Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://bit.ly/36nquTW

Status: finished
Submission Time: 2020-05-24 00:41:22 +02:00
Malicious

Comments

Tags

Details

  • Analysis ID:
    232621
  • API (Web) ID:
    361483
  • Analysis Started:
    2020-05-24 00:41:23 +02:00
  • Analysis Finished:
    2020-05-24 00:49:08 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
107.180.3.110
 United States
152.199.21.2
 United States
15.188.105.205
 United States
Click to see the 45 hidden entries
178.250.2.146
 France
104.31.11.178
 United States
172.64.192.7
 United States
52.51.129.53
 United States
52.222.167.216
 United States
104.22.25.87
 United States
91.235.134.131
 Netherlands
37.252.172.249
 European Union
18.185.245.187
 United States
67.199.248.10
 United States
198.148.27.132
 United States
52.222.168.29
 United States
54.36.109.166
 France
34.247.192.223
 United States
145.239.193.145
 France
185.29.135.233
 United Kingdom
67.202.110.23
 United States
91.228.74.214
 United Kingdom
172.217.16.130
 United States
151.139.241.23
 United States
63.32.126.145
 United States
185.86.137.43
 France
185.33.220.242
 Netherlands
52.28.175.104
 United States
173.194.76.154
 United States
104.16.92.60
 United States
54.154.151.160
 United States
52.222.167.41
 United States
91.235.133.151
 Netherlands
51.89.9.251
 France
185.64.190.80
 United Kingdom
99.80.97.22
 United States
54.38.64.100
 France
18.185.173.123
 United States
45.60.87.208
 United States
185.86.137.110
 France
91.228.74.152
 United Kingdom
35.156.118.152
 United States
172.217.18.6
 United States
178.250.0.165
 France
116.202.128.61
 Germany
145.239.192.166
 France
216.58.206.2
 United States
91.235.132.130
 Netherlands
52.19.114.209
 United States

Domains

Name IP Detection
mikzc.info
 107.180.3.110
pool.grid-data.bidswitch.net
 0.0.0.0
tag.contextweb.com
 0.0.0.0
Click to see the 92 hidden entries
sync.mathtag.com
 0.0.0.0
js-sec.indexww.com
 0.0.0.0
smetrics.bmo.com
 0.0.0.0
sync.tidaltv.com
 0.0.0.0
c1.adform.net
 0.0.0.0
a.teads.tv
 0.0.0.0
www.cibc.mobi
 0.0.0.0
bmofinancial.demdex.net
 0.0.0.0
match.adsrvr.org
 0.0.0.0
ced-ns.sascdn.com
 0.0.0.0
sync.smartadserver.com
 0.0.0.0
www.interac.ca
 0.0.0.0
ice.360yield.com
 0.0.0.0
cm.g.doubleclick.net
 0.0.0.0
content.etransfer.interac.ca
 0.0.0.0
token.rubiconproject.com
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
rules.quantcount.com
 0.0.0.0
fastlane.rubiconproject.com
 0.0.0.0
cm.everesttech.net
 0.0.0.0
csp.fastclick.net
 0.0.0.0
r.turn.com
 0.0.0.0
fls.doubleclick.net
 0.0.0.0
ib.adnxs.com
 0.0.0.0
adb2waycm-atl.netmng.com
 0.0.0.0
p.cpx.to
 0.0.0.0
4168148.fls.doubleclick.net
 0.0.0.0
dp2.33across.com
 0.0.0.0
su.addthis.com
 0.0.0.0
pixel.quantserve.com
 0.0.0.0
secure.quantserve.com
 0.0.0.0
ww1097.smartadserver.com
 0.0.0.0
www13.bmo.com
 0.0.0.0
id5-sync.com
 0.0.0.0
bidder.criteo.com
 0.0.0.0
as-sec.casalemedia.com
 0.0.0.0
hello.myfonts.net
 0.0.0.0
aa.agkn.com
 0.0.0.0
dpm.demdex.net
 0.0.0.0
image2.pubmatic.com
 0.0.0.0
gum.criteo.com
 0.0.0.0
ads.themoneytizer.com
 0.0.0.0
www.bmo.com
 0.0.0.0
www1.bmo.com
 0.0.0.0
tag.leadplace.fr
 0.0.0.0
script.4dex.io
 172.64.192.7
elb-aws-fr-grid-data-1356096618.eu-central-1.elb.amazonaws.com
 18.185.173.123
sinkhole.netmng.com
 127.0.0.1
match-1943069928.eu-west-1.elb.amazonaws.com
 52.19.114.209
d2zur9cc2gf1tx.cloudfront.net
 52.222.168.29
c.tmyzer.com
 54.38.64.100
pixel.33across.com
 67.202.110.23
pagead.l.doubleclick.net
 172.217.16.130
mwzeom.zeotap.com
 104.22.25.87
rtb-csync-eqx.smartadserver.com
 185.86.137.110
dmp.truoptik.com
 104.16.92.60
cs977204322.wpc.edgecastcdn.net
 152.199.21.2
bmo.com.ssl.d1.sc.omtrdc.net
 15.188.105.205
ads-lfi3olnec7fr.stackpathdns.com
 151.139.241.23
euirlzdiprd-external-915864222.eu-west-1.elb.amazonaws.com
 52.51.129.53
spl.zeotap.com
 104.22.25.87
g.themoneytizer.net
 145.239.193.145
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
 34.247.192.223
global.px.quantserve.com
 91.228.74.152
urlz.fr
 104.31.11.178
pug-lhr.pubmatic.com
 185.64.190.80
d2fashanjl7d9f.cloudfront.net
 52.222.167.41
dart.l.doubleclick.net
 172.217.18.6
3lwavgd.x.incapdns.net
 45.60.87.208
bit.ly
 67.199.248.10
pixel-origin.mathtag.com
 185.29.135.233
pm.w55c.net
 0.0.0.0
ip-fo-ovh.infra.leadplace.fr
 145.239.192.166
h.online-metrix.net
 91.235.132.130
ib.anycast.adnxs.com
 37.252.172.249
bankofmontreal.tt.omtrdc.net
 99.80.97.22
gum.am5.vip.prod.criteo.com
 178.250.2.146
aa-agkn-com-https-2145740884.eu-central-1.elb.amazonaws.com
 52.28.175.104
shb.richaudience.com
 116.202.128.61
h-interacetransfer.online-metrix.net
 91.235.133.151
onetag-sys.com
 51.89.9.251
secure.adnxs.com
 0.0.0.0
s.cpx.to
 63.32.126.145
dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com
 35.156.118.152
eqx.smartadserver.com
 185.86.137.43
bzmgl3t1gwkef32n5pwwgdco4t34zm74k3d34yof27e8fc21f66e2d81am1.e.aa.online-metrix.net
 91.235.134.131
d38h9tm5yys4ws.cloudfront.net
 52.222.167.216
stats.l.doubleclick.net
 173.194.76.154
pagead46.l.doubleclick.net
 216.58.206.2
bidder.par.vip.prod.criteo.com
 178.250.0.165
lga-tag-bgp.contextweb.com
 198.148.27.132
eu2-ice.360yield.com
 18.185.245.187

URLs

Name Detection
http://mikzc.info/filesdej/g00-entete-filet-logos.png
http://mikzc.info/images/gatewayInitJS.js
http://mikzc.info/filesdej/login-contenu.min.js
Click to see the 97 hidden entries
http://mikzc.infoistener-header-drawerMenu-openAccountPs-openAccountPsLinkRoot
http://mikzc.info/images/GTIe8CSS.css
http://mikzc.info/files/event_002.js
http://mikzc.info/uos/common/javascript/dom/event.js
http://mikzc.info/images/searchCSS.css
http://mikzc.info/filesdej/a00-entete-ic-texte-plus-blanc-on.png
http://mikzc.info/files/tooltipPeak.png
http://mikzc.info/desjardinsin.phpTRBC
http://mikzc.info/files/event_003.js
http://mikzc.info/filesdej/owl.carousel.min.css
http://mikzc.info/files/v.png
http://mikzc.info/files/utilities.js
http://mikzc.info/images/retrieveLogo15.svg
http://mikzc.info/filesdej/a00-formulaire-icone-aide.gif
http://mikzc.info/files/common.js
http://mikzc.info/onlinebanking/includes/fr/common.js
http://mikzc.info/files/ibsignin.css
http://mikzc.info/bmo/trusteer_badge.png
http://mikzc.info/bmo/security_icon.png
http://mikzc.info/files/kiosk.js
http://mikzc.info/filesdej/info-poste-client.min.js
http://mikzc.info/cibc.html6CIBC
http://mikzc.info/img/liens-action.png
http://mikzc.info/CIBC%20Mobile%20Banking%20Sign%20On_files/global-brand.css
http://mikzc.info/onlinebanking/onlinebanking/common/css/bmo-one.css
http://mikzc.info/files/webtrends.js
https://www.interac.ca/en/about/our-people/leadership-team/
https://www13.bmo.com/onlinebanking/onlinebanking/fr/css/registration/registration.css
https://www.interac.ca/en/business/our-solutions/interac-e-transfer/
https://www.bmo.com/olb/dp-customer-offers/signin/interstitial/fr/index.html
http://www.rbcroyalbank.com/products/deposits/customer-service.html
https://pre.ads.justpremium.com/v/2.0/t/xhr?i=
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventT
https://www1.royalbank.com/uos/common//images/contentframework/icon-collapse.gif
https://www.interac.ca/en/business/how-it-works/benefits/
https://github.com/jrburke/requirejs/blob/master/text.js
https://www1.royalbank.com/uos/common/images/callouts/corners-gradient-yellow-bg.gif)
https://www13.bmo.com/onlinebanking/onlinebanking/fr/images/favicon.ico~
https://github.com/bestiejs/lodash/blob/master/LICENSE.txt
https://www.interac.ca/en/about/our-people/
http://cibc.com/
https://www1.royalbank.com/uos/common/notices/img/attention-white-medium.png);
http://www.dynamicdrive.com)
https://www1.royalbank.com/uos/common/images/tools/textresize-normal.gif);background-position:bottom
http://ads.themoneytizer.com/s/gen.js?type=28
http://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
https://www1.royalbank.com/uos/common/images/navigation/mainnav/level1-bg-1px.gif)
http://tag.leadplace.fr/wckr.php?nogdpr&id=MTIZ
https://www1.royalbank.com/uos/3m/cssfonts/rbc-icons.svg?dszisc#rbc-icons
https://ads.themoneytizer.com/moneyvisibility.js
https://www.interac.ca/xmlrpc.php?rsd
https://www.interac.ca/en/consumers/security/interac-e-transfer/authentication-transaction-encryptio
http://www.rbcroyalbank.com/Onlιne/index.html
http://www.rbcroyalbank.com/products/deposits/lost-stolen-card.html
http://www.twitter.com/
https://www1.royalbank.com/uos/common/notices/img/confirm.svg);
https://fontawesome.comhttps://fontawesome.comFont
http://www.reddit.com/
https://www.interac.ca/en/business/our-solutions/interac-cash/
https://ads.themoneytizer.com/moneybile.js
http://www.bmo.com/accueil/popups/global/sadc
http://getbootstrap.com)
https://www.rbcroyalbank.com/onlinebanking/bankingusertips/notices/Maint_Weekly.html
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=m
http://github.com/jrburke/requirejs
https://content.etransfer.interac.ca/fp/HP?session_id=37c29c17-000c-46ab-bf19-ee8a83400ecb&org_id=bz
https://www.interac.ca/wp-content/themes/interac-corp/resources/assets/scripts/jquery-3.4.1.min.js?v
https://4168148.fls.doubleclick.net/activityi;src=4168148;type=e-tra0;cat=2018e000;ord=1;num=9069351
https://www.interac.ca/en/#website
https://www.interac.ca/en/Root
https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=
https://content.etransfer.interac.ca/tags?org_id=bzmgl3t1&session_id=37c29c17-000c-46ab-bf19-ee8a834
https://www1.royalbank.com/uos/common/images/layout/bullet-chevron.gif)
https://help.interac.ca/ca/oon/en/contactUs/
https://www.interac.ca/en/business/our-solutions/
https://www1.royalbank.com/uos/common/notices/img/arrow/white
http://requirejs.org/docs/errors.html#
https://www1.royalbank.com/uos/common/images/icons/favicon.ico
https://www.interac.ca/en/business/safety-and-security/
https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType
http://www.icra.org/pics/vocabularyv03/
https://www.interac.ca/en/privacy-policy/
http://www.rbc.com/privacysecurity/ca/contact-us.html
https://id5-sync.com/g/v1/
https://bmofinancial.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.bmo.com%2Folb%2Fdp-customer-of
http://www.rbcroyalbank.com/Onlιne/rbcguarantee.html
https://www.interac.ca/en/consumers/security/interac-debit/transaction-limits/
https://www.interac.ca/en/business/support/business-faqs/
https://www1.royalbank.com/uos/common/notices/img/arrow/green
http://stage.interac.ca/wp-content/uploads/2019/11/bitmap
http://www.rbcroyalbank.com/Credιt-cards/index.html?primetopnavclick=true
https://www.cibc.mobi/ebm-mobile-pno/bank-accounts
https://bmo.intelliresponse.com/olb_fr/index.jsp
https://www.interac.ca/wp-content/plugins/wpml-translation-management/res/css/admin-bar-style.css?ve
https://newsroom.interac.ca/
https://ads.themoneytizer.com/cs2/dist/bundle.js
http://schema.org/SiteNavigationElement

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ico_iHover[1].png
 PNG image data, 18 x 18, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\moneyvisibility[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\moneybile[1].js
 ASCII text, with very long lines
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\modernizr[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\loading[1].gif
 GIF image data, version 89a, 315 x 316
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lme[1].js
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\light-dotted-divider[1].png
 PNG image data, 6 x 3, 8-bit gray+alpha, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\keypress[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\json[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\js[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.min[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-1.12.4.min-ver-4F252523D4AF0B478C810C2547A63E19[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\info-poste-client.min[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mw[1].png
 PNG image data, 1 x 1, 1-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\header_dates[1].js
 ISO-8859 text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hdr_signin_online_banking[1].gif
 GIF image data, version 89a, 492 x 23
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gtm[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\global[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\global.min[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gatewayInitJS[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\fwd-bootstrap.min[1].js
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\footer-logo-en[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\entete[1].css
 ISO-8859 text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\entete-btn-menu-app[1].png
 PNG image data, 54 x 64, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ebanking-mobile-ver-99E2A281F5DCE0DCA5A64B667AC8755D[1].js
 ASCII text, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tour-icon[1].png
 PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\accordion-section.hbs[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\a00-entete-logo-desjardins[1].png
 PNG image data, 154 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\a00-entete-logo-desjardins[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 154x32, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\WhitneyMedium[1].woff
 Web Open Font Format, CFF, length 14390, version 1.0
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\Security-Gurantee-icon[1].png
 PNG image data, 49 x 48, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\QueryString[1].js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\GettyImages-641728098[1].jpg
 JPEG image data, baseline, precision 8, 2400x1600, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ARF;CIS3SID=E65EECB8F3DC6A057F48EF443B150236[1].js
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\ARF;CIS3SID=5D56515F3428250C922CBEE530892232[1].js
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\webutil[1].js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\vendorJS[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\v[1].png
 PNG image data, 9 x 6, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\drawer-menu-open[1].png
 PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\tandc.hbs[1].js
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\style.min[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\section-title.hbs[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\satelliteLib-857aa8eb222706dbd6408ffe96a64012889ea852[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\retrieveLogo11[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\retrieveLogo10[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\rbc[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\quant[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\promoTile-en[1].json
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\prebid[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\open-account-active[1].png
 PNG image data, 49 x 49, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\186329-261067657875242[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\004_GettyImages-969410806-e1573237212859-4[1].jpg
 JPEG image data, baseline, precision 8, 1818x1332, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\004_GettyImages-969410806-2-1[1].png
 PNG image data, 1818 x 1332, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNSD.XML
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
 exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
 exported SGML document, UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\36nquTW[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BC516C8-9D92-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0532AC75-9D92-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0532AC73-9D92-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\urlz[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\mikzc[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\C16CYV4I\www.cibc[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\content.etransfer.interac[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\a00-filet-titre[1].png
 PNG image data, 1140 x 8, 8-bit/color RGBA, interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\drawer-bg-cibc[1].png
 PNG image data, 425 x 283, 8-bit/color RGBA, interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\desjardinsin[1].htm
 HTML document, ISO-8859 text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cookie[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\common[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\collect[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bmo.print.base[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bmo.dojoTheme[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bmo.base[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\al-front[1].css
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\admin-bar-style[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\a[1].js
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\www.bmo[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\a00-entete-ic-texte-plus-blanc-on[1].png
 PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\_btadlib[1].js
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Winter_Retirement_Designer_A_540x120[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 540x120, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Text[1].js
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Sign-On-icon[1].png
 PNG image data, 49 x 49, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KNUF0FEC.htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\EZB1G3AF.htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Default_540x120[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 540x120, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\CZ9KAD84.htm
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Browse-Products-icon[1].png
 PNG image data, 49 x 48, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\71ff16adf2190b06a77587625a166[1].js
 ASCII text, with very long lines, with no line terminators
 #