-ph.rdtcdn.com/videos/202105/04/387515351/360P_360K_387515351_fb.mp4?P2AE___n0U_VaRzoKQTZT
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/201906/03/17094361/original/6.jpg
https://cv-ph.rdtcdn.com/videos/202105/03/387507511/360P_360K_387507511_fb.mp4?6mzrveSaryoQFlAVHyT61
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/201908/01/19797721/original/12.jpg
https://ci.rdtcdn.com/m=eW0Q8f/media/videos/201908/01/19797721/original/12.jpg
https://ci.rdtcdn.com/m=eah-8f/media/videos/202005/25/31919841/original/5.jpg
https://www.etahub.com/trackn?app_id=
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202005/25/31919841/original/5.jpg
http://designer.videojs.com
https://static.trafficjunky.com/invocation/embeddedads/
https://ci.rdtcdn.com/m=bIaMwLVg5p/media/videos/201906/03/17094361/original/6.webp
https://ci.rdtcdn.com/m=eGJF8f/media/videos/201902/14/13563871/original/
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202006/05/32346581/original/3.jpg
https://dw.rdtcdn.com/media/videos/202002/24/28663041/360P_360K_28663041_fb.mp4
https://ci.rdtcdn.com/m=eGJF8f/media/videos/202004/06/30212591/original/9.jpg
https://ei-ph.rdtcdn.com/videos/202105/04/387515811/original/(m=eGJF8f)(mh=u6JqmEkPs6_zCz5K)
https://ei.rdtcdn.com/m=eah-8f/media/videos/201912/15/25906591/original/9.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201912/15/25906591/original/9.jpg
https://cv-ph.rdtcdn.com/videos/202105/04/387510981/360P_360K_387510981_fb.mp4?uesM_pda54U5AaUQpmZmR
https://ci.rdtcdn.com/m=eGJF8f/media/videos/201908/02/19844091/original/12.jpg
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/201910/05/22663401/original/10.jpg
https://ci.rdtcdn.com/www-static/cdn_files/redtube/images/pc/site_sprite.png?v=980ebbf246d0ef5eda26c

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\J59WAZ8O.htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\timings-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
Click to see the 83 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\rt_font[1].eot
 Embedded OpenType (EOT), rt_font family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\load-1.0.3[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ir[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\default-redtube_logged_out[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\default-redtube[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ads_test[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ads_batch[2].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ads_batch[1].json
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\16[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\9[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\6[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\15[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\1020855061[1].gif
 GIF image data, version 89a, 315 x 300
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\1018263891[1].gif
 GIF image data, version 89a, 950 x 250
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\video-js[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\video-index[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\rt_utils-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\redtube_logo[2].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\popunder.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\~DFEC5B439CD156141A.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF92298DB19FFFF79F.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF78BA713FAD8B3398.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF3E764E2B0E5329D4.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF3E08468817889A6A.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF1E11F73E914424D1.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\video[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\video-index[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\site_sprite[1].png
 PNG image data, 42 x 471, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\redtube_logo[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\idsync.min[1].js
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\favicon[1].png
 PNG image data, 192 x 192, 8-bit/color RGBA, interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\embeddedads.es5.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\default-redtube_logged_out[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\default-redtube[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\default-redtube[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ads_batch[2].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ads_batch[1].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\9[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\16[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\15[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\10[2].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\10[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\QIU4QMT6\409721[1].dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\409711[1].png
 PNG image data, 315 x 300, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E76844D5-AD06-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A772927-AD07-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02823E37-AD07-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E76844D3-AD06-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0A772925-AD07-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02823E35-AD07-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\3Q696Q8W.htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\modernizr[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\lazyLoadBundle[2].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\lazyLoadBundle[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery.cookie-1.4.0[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery-ui-1.12.1.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\generated-service_worker_starter-1.0.0[2].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\generated-service_worker_starter-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\default-redtube_logged_out[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ad7e2b59-d67f-4c69-8b14-45547302a263[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 950x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\6[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.redtube[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\video-index[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\site_sprite[1].png
 PNG image data, 42 x 471, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\rt_utils-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\rt_font[1].eot
 Embedded OpenType (EOT), rt_font family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-2.1.3.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\ht[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\favicon[1].png
 PNG image data, 192 x 192, 8-bit/color RGBA, interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\channel-default-logo[1].png
 PNG image data, 60 x 60, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\analytics[1].js
 ASCII text, with very long lines
 #