top title background image
flash

2zTgaLRFkL.dll

Status: finished
Submission Time: 2021-11-22 14:27:12 +01:00
Malicious
Trojan
Evader
Ursnif

Comments

Tags

  • dll

Details

  • Analysis ID:
    526326
  • API (Web) ID:
    893848
  • Analysis Started:
    2021-11-22 14:27:45 +01:00
  • Analysis Finished:
    2021-11-22 14:39:30 +01:00
  • MD5:
    096d27e730a16660704e6713fdc89173
  • SHA1:
    880a73f218d5b4ba3f734c14ed3b84ef036aa85a
  • SHA256:
    5bbba6d13c8222ef2cc5c4aecf14043f1e74d164ab2a1b3e4b68ee6cb086900c
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
Score: 64
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
104.26.3.70
United States
142.250.203.102
United States
172.67.70.134
United States

Domains

Name IP Detection
contextual.media.net
2.18.160.23
dart.l.doubleclick.net
142.250.203.102
hblg.media.net
2.18.160.23
Click to see the 9 hidden entries
lg3.media.net
2.18.160.23
btloader.com
172.67.70.134
ad-delivery.net
104.26.3.70
assets.msn.com
0.0.0.0
web.vortex.data.msn.com
0.0.0.0
www.msn.com
0.0.0.0
ad.doubleclick.net
0.0.0.0
srtb.msn.com
0.0.0.0
cvision.media.net
0.0.0.0

URLs

Name Detection
https://www.msn.com/de-ch/news/other/bei-den-%c3%a4rzten-schauen-die-beh%c3%b6rden-einfach-weg/ar-AA
https://outlook.com/
https://clkde.tradedoubler.com/click?p=195119&a=3064090&g=25021476
Click to see the 97 hidden entries
https://cdn.cookielaw.org/vendorlist/googleData.json
https://policies.oath.com/us/en/oath/privacy/index.html
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
http://www.twitter.com/
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
http://www.amazon.com/
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
https://onedrive.live.com;OneDrive-App
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
https://beap.gemini.yahoo.com/mbclk?bv=1.0.0&es=MJ_W730GIS_QkG6Z3slmnzoRpVQc.g8KNhy8thvyLfijZDMu
https://www.skype.com/de/download-skype
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&utm_sourc
https://www.skype.com/de
https://onedrive.live.com/?qt=mru;OneDrive-App
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
https://www.msn.com/de-ch/sport/other/runter-rauf-runter-wie-gc-in-genf-vom-weg-abkommt/ar-AAQYdQe?o
https://onedrive.live.com/#qt=mru
https://outlook.live.com/calendar
https://www.onlineumfragen.com/3index_2010_agb.cfm
https://smartyads.com/privacy-policy
https://optimise-it.de/datenschutz
https://www.stroeer.de/ssp-datenschutz
https://twitter.com/
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
https://s.yimg.com/lo/api/res/1.2/CHE6ysqAlt744fnx0c7isA--~A/Zmk9ZmlsbDt3PTYyMjtoPTM2ODthcHBpZD1nZW1
https://www.msn.com/de-ch/news/other/defektes-paket-mit-radioaktivem-inhalt-in-swiss-flieger-entdeck
https://onedrive.live.com/about/en/download/
https://www.bidstack.com/privacy-policy/
http://ogp.me/ns#
https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&ver=%272.1%27&a
http://www.nytimes.com/
https://doceree.com/.well-known/deviceStorage.json
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
https://www.msn.com/de-ch/?ocid=iehp
https://cdn.flurry.com/adTemplates/templates/htmls/clips.html"
https://onedrive.live.com/?qt=mru;Aktuelle
https://cdn.cookielaw.org/vendorlist/iabData.json
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://www.msn.com/de-ch/news/other/mehrere-tausend-menschen-demonstrieren-in-z%c3%bcrich/ar-AAQWtO
http://www.reddit.com/
https://btloader.com/tag?o=6208086025961472&upapi=true
https://ir2.beap.gemini.yahoo.com/mbcsc?bv=1.0.0&es=1pthyrgGIS_CP6RinMZ9JLQidWOhQxu_ti3Yy1VE1q4K
https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-liefert-sich-wilde-verfolgungsjagd-mit-der-poli
https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-st%c3%bcrzt-nach-verfolgungsjagd-mit-der-polize
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
https://www.queryclick.com/privacy-policy
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
https://outlook.live.com/mail/deeplink/compose;Kalender
https://www.botman.ninja/privacy-policy
http://ogp.me/ns/fb#
https://www.skype.com/
https://www.msn.com/de-ch/sport/fussball/der-fcz-zittert-und-steht-doch-ganz-oben/ar-AAQWrxt?ocid=hp
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
https://www.msn.com/de-ch/sport?ocid=StripeOCID
https://onedrive.live.com;Fotos
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
https://www.msn.com/de-ch/news/other/sie-bew%c3%a4ltigen-alltagsstress-und-todesszenen/ar-AAQUall?oc
https://www.msn.com/de-ch/news/other/jacqueline-hofer-tritt-doch-nicht-zur-wiederwahl-an/ar-AAQTAnf?
https://www.msn.com/de-ch/nachrichten/coronareisen
https://contextual.media.net/medianet.php?cid=8CU157172
http://searchads.msn.net/.cfm?&&kp=1&
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
http://www.youtube.com/
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
https://ad-delivery.net/px.gif?ch=1&e=0.4482105559414631
https://silvermob.com/privacy
https://nextmillennium.io/privacy-policy/
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
https://twitter.com/i/notifications;Ich
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
https://www.msn.com/de-ch
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
https://www.msn.com/de-ch/
https://secure.adnxs.com/clktrb?id=764680&t=1
https://client-s.gateway.messenger.live.com
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
https://amzn.to/2TTxhNg
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c
https://srtb.msn.com:443/notify/viewedg?rid=89e9c689e4e442bc8decc0870f35ae96&r=infopane&i=1&
https://www.msn.com/de-ch/nachrichten/regional
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
https://clkde.tradedoubler.com/click?p=245744&a=3064090&g=24545562

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\nrrV52461[2].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQYUU3[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQY5wp[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQVtAu[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQT0oN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQCmUS[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQBdIv[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAOdxvW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\55a804ab-e5c6-4b97-9319-86263d365d28[2].json
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\4996b9[1].woff
Web Open Font Format, TrueType, length 45633, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\17-361657-68ddb2ab[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otTCF-ie[2].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\otBannerSdk[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQYYTT[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\nrrV52461[1].js
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\iab2Data[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\de-ch[2].json
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[5].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[4].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[3].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\checksync[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\cfdbd9[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB7hg4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB6Ma4a[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\BB10MkbM[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\px[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQYWm8[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQYSTg[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQYCwH[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQY8Zl[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQY5UV[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQY4m2[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQY2dE[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQXTtj[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAQTQg3[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\AAOr6Ee[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\52-478955-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\2d-0e97d4-185735b[1].css
UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQYvQT[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\otPcCenter[1].json
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\otFlat[1].json
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\otCommonStyles[1].css
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\medianet[2].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\medianet[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\favicon[1].ico
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\auction[2].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\a5ea21[2].ico
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\BB1fdtSt[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAzb5EX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\AAQYqMl[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQY2pC[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQXrMl[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQXiy5[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQXevg[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQXXJy[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQW0Fs[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQVPm6[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPQoxX[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAPFmi4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AA7XCQ3[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\264bf325-c7e4-4939-8912-2424a7abe532[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQYCIb[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D788005-4BE3-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D788003-4BE3-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\QALADACS\contextual.media[1].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBY7ARN[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQYrvs[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQYULr[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQYSOX[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQYPIL[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQY08U[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAQXYTC[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAPwesU[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAMqFmF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\AAKp8YX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\tag[1].js
ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\otSDKStub[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\a8a064[1].gif
GIF image data, version 89a, 28 x 28
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.msn[2].xml
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBVuddh[2].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBUZVvV[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BBMW3y8[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\BB1ftEY0[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAud6Gv[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQZ8Vf[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQZ3BL[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQYvGE[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQYVTM[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQYV96[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\AAQYUQR[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
#