Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://www.ghostquest.net

Status: finished
Submission Time: 2019-10-16 22:40:48 +02:00
Malicious

Comments

Tags

Details

  • Analysis ID:
    183336
  • API (Web) ID:
    265295
  • Analysis Started:
    2019-10-16 22:40:49 +02:00
  • Analysis Finished:
    2019-10-16 22:48:08 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 6/71

IPs

IP Country Detection
212.32.255.93
 Netherlands
35.170.171.200
 United States
74.207.231.32
 United States
Click to see the 28 hidden entries
52.94.218.7
 United States
143.204.101.15
 United States
104.18.22.136
 United States
157.240.20.15
 United States
13.224.196.13
 United States
198.74.54.57
 United States
104.18.23.136
 United States
3.220.216.41
 United States
151.101.1.46
 United States
104.20.91.72
 United States
13.56.72.197
 United States
104.18.56.209
 United States
52.42.187.107
 United States
104.27.173.192
 United States
199.34.228.59
 United States
104.31.86.181
 United States
2.18.68.31
 European Union
54.187.119.242
 United States
35.161.142.165
 United States
216.58.201.66
 United States
13.225.74.186
 United States
104.16.7.49
 United States
172.217.23.225
 United States
216.58.201.118
 United States
151.101.0.176
 United States
151.101.0.84
 United States
104.31.87.181
 United States
104.20.92.72
 United States

Domains

Name IP Detection
www.hostingcloud.racing
 212.32.255.93
cm.internal.reports.mn
 0.0.0.0
prod.pinterest.global.map.fastly.net
 151.101.0.84
Click to see the 52 hidden entries
m.stripe.com
 52.42.187.107
forms.mailmunch.co.herokudns.com
 35.170.171.200
lg3.media.net
 2.18.68.31
swift1.adclerks.com
 74.207.231.32
aax-cpm.amazon-adsystem.com
 0.0.0.0
yt3.ggpht.com
 0.0.0.0
m.stripe.network
 0.0.0.0
cdn2.editmysite.com
 0.0.0.0
q.stripe.com
 0.0.0.0
api.pinterest.com
 0.0.0.0
www.youtube.com
 0.0.0.0
stripecdn.map.fastly.net
 151.101.0.176
c.amazon-adsystem.com
 0.0.0.0
forms.mailmunch.co
 0.0.0.0
pxlclnmdecom-a.akamaihd.net
 0.0.0.0
cdn.adclerks.com
 0.0.0.0
static.doubleclick.net
 0.0.0.0
ec.editmysite.com
 0.0.0.0
analytics.mailmunch.co
 0.0.0.0
googleads.g.doubleclick.net
 0.0.0.0
www.ghostquest.net
 0.0.0.0
graph.facebook.com
 0.0.0.0
js.stripe.com
 0.0.0.0
a.mailmunch.co
 0.0.0.0
swift.adclerks.com
 0.0.0.0
stripe.com
 54.187.119.242
cdn.justuno.com
 104.18.23.136
analytics.justuno.com
 104.18.23.136
i.ytimg.com
 216.58.201.118
dt.clnmde.com
 3.220.216.41
weebly.map.fastly.net
 151.101.1.46
ghostquest.net
 199.34.228.59
js.rating-widget.com
 104.18.56.209
contextual.media.net
 2.18.68.31
www.hitwebcounter.com
 104.31.86.181
analytics.mailmunch.co.herokudns.com
 35.170.171.200
static.zotabox.com
 104.20.92.72
stats.zotabox.com
 104.20.91.72
photos-ugc.l.googleusercontent.com
 172.217.23.225
d1tcqh4bio8cty.cloudfront.net
 143.204.101.15
adn1.adclerks.com
 198.74.54.57
snow-ress-1ek33e2ie0qo9.2pkcbrraje.us-west-2.elasticbeanstalk.com
 35.161.142.165
d3ar2nimg19ie1.cloudfront.net
 13.224.196.13
static.zbcdn3.net
 104.27.173.192
star.c10r.facebook.com
 157.240.20.15
pagead46.l.doubleclick.net
 216.58.201.66
hitwebcounter.com
 104.31.87.181
aax-eu.amazon-adsystem.com
 52.94.218.7
my.justuno.com
 104.18.22.136
navvy.media.net
 13.56.72.197
d1ykf07e75w7ss.cloudfront.net
 13.225.74.186
c6.patreon.com
 104.16.7.49

URLs

Name Detection
http://ghostquest.weebly.com/haunted-kentucky.html
http://twitter.com/share?url=http://www.ghostquest.net/1/post/2016/04/hello-world.html
http://a.mailmunch.co/v2/themes/mailmunch/simple/embedded/index.css
Click to see the 97 hidden entries
http://static.zbcdn3.net/__abdiirw/asset/font/zb-icons/zb-icons.eot
http://dt.clnmde.com/ptmd?t=157129092033631489359544_N4IgzgLghhCuYgFwG0C6AaEAvKSCMmADgOZIiED6ATCJgKYB2AbmYbSMQBZl4CsA7HioBOAAzCqogMxSAbFLwAWABzCpvYb0WL2EBIhBKRy0f0WyqvXsvZN9IWQDpRjhf3ZQANkimYAZgDGSAC0BCB0uAaKwgF+vAAmdKLBdH5+UKF4dMLBwgBGCsHKvFSpeYqxVHhS7HQQAJb4AkLWJWGQpIiimGAA1jzNlsVVFFbywir8ylTTtfVsBsqKjnj8jiUrNZiwjV30TN4ooAxQALZ0ZHn18YkAThTX7PEwkaBXN3T3j4gMsJ6emCY9Qe8QGgiGvFWGikVBh-HhIAAvoiMOBPJAwUIxBJRHhZDZMJ4-PhAcDvoZBq0oWpYVR4e5MAF4BAQWRlABhACqKgAEgApGbsMAAKxJ4UOIGAAB0QIEwDK9jLbvKfIjav0DNLZQEVYgCErdXg1ZhbgB7JDpdF0TDEIJ6wbYqSaGaYACOFz1-l2okRQA
http://sads.myspace.com/
https://stats.g.doubleclick.net/j/collect?
http://static.zbcdn3.net/__abdiirw/sb.default.js
http://www.amazon.de/
https://analytics.justuno.com/api/session/findp?callback=jsonFindCallback&accid=0F2281CB-7B93-40C6-8
http://search.auction.co.kr/
http://www.google.it/
http://ghostquest.weebly.com/maine.html
http://cdn2.editmysite.com/fonts/Proxima-Light/267447_4_0.eot?321123597
http://aax-cpm.amazon-adsystem.com/x/getad?jsd=1&src=320&c=100&u=http%3A%2F%2Fwww.ghostquest.net%2Fblog&slot_uuid=fc502eb3-c032-4e91-aef3-486c30473623&rnd=382371
http://www.ask.com/
http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
https://www.amazon.com/brian-w./e/b07pf1flb9z
https://pki.goog/repository/0
http://ocsp.pki.goog/gsr202
http://buscar.ozu.es/
http://analytics.mailmunch.co/event/?site_id=521735&widget_id=673639&event_name=views&cache=1571290963979&referrer=http%3A%2F%2Fwww.ghostquest.net%2Fblog&visitor_id=8a487b73-14b5-414b-88db-c6a4a8954382
http://www.ghostquest.net/newsletter.html
http://search.msn.co.jp/results.aspx?q=
http://ocsp.pki.goog/gts1o10
http://www.ozu.es/favicon.ico
http://www.google.si/
http://swift.adclerks.com/www/images/2cb696c2dd4a812c1c4e9f1d2fa32d7b.png
https://www.ghoststop.com/favicon.ico
http://www.ghostquest.net/files/main_style.css?1571189726
http://search.nifty.com/
https://cdn.justuno.com/mwgt_4.1.js?v=2.61
http://www.gmarket.co.kr/
https://twitter.com/jacobrossi/status/480596438489890816
http://search.yahoo.co.jp/favicon.ico
http://openimage.interpark.com/interpark.ico
http://imakewebthings.com/waypoints/api/first
http://search.sify.com/
http://cgi.search.biglobe.ne.jp/favicon.ico
http://momentjs.com/guides/#/warnings/min-max/
http://uk.search.yahoo.com/
http://contextual.media.net/mediamain.html?&cid=8CU48HJ28&cpcd=x2mTBW6hcx125aAMrWRywA%3D%3D&crid=312
http://lg3.media.net/bping.php?&gdpr=0&prid=8PRHGG6T9&cid=8CU48HJ28&crid=312456617&vi=1571258541135520679&ugd=4&lf=6&cc=CH&sc=ZH&vsid=2142601211358166&lper=100&wsip=2886781042&r=1571290941097&requrl=http%3A%2F%2Fwww.ghostquest.net%2F&vgd_sbSup=0&vgd_is_amp=0&vgd_asn=60068&vgd_nvLogging=0&hvsid=00001571290941091014104135815785
http://www.rambler.ru/favicon.ico
http://list.taobao.com/browse/search_visual.htm?n=15&q=
http://google.pchome.com.tw/
http://crl.pki.goog/gsr2/gsr2.crl0?
http://browse.guardian.co.uk/favicon.ico
http://www.pchome.com.tw/favicon.ico
http://momentjs.com/timezone/docs/#/data-loading/.
http://imakewebthings.com/waypoints/api/context
http://contextual.media.net/fcmdynet.js?&cid=8CU48HJ28&cpcd=x2mTBW6hcx125aAMrWRywA%3D%3D&crid=312456
http://www.ghostquest.net/uploads/7/9/0/2/79029746/haunted-house-nanny-article_orig.jpg
http://img.shopzilla.com/shopzilla/shopzilla.ico
https://www.amazon.com/brian-w./e/b07pf1flb9v
http://a.mailmunch.co/app/v1/topbar.js
https://actions.zotabox.com
http://static.zbcdn3.net/__abdiirw/asset/font/zb-icons/zb-icons.woff
http://in.search.yahoo.com/
http://www.ghostquest.net/1/post/2019/04/the-jersey-devil.html
http://dt.clnmde.com/ptmd?t=157129094128733028
http://fr.search.yahoo.com/
http://static.zbcdn3.net/__abdiirw/asset/script/jquery.scrollbar.js
http://analytics.mailmunch.co/event/?site_id=521735&widget_id=673639&event_name=views&cache=1571290948065&referrer=http%3A%2F%2Fwww.ghostquest.net%2F&visitor_id=8a487b73-14b5-414b-88db-c6a4a8954382
http://www.ghostquest.n
http://contextual.media.net/__media__/pics/800028474/1x1.gif
https://github.com/snowplow/snowplow-javascript-tracker/blob/2.6.2/src/js/tracker.js#L1509
http://ghostquest.weebly.com/haunted-maryland.html
http://static.zbcdn3.net/__abdiirw/asset/font/zb-all/zb-all.eot
http://static.zbcdn3.net/__abdiirw/asset/font/Zotabox3/ztb3.woff
http://www.dailymail.co.uk/
http://requirejs.org/docs/errors.html#
http://www.hitwebcounter.com/counter/counter.php?page=6639210&style=0036&nbdigits=9&type=page&initCo
http://www.merlin.com.pl/favicon.ico
http://www.mercadolivre.com.br/
http://imakewebthings.com/waypoints/api/group
http://cdn2.editmysite.com/js/site/main-commerce-browse.js?buildTime=1571166790
http://search.hanafos.com/favicon.ico
http://cps.letsencrypt.org0
https://www.youtube.com/generate_204?cpn=
https://www.tumblr.com/blog/ghostquest-usa
https://js.stripe.com/v2/m/outer.html#url=http%3A%2F%2Fwww.ghostquest.net%2Fblog&title=GhostQuest.ne
http://www.ascendercorp.com/
http://it.search.dada.net/favicon.ico
http://www.etmall.com.tw/favicon.ico
http://momentjs.com/guides/#/warnings/zone/
http://www.ya.com/favicon.ico
http://www.ghostquest.net/1/post/2019/02/february-01st-2019.html
http://search.chol.com/favicon.ico
https://www-ghostquest-net.checkout.weebly.com?cart=
http://busca.igbusca.com.br//app/static/images/favicon.ico
http://www.reddit.com/
http://ghostquest.weebly.com/rhode-island.html
http://msk.afisha.ru/
http://cdn2.editmysite.com/fonts/Proxima-Light/267447_4_0.ttf?123597
http://ghostquest.weebly.com/haunted-arkansas.html
http://static.zbcdn3.net/__ogephtu/asset/font/Zotabox3/ztb3.eot
https://api.pinterest.com/v1/urls/count.json?callback=receiveCount&url=http%3A%2F%2Fwww.ghostquest.n
http://cdn.adclerks.com/core/ad2/10904/5865?r=91060
http://www.ghostquest.net/books-and-literature.html

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\8RLP3Z1S.gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\browserfp.min[1].js
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\brh2_orig[1].jpg
 data
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\brh1_orig[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 577x385, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\bfp_ssn[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\author-pic_orig[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 477x590, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\asyncjs[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\account_version_check[1].json
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\X6NREA95.gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\S6u_w4BMUTPHjxsI9w2_FQfr[1].woff
 Web Open Font Format, TrueType, length 24056, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\NewErrorPageTemplate[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\ErrorPageTemplate[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\A27JJWVE.gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\bundle[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\521735[1].json
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\168356415[1].jpg
 [TIFF image data, little-endian, direntries=14, height=565, bps=182, PhotometricIntepretation=RGB, manufacturer=Canon, model=Canon EOS 650D, orientation=upper-left, width=849], baseline, precision 8, 640x430, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ztb3[1].eot
 Embedded OpenType (EOT), ztb3 family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\wendigo_orig[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x430, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\v3[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\site[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\screen-shot-2019-04-23-at-8-49-11-pm-767x0-is_orig[1].png
 PNG image data, 767 x 460, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ptmd[5].gif
 PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ptmd[3].gif
 PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ptmd[1].gif
 PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\plugins[1].js
 UTF-8 Unicode text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\findp[3].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\ptmd[5].gif
 PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\ptmd[2].gif
 PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\ptmd[1].gif
 PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\newsletter[1].htm
 HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\index-1558300748[1].htm
 HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\index-1556141081[1].htm
 HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\index-1540220513[1].htm
 HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\httpErrorPagesScripts[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\haunted-house-nanny-article_orig[1].jpg
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\getads[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\getad[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\gdprscript[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\photo[1].jpg
 [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\findp[2].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\findp[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\fancybox[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\external.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\event[2].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\errorPageStrings[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\down[1]
 PNG image data, 15 x 15, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\dnserror[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\data[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\custom[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\I9HE86MU\counter[1].htm
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\background_gradient[1]
 JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ad_status[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\NewErrorPageTemplate[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\GQQu[1].js
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\G1PDN8Y0.htm
 HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\DF7XX6F2.gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\8235166[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 464x306, frames 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\1x1[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\typalil\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\becomePatronButton.bundle[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBCDFEF2-F0A0-11E9-AAE0-9CC1A2A860C6}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D1F69531-F0A0-11E9-AAE0-9CC1A2A860C6}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D1F6952F-F0A0-11E9-AAE0-9CC1A2A860C6}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\FAUIN0SN\m.stripe[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EIS25TGM\www.youtube[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BIVALPPV\pxlclnmdecom-a.akamaihd[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\haunted-usa[1].htm
 HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\nmedianet[1].js
 UTF-8 Unicode text, with very long lines, with NEL line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\navcancl[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\mothman_orig[1].jpg
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\mem5YaGs126MiZpBA-UN7rgOUuhv[1].woff
 Web Open Font Format, TrueType, length 18900, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\mediamain[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\main-customer-accounts-site[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\jquery[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\jquery.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\jquery-3.3.1.min[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\inner[1].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\index[2].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\index[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\0QZMDP18\www.ghostquest[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ghostquestblack-small_orig[1].png
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ghostquest[1].png
 PNG image data, 203 x 41, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\ga[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\findp[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\external.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\event[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\errorPageStrings[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\down[1]
 PNG image data, 15 x 15, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\dnserror[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\counter[1].htm
 HTML document, ASCII text, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G7QTC28F\count[1].js
 ASCII text, with no line terminators
 #