flash

a04.dll

Status: finished
Submission Time: 07.10.2021 15:50:13
Malicious
Trojan
Ursnif

Comments

Tags

  • dll

Details

  • Analysis ID:
    498854
  • API (Web) ID:
    866428
  • Analysis Started:
    07.10.2021 15:50:40
  • Analysis Finished:
    07.10.2021 16:04:44
  • MD5:
    a04cc72f0946720cc875ed228f565c1d
  • SHA1:
    58b12ddffb7015e8857209c60a06ed4419a23641
  • SHA256:
    e04823c56b627e74c92656340de38aed9804af65040bbed746b206de5a122dc5
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
41/69

malicious
6/35

malicious
20/28

malicious

IPs

IP Country Detection
87.106.18.141
Germany
18.195.217.206
United States
172.67.69.19
United States
Click to see the 10 hidden entries
18.156.81.187
United States
76.223.111.131
United States
151.101.1.44
United States
104.26.7.139
United States
104.20.184.68
United States
18.197.99.6
United States
18.156.0.31
United States
35.244.174.68
United States
142.250.203.98
United States
172.217.168.38
United States

Domains

Name IP Detection
app10.laptok.at
87.106.18.141
dart.l.doubleclick.net
172.217.168.38
tls13.taboola.map.fastly.net
151.101.1.44
Click to see the 26 hidden entries
prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
18.197.99.6
a97adde81b00f2ca4.awsglobalaccelerator.com
76.223.111.131
elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.195.217.206
windowsupdate.s.llnwi.net
178.79.242.0
ad-delivery.net
172.67.69.19
contextual.media.net
95.100.216.34
cs.media.net
95.100.216.34
elb-aws-fr-bruges-621602890.eu-central-1.elb.amazonaws.com
18.156.81.187
cm.g.doubleclick.net
142.250.203.98
hblg.media.net
95.100.216.34
lg3.media.net
95.100.216.34
btloader.com
104.26.7.139
id.rlcdn.com
35.244.174.68
prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
18.156.0.31
geolocation.onetrust.com
104.20.184.68
x.bidswitch.net
0.0.0.0
www.msn.com
0.0.0.0
ad.doubleclick.net
0.0.0.0
srtb.msn.com
0.0.0.0
ups.analytics.yahoo.com
0.0.0.0
img.img-taboola.com
0.0.0.0
web.vortex.data.msn.com
0.0.0.0
rtb.mfadsrvr.com
0.0.0.0
pixel.advertising.com
0.0.0.0
cvision.media.net
0.0.0.0
match.adsrvr.org
0.0.0.0

URLs

Name Detection
http://app10.laptok.at/KiETfhAdcEl7/hLoS0_2BEdS/nu4Yf9GnANVyXk/YgUltJ7zs6xEJ2nloxeBs/eATUXgJAO922GcgP/GiUgV17y_2BdX4O/qFWwhpMGMf37wi_2BX/lkJe3cdrN/7WVmaELlUteTQIErFhWc/URRkn6I1CeKadfr0Tg_/2BWPYNHHR_2F2UImJAlhjY/i7YonJ3Ydwnd_/2BgOgiB9/MYuujPMMxg18nymjpE2JqFD/0fVq8D9YsD/phg5UsKLZOQl7kqi1/VTS_2FsAFu3G/3TrEzzwsBKW/3MeaiWTLCHCZlD/OY9S51u3L9nBtrZ_2BZx7/0yqRxDj4x6MboGVE/Q0bFKfsJ98F/gfX
http://app10.laptok.at/favicon.ico
http://app10.laptok.at/tej6GHOV/2OZDNZM15j8d4LuzyBm1CPL/pFWNHMsgBq/Me_2BiCKfGmnsgtGg/Rke8C0lda6
Click to see the 97 hidden entries
http://app10.laptok.at/iyCuS9ekK6/ZKYlS2pL4_2F6YN5g/m2OzU2ez_2Fk/8F_2BnXwn7_/2BP90eUCGBXbRD/RIrhhRbI
http://searchads.msn.net/.cfm?&&kp=1&
https://contextual.media.net/medianet.php?cid=8CU157172
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextualtag.media.net
https://www.msn.com/de-ch/finanzen/nachrichten/schweizer-arbeitsmarkt-auf-dem-weg-zum-vorkrisennivea
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
https://onedrive.live.com;Fotos
https://www.msn.com/de-ch/sport?ocid=StripeOCID
https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2766163126684138000V10&apid=UPbaae6187-2775-11ec-83da-02a5fb3287ae&verify=true
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
http://ogp.me/ns/fb#
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=ed0d0c9d-eb5e-460c-94bd-331d1d38e375
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fconsole.brax-cdn.com%2Fcreatives%2Fa6cb1edf-85ae-42d3-8ce3-0c3ef2d08771%2F46fb1684-fb46-4b92-97d6-73c06aebbfee_1000x600_bdf0634e74df9e1a3c17cd78afe8adb9.png
https://www.msn.com/de-ch/news/other/auto-nach-unfall-mit-milit%c3%a4rblachen-abgedeckt/ar-AALgoO8?o
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2766163126684138000V10
https://www.msn.com/de-ch/news/other/was-passierte-nur-drei-minuten-nach-dem-start/ar-AAP7LCM?ocid=h
https://outlook.live.com/mail/deeplink/compose;Kalender
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fceedb38b7c05f6380193a62666745514.jpg
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=medianet&bsw_user_id=ed0d0c9d-eb5e-460c-94bd-331d1d38e375
https://www.msn.com/de-ch/news/other/mann-54-wird-von-wurzelstock-getroffen-und-kommt-ums-leben/ar-A
https://btloader.com/tag?o=6208086025961472&upapi=true
https://secure.adnxs.com/clktrb?id=762232
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1
http://www.reddit.com/
https://www.msn.com/de-ch/news/other/gericht-verurteilt-mehrfachen-raser-zu-30-monaten-freiheitsstra
https://www.skype.com/
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://www.msn.com/de-ch/nachrichten/regional
https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://amzn.to/2TTxhNg
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://client-s.gateway.messenger.live.com
https://cm.g.doubleclick.net/pixel?cs=1&google_nid=media&google_cm=1&google_hm=Mjc2NjE2MzExNjY4NDE2ODAwMFYxMA%3D%3D&google_sc=1
https://www.msn.com/de-ch/
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://www.awin1.com/cread.php?awinmid=15168&awinaffid=696593&clickref=de-ch-edge-dhp-river
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fconsole.brax-cdn.com%2Fcreatives%2Fa6cb1edf-85ae-42d3-8ce3-0c3ef2d08771%2F679db3c1-e62f-47d5-bd90-53b48f4ed0c6_1000x600_9a0f5b727e2a50702107d4e4fbcb72f2.png
https://www.msn.com/de-ch
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
https://twitter.com/i/notifications;Ich
https://www.awin1.com/cread.php?awinmid=11518&awinaffid=696593&clickref=dech-edge-dhp-infopa
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
https://id.rlcdn.com/710489.gif
https://cm.g.doubleclick.net/pixel?cs=1&google_nid=media&google_cm=1&google_hm=Mjc2NjE2MzEyNjY4NDEzODAwMFYxMA%3D%3D&google_sc=1
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://pixel.advertising.com/ups/58222/sync?_origin=1&uid=2766163126684138000V10
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
http://www.youtube.com/
http://ogp.me/ns#
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
https://www.msn.com/de-ch/news/other/spezialisten-suchen-mit-sonarsonde-in-200-metern-tiefe-nach-ver
https://onedrive.live.com/?qt=mru;OneDrive-App
https://www.skype.com/de
https://www.msn.com/de-ch/news/other/schulleitung-warnt-eltern-vor-lebensbedrohlichem-ohnmacht-spiel
https://www.msn.com/de-ch/nachrichten/schweiz/bund-registriert-erneut-weniger-neue-corona-ansteckung
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
https://www.skype.com/de/download-skype
https://ad-delivery.net/px.gif?ch=1&e=0.8749585328117704
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F171f8b8d6097fca0bfa9b18571e0f954.jpg
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com;OneDrive-App
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
http://www.amazon.com/
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
http://www.twitter.com/
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1
https://cdn.cookielaw.org/vendorlist/googleData.json
https://outlook.com/
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
https://ups.analytics.yahoo.com/ups/58222/sync?_origin=1&uid=2766163126684138000V10&verify=true
https://cdn.cookielaw.org/vendorlist/iabData.json
https://cdn.cookielaw.org/vendorlist/iab2Data.json
https://onedrive.live.com/?qt=mru;Aktuelle
https://www.msn.com/de-ch/?ocid=iehp
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://www.msn.com/de-ch/news/other/die-araberinnen-und-araber-kehren-zur%c3%bcck/ar-AAPbaLO?ocid=h
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A%2F%2Fs3.amazonaws.com%2Fshinez-pictures%2F1617177826938a14141d3bca4cb41620f72354f58c4ff.jpg
http://www.nytimes.com/
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\www.msn[2].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\URW0GA4Q\contextual.media[1].xml
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE6AEE69-2775-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{078013E1-2776-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE6AEE6B-2775-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B857F74E-2775-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E5354AB5-2775-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1E5E2AC-2775-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1E5E2AE-2775-11EC-90EB-ECF4BBEA1588}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\2a816201-f959-4e73-b937-c8856613c1b1[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\4996b9[1].woff
Web Open Font Format, TrueType, length 45633, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAMqFmF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAORHel[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAOZtDm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAP7w5W[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAP7yvI[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAP9YY7[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAP9r3b[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPa34D[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPaEWW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPaKlK[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPaLRV[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPadFc[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPaiCX[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPaldW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPaqLI[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\AAPatbE[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB15AQNm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB1cEP3G[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BB6Ma4a[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BBVuddh[2].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\BBY7ARN[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\a5ea21[1].ico
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\checksync[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\checksync[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\checksync[3].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\e151e5[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\otBannerSdk[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\52-478955-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAL6HKN[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AANuZgF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAP5ZJ9[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAP8otc[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAP9B2S[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAP9Bwt[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAPaEWW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAPaEgA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAPaEqq[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAPaajT[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAPajQ1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAPaom7[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\AAuTnto[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB1aXBV1[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB7gRE[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\BB7hjL[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\auction[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\cksync[1].gif
GIF image data, version 87a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\https___console.brax-cdn.com_creatives_a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771_679db3c1-e62f-47d5-bd90-53b48f4ed0c6_1000x600_9a0f5b727e2a50702107d4e4fbcb72f2[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\iab2Data[2].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\location[1].js
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\nrrV72800[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\nrrV72800[2].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otSDKStub[2].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\otTCF-ie[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\px[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAKp8YX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAOSsrG[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAOxXYp[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAP9FFk[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAPaF44[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAPaJfY[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAPabaD[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAPafV9[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAPan0r[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AAParbZ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\AArXDyz[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB14EN7h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB14hq0P[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1aQdUI[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1cG73h[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1ftEY0[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BB1kvzy[1].png
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBJrII1[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\BBPfCZL[1].png
GIF image data, version 89a, 50 x 50
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\cfdbd9[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http___cdn.taboola.com_libtrc_static_thumbnails_b3b730df929ed7084f256b53000dc655[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\http___cdn.taboola.com_libtrc_static_thumbnails_ceedb38b7c05f6380193a62666745514[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\https___console.brax-cdn.com_creatives_a6cb1edf-85ae-42d3-8ce3-0c3ef2d08771_46fb1684-fb46-4b92-97d6-73c06aebbfee_1000x600_bdf0634e74df9e1a3c17cd78afe8adb9[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\https___s3.amazonaws.com_shinez-pictures_1617177826938a14141d3bca4cb41620f72354f58c4ff[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 207x311, frames 3
#