flash

1.dll

Status: finished
Submission Time: 03.06.2021 20:57:44
Malicious
Trojan
Evader
Ursnif

Comments

Tags

Details

  • Analysis ID:
    429332
  • API (Web) ID:
    796936
  • Analysis Started:
    03.06.2021 20:57:44
  • Analysis Finished:
    03.06.2021 21:10:34
  • MD5:
    27955775dfd73e08550fa42f20a8ef14
  • SHA1:
    69e19132abbe882d20d5cde2927ce0ae1c928457
  • SHA256:
    23e30ba8de300b7a8d53acdefa9bdee1e607a965f4dd3c42b9385f408d6e77a8
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
9/88

malicious

IPs

IP Country Detection
104.20.185.68
United States
34.95.62.189
United States
87.248.118.22
United Kingdom
Click to see the 1 hidden entries
151.101.1.44
United States

Domains

Name IP Detection
contextual.media.net
23.57.80.37
authd.feronok.com
34.95.62.189
tls13.taboola.map.fastly.net
151.101.1.44
Click to see the 11 hidden entries
hblg.media.net
23.57.80.37
lg3.media.net
23.57.80.37
raw.pablowilliano.at
34.95.62.189
geolocation.onetrust.com
104.20.185.68
edge.gycpi.b.yahoodns.net
87.248.118.22
s.yimg.com
0.0.0.0
web.vortex.data.msn.com
0.0.0.0
www.msn.com
0.0.0.0
srtb.msn.com
0.0.0.0
img.img-taboola.com
0.0.0.0
cvision.media.net
0.0.0.0

URLs

Name Detection
http://raw.pablowilliano.at/sX4dtwL7bay/rzZGwpnfzczFz3/LsBuX9huxqt_2FdLEMzat/b0BQWHIzHX0afe_2/FzCUWE
http://raw.pablowilliano.at/V0Zdil_2B8IErAOIy/9Ot8_2B759bg/T54gq_2BJbB/fEKg5_2BdBbLTl/sPD_2B_2FnvdcE
http://authd.feronok.com/dgzEbQ4OdHi6vrZ8TXtj/42P6D_2FQzGJBqjHjxr/k7tYCNr_2BHR8cgUzK_2Bs/fZKbEnCTwoi
Click to see the 97 hidden entries
http://authd.feronok.com/hmMzQKK9IpZemMI/AV6w9eELu1YSVPBd2B/U2fmYepaP/iI8O34L03l282SsJYJjt/THEo6G77t
http://raw.pablowilliano.at/eRS3IPULaBVyyyM8SI7NTjn/bu9jriHj6t/_2BkcuH0S0KLaBS3B/vkCN9MDcpDQw/CXvn1U
http://raw.pablowilliano.at/fNUjDf7_2/FCXdH_2BoIzulRdpyRrN/VegwLwgBgX3FZ3e7Kml/JNpfVfiUw9hrvE_2BrMey
http://raw.pablowilliano.at/5Fz54n1eAYCx6AoO/trrrFlnJO43_2BT/_2B9XA2Pfv_2FjB9cX/4bvHDQr_2/Fcc1l6ZYgU
http://authd.feronok.com/tTVUy7Cis4PjZzw3zlK90/992fZ2V2UadpUOjx/ZlFfFNzzz_2BNMC/rw9ORkrACS_2FSnAjs/_
http://authd.feronok.com/1nQie4cgyK/6CobqL4Gvl8jR0Ryb/ykQvmHPc_2Bj/I998g1woMmU/tlTJlg0yLjL6kY/_
http://authd.feronok.com/1rDskZrGyxwYpYn35/qL0_2BW8aSJn/Xmy8O6y_2F1/vAFFg5sXvrqV3E/5sQNlqY_2FlV
http://authd.feronok.com/L_2BDt9ytUk/uJ29Pz3DiT6ki3/08jXqEr2Bw1VZtjZ7PHMr/mkp8mx2j_2Fh_2BM/48r5Iz6Z2
http://authd.feronok.com/ATiL3P87_2FBLJR/BC5BJn8dyTtQ6ffd5W/0yM3sHqjA/PUUhyvXz10qPy3rbOoEV/mxXTz5GEf
http://raw.pablowilliano.at/V0Zdil_2B8IErAOIy/9Ot8_2B759bg/T54gq_2BJbB/fEKg5_2BdBbLTl/sPD_2B_2F
http://authd.feronok.com/1nQie4cgyK/6CobqL4Gvl8jR0Ryb/ykQvmHPc_2Bj/I998g1woMmU/tlTJlg0yLjL6kY/_2Fb8S
http://raw.pablowilliano.at/
http://raw.pablowilliano.at/5rrnAaWEJjP00b_2B56737/B1AfZAlhUgHoA/b2t_2BN4/l5OkLy1VlWuDrrdEILRWWeb/E6
http://raw.pablowilliano.at/ds3WDeXoOEmk7Y/QQuMPDNsrQWDpsNbTxUBm/9C_2Ffsfwo9FuQBR/xjorKLEJMlfL0
http://raw.pablowilliano.at/OH175Zchtr5XCiZumX3nwAg/_2FAbOw7Yf/Z3HrOA2tCuHkK0wx_/2BSl8k36vM_2/BmUwT9
https://srtb.msn.com:443/notify/viewedg?rid=9ecc1772ef804391b1937a727e8fcb51&r=infopane&i=1&
http://searchads.msn.net/.cfm?&&kp=1&
https://contextual.media.net/medianet.php?cid=8CU157172
https://www.msn.com/de-ch/nachrichten/coronareisen
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/unfall-mit-f%c3%bcnf-autos-beim-brunaupark-26-j%c3
http://raw.pablowilliano.at/5rrnAaWEJjP00b_2B56737/B1AfZAlhUgHoA/b2t_2BN4/l5OkLy1VlWuDrrdEILRWWeb/E6W61j9yq8/abuhFDsODTcGxVnWQ/E_2BE3e1OTvy/3WD7TSUbyOm/cpm4396P_2Fjd0/pOy7riIEzmJp_2FxZmWLM/gNpof3_2FnlsfWUd/1743QqIgg_2FQRu/ZKVtHnC8C1xvmv_2B8/vHh2F1obc/m3eV0F3yYMczZiknu1Ew/H6Bi_2BTSpyXLXazxZH/wg8NqLvm2lSF1HlaU3pANa/1U6Z_2BZLYJJ_/2BlaNQcq/ledo9CFvcm_2F6MjGWcFo9L/RAKX4mmp_2/F_2FxtA6ZOAujrSBZ/4yu9h7z
http://raw.pablowilliano.at/eRS3IPULaBVyyyM8SI7NTjn/bu9jriHj6t/_2BkcuH0S0KLaBS3B/vkCN9MDcpDQw/CXvn1Uc9Lk5/eTvtAYmWtMxfAC/IbcZg8p7Nqfw4xi6JFwgY/iX8lYPiI0RfUKruW/cRS7MvLhOTcIXvx/A_2F5SdmT8BNOtLhIu/P7uLQkYdw/iuMR5Z51enQS4ZwsoBTP/Dtp84_2B7PB4d6Ih_2F/AlW2oiOiFE_2FnyCSEdY9y/vWCqa6t9PLYnR/oBTHljmW/b1W1259HTZYZTaG9O2900Q0/yz_2FOFMzC/llouIHAJZHwF3f0aR/_2FSLB7YfaTL/BdH925d4dS3/7iDYe3o7fiS/Pl
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
https://onedrive.live.com;Fotos
https://www.msn.com/de-ch/sport?ocid=StripeOCID
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/26-j%c3%a4hriger-mann-stirbt-nach-sturz-auf-vorpla
http://authd.feronok.com/tTVUy7Cis4PjZzw3zlK90/992fZ2V2UadpUOjx/ZlFfFNzzz_2BNMC/rw9ORkrACS_2FSnAjs/_2FkBi36_/2BcKHehCiVzJ0ZlxZwUe/L605o3IJbqARL43QjWI/5xKrHdjyff8x2rKCgmO7Mu/SD9GyKc_2FBsi/PnW3TDEt/vmXdCw3sFAveNrYKm6TcRex/ohSiZG5THC/3RxSnoz2RW1R2SJHo/_2BwMcdQnslY/eZbgGLoqDt1/hcHL1ijHz1HAC4/B1wguCo7y8KJKFrVLMood/ADnIvNjKfSqFXvOX/vfzJTRrlv1hKd_2/FiJ_2B9pSc20z1/m
http://authd.feronok.com/favicon.ico
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
http://ogp.me/ns/fb#
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-ss&ued=htt
https://outlook.live.com/mail/deeplink/compose;Kalender
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
http://raw.pablowilliano.at/fNUjDf7_2/FCXdH_2BoIzulRdpyRrN/VegwLwgBgX3FZ3e7Kml/JNpfVfiUw9hrvE_2BrMey8/9KmQXXHW4gs3a/9wgniy83/wKdGA8aJWZ5vZIo_2FiHAUb/zP0hJ_2BZH/ieJtaC2qsJk3_2Fow/0ttQYgmKdzve/ExwbYpZnP5c/82RPIPzJe1gOLF/_2BRc7ZeEUGg3SmE1TpuS/gPPWxB_2BjL0KDQa/cEkcJSpFensONz2/JuZCF1CCARKPWeUk_2/FvcrH8CIA/yx05ZSmlcDL9ZKkPz_2F/hnEgW0PJ8VaXmVS3OM5/DCOZcdQW8DmkgDTa3ilYTz/BNbEyiVfi1Qod/CczdZH_2BY/L
http://www.reddit.com/
https://www.skype.com/
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
http://authd.feronok.com/1rDskZrGyxwYpYn35/qL0_2BW8aSJn/Xmy8O6y_2F1/vAFFg5sXvrqV3E/5sQNlqY_2FlVqYGBdfPFn/U_2FpF45FRVvtng0/CHSrG3ox4kKO6nz/fa8Bk9I48YJ2mibVvx/L_2Bqol7c/tsQwCAooqkWn6gPAbSWl/QD3zhXOtMzYL6Ym04zh/5_2FgybkUk94HZTf6olCIq/9FN98evTn58b0/8CSSre_2/Bu6Ikb6rwvx1DWohv5RLt4o/e_2BWF_2Bc/d5_2Fp_2BgsUfGW3Y/Tgn5X_2Fo_2B/ZZIMFZgAKXa/ZNoVGytLkCHCdG/XBDYst2ree/Zgtmz5W2Tq8P/H
https://www.msn.com/de-ch/nachrichten/regional
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://amzn.to/2TTxhNg
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://client-s.gateway.messenger.live.com
https://www.msn.com/de-ch/
https://www.msn.com/de-ch/news/other/gr%c3%bcne-fordern-regierung-soll-zeitungen-f%c3%b6rdern/ar-AAK
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://www.msn.com/de-ch
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
https://twitter.com/i/notifications;Ich
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
http://authd.feronok.com/ATiL3P87_2FBLJR/BC5BJn8dyTtQ6ffd5W/0yM3sHqjA/PUUhyvXz10qPy3rbOoEV/mxXTz5GEf_2FJ1a_2BK/ZfrLOk2W31qhtbg9JWUwPE/hN5bUcB50eKT_/2BNd8E_2/FZi_2BFfGni4E2JjnbevSKB/8h9tWV54XR/zR1VMEFW8ZFskTIvF/Gph5WUak2QX5/sVOcmn1nNvc/RnK_2B00CLgf0I/K7lgIJJ7sya5Al4fACOfm/BvxQs3fAG6a0MebC/NKtDiZMQRT60IUJ/f0dP0RsUXiNDqIW54v/LL56Tq1vM/s_2FlHH5u86U7q76_2Ft/4GmpUkuUY0whYNq9pWf/DCuUzAdQ/8
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
http://www.youtube.com/
http://ogp.me/ns#
https://s.yimg.com/lo/api/res/1.2/V2crpAJeakj_9YEn1xys_g--~A/Zmk9Zml0O3c9NjIyO2g9MzY4O2FwcGlkPWdlbWl
https://onedrive.live.com/?qt=mru;OneDrive-App
https://www.skype.com/de
http://raw.pablowilliano.at/ds3WDeXoOEmk7Y/QQuMPDNsrQWDpsNbTxUBm/9C_2Ffsfwo9FuQBR/xjorKLEJMlfL0A2/CNDB50xXgmy2p4EWxn/DaMjDghfb/cWK8m8ncHHGRZhGMepDc/nDGGUvCSKIWD73abwqz/PSlYxoNGoul9uvoUM2lkYp/iUEvsJec7I6HC/9f5WLr8u/422hTa5FmMbzsZrrYeL5ZCh/Hr1urRNWuy/StfzJRwO7PFWr_2Ft/9TWK1WqIM09Q/q8nrTS3QqnI/jfRzgUIatEJnmp/MqYnHLVMk2JoJoUVcpg0A/FnIEAZIY/9xBtC9wkdw5/g
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/k%c3%b6nnen-seil-oder-hochbahnen-z%c3%bcrichs-verk
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/wer-bekommt-im-kanton-z%c3%bcrich-pr%c3%a4mienverb
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
https://www.skype.com/de/download-skype
http://raw.pablowilliano.at/5Fz54n1eAYCx6AoO/trrrFlnJO43_2BT/_2B9XA2Pfv_2FjB9cX/4bvHDQr_2/Fcc1l6ZYgUI7p_2FiVc6/t_2Fl8EaBR1HS_2BNK5/X8y72xR2qjkHaZyrNERbO7/v2peyintdJ24L/Yw8tw7QT/dLXZu5OFhvWbL455USn4LnJ/HMP0smJj_2/FZwXFbprpV3aJCWuX/15bJnANkFNAX/hVoXLTlCLIU/tXHaEx0muHiXJx/btyId5nqGgZC05fEhjIaO/rm6z0UiaoPx_2FiX/TGKuABuP8srX2Ck/eUAi3TXKVNasxDo0P3/laW2oibPa/zBY4kInj1Zn68Xf49Wvw/7KJZdF0VpEe/P
http://raw.pablowilliano.at/OH175Zchtr5XCiZumX3nwAg/_2FAbOw7Yf/Z3HrOA2tCuHkK0wx_/2BSl8k36vM_2/BmUwT9vi5ds/IzgeuD6q87gFwZ/84qOsYKFhKxVr6L0Cag3l/PL1RiNFP_2BXA4Cd/ksDe_2BH0hSy4qr/ZjPn7VhnaRpwImnOZ4/d0Piqs_2F/AJoXR13SZzOA0tqrByvJ/vMFrOLoWX0owBj80j0g/nPQR2b2kCMyMldOZ2WWvYd/aoe4QO8ibbCp3/q_2Bre6L/dJzbiZ3n5z4pEwkiyFez6gn/uNwx7h8FiM/chP3D4vmodPyh8n0y/tjNup8GzZEvE/7l7rBmGdOaq/dgKOoGhW3lw/NG
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com;OneDrive-App
http://raw.pablowilliano.at/favicon.ico
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
http://www.amazon.com/
https://www.msn.com/de-ch/nachrichten/z%c3%bcrich/eye-tracking-bei-online-pr%c3%bcfungen-keiner-%c3%
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=RCMAt1gGIS8WXc8APYp_ZOqKWxDwbRM5FCccwzTTz.S14TSo
http://www.twitter.com/
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://policies.oath.com/us/en/oath/privacy/index.html
https://cdn.cookielaw.org/vendorlist/googleData.json
https://outlook.com/
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata"
http://authd.feronok.com/1nQie4cgyK/6CobqL4Gvl8jR0Ryb/ykQvmHPc_2Bj/I998g1woMmU/tlTJlg0yLjL6kY/_2Fb8SL1e_2Bcy1brJLJ_/2BjovsduMdCqU0x4/GQVR4nMtPLQI34Q/jvoS0v2ZfIuYqB_2F9/H14dXc2_2/Bjq_2BEdNrJJI2sl8dBd/0EXv2jUPwYTVqmYCs_2/BvSZuMChVtYZMZS6DsVwap/yVgW08_2Ff8kL/trSm6I_2/FftLBTNnGuYda0Kts3xBoIq/hS7V_2FgQN/zYOOceAjlTgUyD0tU/GveuM_2F9QKt/Dw_2BirtM_2/B5GjUkddBSdTKK/gGHOev3Y5/fKlghW
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://onedrive.live.com/?qt=mru;Aktuelle
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
https://www.msn.com/de-ch/?ocid=iehp

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC3DF8C4-C49D-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC3DF8C6-C49D-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\1606410237805-945[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 622x325, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\264bf325-c7e4-4939-8912-2424a7abe532[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2d-0e97d4-185735b[1].css
UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\52-478955-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFMx1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFR67[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFXWK[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFXdN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFkc2[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFl7X[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFlfu[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKFpl8[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKG0VJ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAKGa5C[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAuTnto[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB10MkbM[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB14hq0P[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB15AQNm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1aXITZ[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1dCSOZ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB7gRE[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB7hg4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http___cdn.taboola.com_libtrc_static_thumbnails_GETTY_IMAGES_DV_1277176177__I1XLOQhP[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\nrrV56260[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AA6SFRQ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKDiAr[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKEBOL[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKF3dk[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFGPg[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFH7n[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFIMX[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFV9l[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAKFVDv[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAm2UN1[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAzjSw3[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1ftEY0[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB6Ma4a[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BBX2afX[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BBlBV0U[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\a8a064[1].gif
GIF image data, version 89a, 28 x 28
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\de-ch[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\http___cdn.taboola.com_libtrc_static_thumbnails_65f5b2deff03f77fda09dbb3c21845ca[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\iab2Data[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-2.1.1.min[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\location[1].js
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\medianet[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\medianet[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otSDKStub[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otTCF-ie[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\4996b9[1].woff
Web Open Font Format, TrueType, length 45633, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFJHJ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFMJ4[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFP6N[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFQyR[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFSYx[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFTyM[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKFUdd[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKG0JB[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKG0Vp[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKG7IT[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKp8YX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKwTqp[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB14EN7h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1cEP3G[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBPfCZL[1].png
GIF image data, version 89a, 50 x 50
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBVuddh[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBnYSFZ[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cfdbd9[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\checksync[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\checksync[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.msn[2].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\contextual.media[1].xml
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B10F1F20-C49D-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02B5BFEA-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BC39C1-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09BC39C3-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1081BFD7-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17550680-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17550682-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17550684-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E26C961-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24DDE3A7-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24DDE3A9-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2BB8F01A-C49E-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B10F1F22-C49D-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E30F6C06-C49D-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0E7C154-C49D-11EB-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#