top title background image
flash

kGl1qp3Ox8.exe

Status: finished
Submission Time: 2022-01-14 15:30:14 +01:00
Malicious
Trojan
Spyware
Evader
RedLine SmokeLoader Vidar onlyLogger

Comments

Tags

  • exe
  • RedLineStealer

Details

  • Analysis ID:
    553271
  • API (Web) ID:
    920793
  • Analysis Started:
    2022-01-14 15:30:16 +01:00
  • Analysis Finished:
    2022-01-14 15:48:44 +01:00
  • MD5:
    7ebf41b7e0d24473f2ad0b25e354f615
  • SHA1:
    6e9c110ed531f7239ff849a6b7c998d1c958f2d8
  • SHA256:
    15cea3c23e9d0f1ec3a748746bd425d642ae25b042b1b36c8364f721235f0f0d
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 17/35
malicious
Score: 25/28
malicious
malicious

IPs

IP Country Detection
31.41.45.12
Russian Federation
45.136.151.102
Latvia
185.215.113.208
Portugal
Click to see the 24 hidden entries
37.0.10.244
Netherlands
151.115.10.1
United Kingdom
208.95.112.1
United States
149.28.78.238
United States
35.205.61.67
United States
52.218.104.171
United States
188.165.5.107
France
103.235.105.121
India
34.117.59.81
United States
172.67.133.215
United States
104.21.88.113
United States
85.209.157.230
Netherlands
2.56.59.42
Netherlands
37.0.10.214
Netherlands
45.144.225.57
Netherlands
148.251.234.83
Germany
78.46.160.87
Germany
91.224.22.193
Russian Federation
8.8.8.8
United States
149.154.167.99
United Kingdom
162.159.135.233
United States
212.193.30.29
Russian Federation
212.193.30.45
Russian Federation
172.67.177.36
United States

URLs

Name Detection
http://212.193.30.29/WW/file3.exet
http://212.193.30.45/WW/file8.exe
http://stylesheet.faseaegasdfase.com/hp8/g1/rtst1053.exe
Click to see the 97 hidden entries
http://212.193.30.45/WW/file10.exe6r
http://212.193.30.29/WW/file2.exeC:
http://212.193.30.45/WW/file9.exe
http://212.193.30.45/WW/file5.exepr
https://watertecindia.com/watertec/fw4.exe
http://185.215.113.208/
http://212.193.30.45/WW/file8.exem
http://212.193.30.29/download/Cube_WW14.bmp
http://212.193.30.45/proxies.txt
http://45.144.225.57/WW/sfx_123_310.exeEzF
https://dpcapps.me/
http://212.193.30.45/WW/file8.exeaz:
http://212.193.30.29/WW/file1.exe
http://212.193.30.45/WW/file7.exeC:
http://212.193.30.29/WW/file2.exexe;y
http://212.193.30.45/WW/file10.exeSyH
http://2.56.59.42/base/api/getData.php
http://212.193.30.29/WW/file1.exe$
http://212.193.30.45/WW/file5.exeJr
http://212.193.30.45/WW/file7.exeet
http://45.144.225.57/WW/sfx_123_310.exeE
http://stylesheet.faseaegasdfase.com/hp8/g1/rtst1053.exeL
http://whatisart.top/
http://212.193.30.29/WW/file1.exeC:
http://stylesheet.faseaegasdfase.com/hp8/g1/rtst1053.exea
http://212.193.30.45/WW/file8.exeC:
http://212.193.30.29/WW/file4.exe0.exe
http://xmtbsj.com/setup.exe
https://cdn.discordapp.com/attachments/910842184708792331/931474583054352464/newt.bmpU%_
https://cdn.discordapp.com:80/attachments/910842184708792331/931474583054352464/newt.bmpa
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://cdn.discordapp.com/attachments/910842184708792331/931210851506065438/new_v11.bmpN
https://cdn.discordapp.com/attachments/910842184708792331/930849718240698368/Roll.bmpC:
https://WINHTTP.dllLater
https://cdn.discordapp.com/attachments/910842184708792331/931269844253442058/LeGXxX6.bmpC:
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmpm
https://cdn.discordapp.com/attachments/910842184708792331/931474583054352464/newt.bmp.bmp4
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmpp
http://tg8.cllgxx.com/sr21/siww1047.exe&
https://cdn.discordapp.com/attachments/910842184708792331/931469914336821298/softer1401.bmpC:
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr758214.exe.
https://cdn.discordapp.com/attachments/910842184708792331/931268419985227846/real1302.bmpe
https://cdn.discordapp.com/attachments/910842184708792331/931475805228371968/1234_1401.bmpO
https://telegram.org/
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmpmp
https://ipgeolocation.io/
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr943210.exe
https://cdn.discordapp.com/attachments/910842184708792331/930749897811062804/help1201.bmpC:
https://cdn.discordapp.com/attachments/910842184708792331/931210851506065438/new_v11.bmp;
https://cdn.discordapp.com:80/attachments/910842184708792331/931269844253442058/LeGXxX6.bmp
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr758214.exeH
https://iplogger.org/1epKp7
https://cdn.discordapp.com/attachments/910842184708792331/931210851506065438/new_v11.bmpmp6
https://cdn.discordapp.com/attachments/910842184708792331/931475805228371968/1234_1401.bmpF
https://cdn.discordapp.com/attachments/910842184708792331/931210851506065438/new_v11.bmpe~
https://cdn.discordapp.com/
https://cdn.discordapp.com/attachments/910842184708792331/931285223709225071/russ.bmpD
https://iplogger.org/
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr758214.exeE
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmpC:
http://www.innosetup.com/
https://cdn.discordapp.com/D
https://cdn.discordapp.com/attachments/910842184708792331/931474583054352464/newt.bmp
https://cdn.discordapp.com/attachments/910842184708792331/930849718240698368/Roll.bmpz
https://cdn.discordapp.com/attachments/910842184708792331/930749897811062804/help1201.bmp
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr758214.exe
https://zayech.s3.eu-west-1.amazonaws.com:80/HR.exe
https://cdn.discordapp.com/attachments/910842184708792331/931474583054352464/newt.bmpK
https://cdn.discordapp.com/attachments/910842184708792331/931210851506065438/new_v11.bmpmpmp
http://www.autoitscript.com/autoit3/J
https://innovicservice.net:80/assets/vendor/counterup/RobCleanerInstlr943210.exe
https://cdn.discordapp.com:80/attachments/910842184708792331/931210851506065438/new_v11.bmp
https://ipinfo.io/Content-Type:
https://cdn.discordapp.com/attachments/910842184708792331/931494519592075284/27f_1401.bmpC:
http://www.hhiuew33.com/
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr943210.exe3
https://telegram.org/img/t_logo.png
http://2.56.59.42/service/communication.php-9
https://cdn.discordapp.com/attachments/910842184708792331/931210851506065438/new_v11.bmpmp
https://cdn.discordapp.com/attachments/910842184708792331/931268419985227846/real1302.bmpC:
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmp
https://ipinfo.io/
http://tg8.cllgxx.com/sr21/siww1047.exe
https://cdn.discordapp.com/attachments/910842184708792331/931494519592075284/27f_1401.bmpe~
https://telegram.org/P
https://cdn.discordapp.com/attachments/910842184708792331/931268419985227846/real1302.bmp
https://zayech.s3.eu-west-1.amazonaws.com/HR.exe/
https://cdn.discordapp.com:80/attachments/910842184708792331/931475805228371968/1234_1401.bmp
http://joinarts.top/check.php?publisher=ww2C:
https://watertecindia.com/watertec/f.exexe
https://innovicservice.net/assets/vendor/counterup/RobCleanerInstlr758214.exeC:
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmp&
https://cdn.discordapp.com:80/attachments/910842184708792331/931210851506065438/new_v11.bmpmp
https://cdn.discordapp.com/attachments/910842184708792331/928293476800532500/utube0501.bmp.
https://core.telegram.org/api
http://onepiece.s3.pl-waw.scw.cloud/pub-carousel/ShareFolder.exe

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Service[1].bmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\file[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\fw3[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\fw4[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\file3[1].exe
MS-DOS executable
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\f[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\HR[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Cube_WW14[1].bmp
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\RobCleanerInstlr758214[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\RobCleanerInstlr943210[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\appforpr2[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\ferrari[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-FNG8T.tmp\P65Nqt8GfRApLpFwJ9bOb7YH.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\NiceProcessX64[1].bmp
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\rtst1053[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\Pictures\Adobe Films\0y_alCQBJv4J1LDnCOe55cop.exe
MS-DOS executable
#
C:\Users\user\AppData\Local\Temp\11111.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Documents\3bt5DsNiQBL2dnO8YKYIjDPi.exe
PE32 executable (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\dce6bd67-7e1f-466b-94f1-f9f5c2acf9dd.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\dd-cf194-64d-5a3ae-892e29c1cf407\Jaxuxyleda.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\c95bc0fc-f0aa-44e0-82a7-7cd172480ab6.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-MBHBG.tmp\________djskjT76(((.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmp1AE1.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\dd-cf194-64d-5a3ae-892e29c1cf407\Jaxuxyleda.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\is-MBHBG.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\fl.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\a8155a24-6afe-4a8d-b55c-3e9f9c8f0596.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-MBHBG.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Temp\is-MBHBG.tmp\idp.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\pidHTSIGEi8DrAmaYu9K8ghN89.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qg3ngdzw.dzt.ps1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ocdgehdf.x01.psm1
very short file (no magic)
#
C:\Users\user\AppData\Local\Temp\7b7bd5d8-d30e-4948-8b49-a7ff0ac8d3a1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmpBA38.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\Pictures\Adobe Films\8fPwMu8Y3u0_P21OCUSRcOu9.exe
HTML document, ASCII text, with CRLF line terminators
#
C:\Users\user\Pictures\Adobe Films\5q_HfaMaCiUp12tkPrR6eSka.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Pictures\Adobe Films\5Pl0uv0ZiLthX_vA39iBZgFo.exe
MS-DOS executable
#
C:\Users\user\Pictures\Adobe Films\56IWdY4eqRTdJgfAC3WHYY1z.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\Documents\Ei8DrAmaYu9K8ghN89CsjOW1.dll
data
#
C:\Users\user\Documents\20220114\PowerShell_transcript.301389.VVOMqrLu.20220114153242.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\F4E.tmp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\D9C.tmp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Roaming\5BBD.tmp.exe
PE32+ executable (GUI) x86-64, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmpF0E9.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmpC4C0.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\sport.exe
MS-DOS executable
#
C:\Users\user\AppData\Local\Temp\tmp898E.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp78E8.tmp
UTF-8 Unicode (with BOM) text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmp787C.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp6A99.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp61F6.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp52B3.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Temp\tmp4D4C.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp3259.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\tmp1310.tmp
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\Local\Temp\tmp121E.tmp
ASCII text, with very long lines, with no line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\C1aYSYmMy9tQLrifaCN41EQ8.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\1234_1401[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\stalkar_4mo[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\new_v11[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\help1201[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Roll[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\LeGXxX6[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\404[1].htm
HTML document, UTF-8 Unicode text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\1234_1401[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e5SEitbuPomqfmRpQ1nXQBM2.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\PL_Client[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4c91d8e5-f330-473d-bea7-49691b483a08.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0y_alCQBJv4J1LDnCOe55cop.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\LocalLow\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\Users\user\AppData\LocalLow\frAQBc8Wsa
SQLite 3.x database, last written using SQLite version 3032001
#
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\utube0501[1].bmp
data
#
C:\Users\user\AppData\Local\Temp\78-98edf-b53-e3daf-74e31577faa14\Kenessey.txt
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\7469216e-9689-4de8-a329-fc4dce5fd660.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Temp\70bb7193-ad9a-4e0f-ae94-6f57b7571a61.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\4c91d8e5-f330-473d-bea7-49691b483a08.exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Temp\01913ed7-c54a-4682-ba7f-2339dfb12dae.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\sfx_123_310[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\setup[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\file2[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\file1[1].exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
#
C:\Users\user\AppData\Local\Temp\78-98edf-b53-e3daf-74e31577faa14\Ledaparifa.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\softer1401[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\russ[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\27f_1401[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\real1302[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\newt[1].bmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
#