Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

nT5pUwoJSS.dll

Status: finished
Submission Time: 2021-05-12 12:53:59 +02:00
Malicious
Trojan
Ursnif

Comments

Tags

  • dll
  • Gozi
  • ISFB
  • Ursnif

Details

  • Analysis ID:
    412166
  • API (Web) ID:
    779765
  • Analysis Started:
    2021-05-12 13:05:21 +02:00
  • Analysis Finished:
    2021-05-12 13:25:31 +02:00
  • MD5:
    6fdbd25f7a84da80ee9d8577122c3291
  • SHA1:
    39a52cbc48be934cf953d4699e8a1ea5ff53a5bf
  • SHA256:
    4bf6e9d4067cb905631ddf7452ac571c4ed9800c7eb8fc7e51b688e1154f52e3
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Full Report Management Report IOC Report
malicious
Score: 72
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Full Report Management Report IOC Report
malicious
Score: 76
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious
Score: 10/47

IPs

IP Country Detection
193.239.84.195
 Romania
193.239.85.9
 Romania
52.97.201.34
 United States
Click to see the 14 hidden entries
66.254.114.32
 United States
205.185.208.85
 United States
40.97.116.82
 United States
64.210.135.72
 United States
54.247.61.18
 United States
205.185.208.142
 United States
205.185.208.79
 United States
52.97.233.66
 United States
172.217.168.3
 United States
216.18.168.166
 United States
172.217.168.69
 United States
66.254.114.38
 United States
64.233.184.157
 United States
66.254.114.238
 United States

Domains

Name IP Detection
worunekulo.club
 193.239.84.195
horunekulo.website
 193.239.85.9
ei.rdtcdn.com
 0.0.0.0
Click to see the 25 hidden entries
www.google.de
 172.217.168.3
www.outlook.com
 0.0.0.0
hw-cdn.trafficjunky.net
 0.0.0.0
ht.redtube.com
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
outlook.office365.com
 0.0.0.0
eu-adsrv.rtbsuperhub.com
 0.0.0.0
cdn1d-static-shared.phncdn.com
 0.0.0.0
di.rdtcdn.com
 0.0.0.0
www.redtube.com
 0.0.0.0
bmedia.justservingfiles.net
 0.0.0.0
static.trafficjunky.com
 0.0.0.0
vip0x08e.ssl.rncdn5.com
 205.185.208.142
ads.trafficjunky.net
 66.254.114.38
a.adtng.com
 216.18.168.166
ei.rdtcdn.com.sds.rncdn7.com
 64.210.135.72
outlook.com
 40.97.116.82
hubtraffic.com
 66.254.114.32
vip0x04f.ssl.rncdn5.com
 205.185.208.79
gmail.com
 172.217.168.69
HHN-efz.ms-acdc.office.com
 52.97.201.34
tp-rtb-adserver-eu.eu-west-1.elasticbeanstalk.com
 54.247.61.18
vip0x055.ssl.rncdn5.com
 205.185.208.85
redtube.com
 66.254.114.238
stats.l.doubleclick.net
 64.233.184.157

URLs

Name Detection
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/201908/02/19844391/original/12.webp
https://di.rdtcdn.com/m=bIaMwLVg5p/media/videos/201911/07/24169581/original/9.webp
https://di.rdtcdn.com/m=eGJF8f/media/videos/201505/31/1137588/original/13.jpg
Click to see the 97 hidden entries
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/202007/21/34344251/original/16.jpg
https://di.rdtcdn.com/m=bIa44NVg5p/media/videos/201911/07/24169581/original/9.webp
https://di.rdtcdn.com/m=ejrk8f/media/videos/201708/30/2409694/original/13.jpg
https://ei.rdtcdn.com/m=bIaC8JVg5p/media/videos/201605/12/1575860/original/12.webp
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/201910/14/23039601/original/9.webp
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/201905/31/16962661/original/12.webp
https://ci-ph.rdtcdn.com/videos/201906/09/228413001/thumbs_16/(m=eGJF8f)(mh=2WZGsZlP7qgmVrIQ)13.jpg
https://di.rdtcdn.com/m=eGJF8f/media/videos/201908/02/19844391/original/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201911/28/25178531/original/3.jpg
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/201910/14/23039601/original/9.webp
https://di.rdtcdn.com/m=eGJF8f/media/videos/202001/15/27144071/original/
https://dw.rdtcdn.com/media/videos/202010/20/37111931/360P_360K_37111931_fb.mp4
https://jp.redtube.com/
https://di.rdtcdn.com/m=eah-8f/media/videos/201909/20/22025451/original/1.jpg
https://cdn1d-static-shared.phncdn.com/timings-1.0.0.js
https://ci-ph.rdtcdn.com/videos/201911/03/259082182/original/(m=eW0Q8f)(mh=e8WeCjCZgxTUgCYb)6.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202008/24/35366051/original/5.jpg
https://de.redtube.com/
https://di.rdtcdn.com/m=bIaMwLVg5p/media/videos/201907/18/19135051/original/12.webp
https://di.rdtcdn.com/m=bIa44NVg5p/media/videos/202006/14/32701341/original/13.webp
https://di.rdtcdn.com/m=bIa44NVg5p/media/videos/202009/03/35656571/original/12.webp
https://di.rdtcdn.com/m=eGJF8f/media/videos/201905/15/16600071/original/16.jpg
https://ci-ph.rdtcdn.com/m=e_rU8f/pics/pornstars/000/279/291/thumb_737351.jpg
https://ci-ph.rdtcdn.com/videos/201911/01/258645772/original/(m=eGJF8f)(mh=PCLE9tr-PnzB1RAn)
https://github.com/mozilla/vtt.js)
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202005/01/31125651/original/4.jpg
https://dw.rdtcdn.com/media/videos/201909/17/21887251/360P_360K_21887251_fb.mp4
https://ei.rdtcdn.com/m=eah-8f/media/videos/202005/01/31125651/original/4.jpg
https://di.rdtcdn.com/m=eGJF8f/media/videos/202003/19/29587061/original/
https://ei.rdtcdn.com/m=eah-8f/media/videos/201905/15/16600071/original/16.jpg
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202003/28/29902431/original/12.webp
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/202008/08/34924331/original/10.jpg
https://di.rdtcdn.com/m=eW0Q8f/media/videos/201911/11/24334391/original/11.jpg
https://ci-ph.rdtcdn.com/videos/201910/28/257789711/original/(m=eah-8f)(mh=2DohmnCEORziCNZV)0.jpg
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/201911/28/25178531/original/3.jpg
https://ei.rdtcdn.com/m=bIijsHVg5p/media/videos/201612/17/1871313/original/15.webp
https://di.rdtcdn.com/m=eGJF8f/media/videos/202003/23/29753661/original/6.jpg
https://ei.rdtcdn.com/www-static/cdn_files/redtube/fonts/rt_font.svg?v=c68764eb72df2fd284980d4794d31
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/201908/02/19844391/original/12.webp
https://dw.rdtcdn.com/media/videos/202001/31/27806881/360P_360K_27806881_fb.mp4
https://di.rdtcdn.com/m=eGJF8f/media/videos/202007/06/33638091/original/
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201910/14/23039601/original/9.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202002/27/28747421/original/6.jpg
http://www.twitter.com/
https://dw.rdtcdn.com/media/videos/202012/04/38651351/360P_360K_38651351_fb.mp4
https://di.rdtcdn.com/m=eW0Q8f/media/videos/202003/23/29753661/original/6.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/201910/08/22785711/original/
https://ei.rdtcdn.com/m=eah-8f/media/videos/201910/14/23039601/original/9.jpg
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202003/31/30003431/original/15.webp
https://ci-ph.rdtcdn.com/videos/202005/10/312341521/original/(m=eW0Q8f)(mh=mKHi_loZY-vWPxVy)0.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202007/21/34344251/original/
https://di.rdtcdn.com/www-static/cdn_files/redtube/fonts/rt_font.woff2?v=c68764eb72df2fd284980d4794d
https://dw.rdtcdn.com/media/videos/202008/24/35366051/360P_360K_35366051_fb.mp4
https://ci-ph.rdtcdn.com/m=e_rU8f/pics/pornstars/000/006/163/thumb_662761.jpg
https://di.rdtcdn.com/m=eah-8f/media/videos/202009/07/35757701/original/12.jpg
https://ei.rdtcdn.com/www-static/cdn_files/redtube/images/pc/category/amateur_001.jpg
https://di.rdtcdn.com/m=ejrk8f/media/videos/201408/19/860611/original/15.jpg
https://www.redtube.com/?page=2
https://di.rdtcdn.com/m=IbTvgzPf2lWL2yZ9sDZvMCZ9cmWaZlXqtnVadmZ8sy2fgDHjhn3ydn3iZm28cBVD2BFvwz4qdmHj
https://di.rdtcdn.com/m=eGJF8f/media/videos/202003/28/29902431/original/
https://ci-ph.rdtcdn.com/videos/201807/08/173567931/original/(m=bIa44NVg5p)(mh=2JGs-tUrhEhdw5Fr)0.we
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202001/31/27806881/original/9.webp
https://ci-ph.rdtcdn.com/m=bIWpYLVg5p/pics/pornstars/000/273/431/thumb_961012.webp
https://di.rdtcdn.com/www-static/cdn_files/redtube/images/pc/network-bar-sprite.png?v=c68764eb72df2f
https://di.rdtcdn.com/m=bIa44NVg5p/media/videos/201907/28/19574081/original/11.webp
https://di.rdtcdn.com/m=eOhlbe/media/pics/sites/001/208/368/cover1607700750/1607700750.jpg
https://di.rdtcdn.com/www-static/cdn_files/redtube/images/pc/site_sprite.png?v=c68764eb72df2fd284980
https://ei.rdtcdn.com/m=eW0Q8f/media/videos/202007/26/34512931/original/2.jpg
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202007/21/34344251/original/16.webp
https://ei.rdtcdn.com/m=ejrk8f/media/videos/201408/19/860611/original/15.jpg
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202001/31/27806881/original/9.webp
https://di.rdtcdn.com/m=eah-8f/media/videos/201905/15/16600071/original/16.jpg
http://designer.videojs.com
https://ci-ph.rdtcdn.com/videos/201910/20/256144691/thumbs_15/(m=bIaMwLVg5p)(mh=kKx-GWeNJNtdoJ8E)1.w
https://ei.rdtcdn.com/www-static/cdn_files/redtube/images/pc/network-bar-sprite.png?v=c68764eb72df2f
https://ev-ph.rdtcdn.com/videos/201911/03/259082182/360P_360K_259082182_fb.mp4?validfrom=1620814675&
https://di.rdtcdn.com/m=eah-8f/media/videos/201908/05/19956111/original/8.jpg
https://di.rdtcdn.com/m=eah-8f/media/videos/201911/07/24169581/original/9.jpg
https://di.rdtcdn.com/m=eGJF8f/media/videos/201909/20/22025451/original/1.jpg
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/202003/28/29902431/original/12.webp
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/201904/29/16139061/original/8.webp
https://di.rdtcdn.com/m=eGJF8f/media/videos/201910/14/23039601/original/
https://ei.rdtcdn.com/www-static/cdn_files/redtube/fonts/rt_font.woff2?v=c68764eb72df2fd284980d4794d
https://www.etahub.com/trackn?app_id=
https://di.rdtcdn.com/m=eOhlbe/media/pics/sites/004/972/687/cover1592952095/1592952095.jpg
https://ei.rdtcdn.com/m=eGJF8f/media/videos/202007/26/34512931/original/2.jpg
https://ei.rdtcdn.com/m=bIa44NVg5p/media/videos/202012/04/38651351/original/15.webp
https://static.trafficjunky.com/invocation/embeddedads/
https://di.rdtcdn.com/m=bIijsHVg5p/media/videos/201412/30/998020/original/15.webp
https://dw.rdtcdn.com/media/videos/202003/24/29791461/360P_360K_29791461_fb.mp4
https://dw.rdtcdn.com/media/videos/201911/07/24169581/360P_360K_24169581_fb.mp4
https://ei.rdtcdn.com/m=bIijsHVg5p/media/videos/201412/30/998020/original/15.webp
https://ei.rdtcdn.com/www-static/cdn_files/redtube/images/pc/ads/fallback_pc_top_right.png?v=c68764e
https://ei.rdtcdn.com/m=bIaMwLVg5p/media/videos/201905/31/16962661/original/12.webp
https://di.rdtcdn.com/www-static/cdn_files/redtube/images/pc/ads/fallback_pc_top_right.png?v=c68764e
https://di.rdtcdn.com/m=eGJF8f/media/videos/201907/03/18380491/original/
https://ew.rdtcdn.com/media/videos/202008/24/35366051/360P_360K_35366051_fb.mp4

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\default-redtube[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\11[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1018263881[1].gif
 GIF image data, version 89a, 950 x 250
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\video[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\video-js[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\video-index[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\site_sprite[1].png
 PNG image data, 42 x 471, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery.cookie-1.4.0[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery-ui-1.12.1.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\jquery-2.1.3.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ir[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\generated-service_worker_starter-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\default-redtube_logged_out[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ads_test[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ads_batch[2].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ads_batch[1].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\5LVCT2KS.htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\11[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\1020855071[1].gif
 GIF image data, version 89a, 315 x 300
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\timings-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\redtube_logo[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\popunder.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\load-1.0.3[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\robot[1].png
 PNG image data, 171 x 213, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\~DFF918D307A3945018.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFE6A01EA3344C4832.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFDB167C080782919E.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DFCA0E2E4D071B44B5.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF8F667286DCDFADD7.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF7536EF428A93EE5D.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF5F0DE7A8FAD7DCF9.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\~DF44E6B76CB173F6E1.TMP
 data
 #
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\video-index[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\rt_font[2].eot
 Embedded OpenType (EOT), rt_font family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\rt_font[1].eot
 Embedded OpenType (EOT), rt_font family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\lazyLoadBundle[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\modernizr[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\jquery-2.1.3.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\idsync.min[1].js
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\default-redtube_logged_out[2].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\default-redtube_logged_out[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\default-redtube_logged_out[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ads_batch[2].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ads_batch[1].json
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ad7e2b59-d67f-4c69-8b14-45547302a263[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 950x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\419581[1].jpg
 JPEG image data, baseline, precision 8, 950x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\15[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\12[2].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\11[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\8PVLL87E\419251[1].dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\mms\3JWIVW7Y\419591[1].dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\default-redtube[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31D16D16-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31D16D14-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20FA9CA9-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20FA9CA7-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0577BC29-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{31D16D12-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20FA9CA5-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0577BC27-B35F-11EB-90E5-ECF4BB570DC9}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\11[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ht[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].png
 PNG image data, 192 x 192, 8-bit/color RGBA, interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\embeddedads.es5.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\default-redtube[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ads_batch[2].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ads_batch[1].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\CIKIHQXW.htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\C3BM62C4.htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\419241[1].png
 PNG image data, 315 x 300, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\15[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\12[2].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\12[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 304x171, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.redtube[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\video-index[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\site_sprite[1].png
 PNG image data, 42 x 471, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\rt_utils-1.0.0[2].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\rt_utils-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\redtube_logo[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\lazyLoadBundle[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\jquery-ui-1.12.1.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\googlelogo_color_150x54dp[1].png
 PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\generated-service_worker_starter-1.0.0[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\favicon[1].png
 PNG image data, 192 x 192, 8-bit/color RGBA, interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\default-redtube[1].js
 ASCII text, with very long lines, with no line terminators
 #