Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://aroeleven.com.br

Status: finished
Submission Time: 2020-05-25 05:25:22 +02:00
Suspicious
Evader

Comments

Tags

Details

  • Analysis ID:
    232708
  • API (Web) ID:
    361658
  • Analysis Started:
    2020-05-25 05:25:22 +02:00
  • Analysis Finished:
    2020-05-25 05:31:50 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
suspicious
Score: 21
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
192.163.198.161
 United States
104.31.65.84
 United States
147.75.84.31
 Switzerland
Click to see the 10 hidden entries
31.13.92.14
 Ireland
31.13.92.36
 Ireland
31.13.92.52
 Ireland
172.217.16.162
 United States
54.171.1.253
 United States
172.217.21.214
 United States
147.75.32.125
 Switzerland
172.217.23.166
 United States
216.58.212.161
 United States
104.16.132.229
 United States

Domains

Name IP Detection
www.aroeleven.com.br
 0.0.0.0
aroeleven.com.br
 192.163.198.161
www.facebook.com
 0.0.0.0
Click to see the 21 hidden entries
www.youtube.com
 0.0.0.0
static.hotjar.com
 0.0.0.0
googleads.g.doubleclick.net
 0.0.0.0
script.hotjar.com
 0.0.0.0
static.xx.fbcdn.net
 0.0.0.0
vars.hotjar.com
 0.0.0.0
connect.facebook.net
 0.0.0.0
maxcdn.bootstrapcdn.com
 0.0.0.0
api.whatsapp.com
 0.0.0.0
moreno.ind.br
 0.0.0.0
star-mini.c10r.facebook.com
 31.13.92.36
www.caldema.com.br
 0.0.0.0
scontent-frt3-1.xx.fbcdn.net
 31.13.92.14
partners.etus.com.br
 104.31.65.84
89ca855a075f1d47c0a490ec8aa47d0c-100.s.section.io
 147.75.84.31
in.hotjar.com
 54.171.1.253
cdnjs.cloudflare.com
 104.16.132.229
caldema.com.br
 192.163.198.161
scontent.xx.fbcdn.net
 31.13.92.14
pagead46.l.doubleclick.net
 172.217.16.162
mmx-ds.cdn.whatsapp.net
 31.13.92.52

URLs

Name Detection
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=zh_cn
https://www.whatsapp.com/download
https://www.aroeleven.com.br/images/clients/dmb.png
Click to see the 97 hidden entries
https://www.aroeleven.com.br/404
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=lt
http://www.caldema.com.br/fornecimentos.php
http://www.youtube.com/watch?v=B8UKIZfVbxI
http://gambit.ph
https://www.whatsapp.com/stories/
https://www.hotjarconsent.com/el.html
http://www.ctrltech.com.br/
http://html5shiv.googlecode.com/svn/trunk/html5.js
https://www.hotjarconsent.com/
http://www.dlg.com.br
https://www.interlinkpro.com
http://www.opensource.org/licenses/mit-license.php)
http://www.ingersollrand.com.br
https://static.zdassets.com/ekr/asset_composer.js?key=
http://www.pibcopa.org.br
http://www.alexanderdickson.com/
https://partners.etus.com.br/img_layout/etuspartners_silver.png
https://api.whatseven.com.br/&
https://perxis.comhttps://perxis.comhttps://linearicons.com/free/licensehttps://linearicons.com/free
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=lv
https://html5shiv.googlecode.com/svn/trunk/html5.js
http://www.profibus.org.br
http://www.amazon.com/
http://www.pagescroller.com
https://www.aroeleven.com.br/
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=fil
http://daneden.github.io/animate.css/)
https://www.aroeleven.com.br/ndexhone=5516981227468F
http://www.vsengenharia.com.br
https://www.aroeleven.com.br/&
http://github.com/mambows/mobilemenu
https://api.whatscom.br/en/Root
https://www.hotjarconsent.com/fi.html
https://web.whatsapp.com/send?l=pt&phone=5516981227468
https://github.com/imakewebthings/waypoints/blog/master/licenses.txt
https://www.hotjar.com
http://www.gnu.org/copyleft/gpl.html
https://www.hotjarconsent.com/zh.html
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=zh_tw
https://www.aroeleven.com.br/en/hone=5516981227468F
http://www.lojatuttibebe.com.br
https://www.aroeleven.com.br/images/clients/venturatelecom.png
https://www.whatsappbrand.com/
http://www.fortechequipamentos.com.br/
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://www.3axtelecom.com.br
http://daringfireball.net/2010/07/improved_regex_for_matching_urls
http://www.westlockcontrols.com/
http://www.caldema.com.br/produtos/componentes/freio-eletrohidraulico
https://admin.youtube.com
http://www.jw.ind.br
http://www.opensource.org/licenses/mit-license.php
https://static.xx.fbcdn.net/rsrc.php/v3/yH/l/0
http://www.viralcool.com.br
https://embed.tawk.to/55c9d95a9f1e65a72059f13f/default
http://www.caldema.com.br/produtos/componentes
http://www.caldema.com.br/produtos/geradores-de-vapor-caldeiras
https://web.whatsapp.com/
http://creativecommons.org/licenses/by/3.0/
https://www.aroeleven.com.br/#faleconosco
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=pt_pt
http://www.fosten.com.br/
http://www.caldema.com.br/produtos/componentes/caldema-sand-collector
https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=ko
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=kn
http://www.pagescroller.com/tos/)
https://www.hotjarconsent.com/sv.html
https://gist.github.com/6f6000a1269eaf5b9fa8
https://static.xx.fbcdn.net/rsrc.php/v3iwgU4/yP/l/pt_BR/BbK6iI_fbbR.js?_nc_x=Ij3Wp8lg5Kz
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=kk
http://kyruus.com
http://www.trevisan.edu.br
http://fortawesome.github.com/Font-Awesome
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=ms
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=mr
https://www.hotjarconsent.com/fr.html
http://search.twitter.com/operators)
https://www.hotjarconsent.com/pl.html
https://www.youtube.com/generate_204?cpn=
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=mk
https://api.whatsRoot
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=ml
http://www.smar.com.br/
https://www.whatsapp.com/business/
https://www.aroeleven.com.br/Root
http://www.reddit.com/
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=ja
http://www.zhongyicts.com.cn
https://aroeleven.com.br/images/clients/profibus.png
https://www.aroeleven.com.br/8ARO
https://api.whatsapp.com/send?l=pt&phone=5516981227468&lang=it
https://stats.g.doubleclick.net/j/collect
http://getbootstrap.com)
https://www.linkedin.com/company/1167502?trk=tyah&trkInfo=tarId%3A1410737262161%2Ctas%3Aaro%20eleven
http://aroeleven.com.br/

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\font-awesome.min[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.themepunch.revolution.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.sidr.min[1].js
 ASCII text, with very long lines
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.magnific-popup.min[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.jplayer.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\isotope.min[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ingersoll[1].png
 PNG image data, 150 x 85, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\index[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\httpErrorPagesScripts[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\googleapis.proxy[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\google[1].png
 PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gestor-de-leads[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x300, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\font-awesome[1].css
 UTF-8 Unicode text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\like_box[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\flag_es[1].gif
 GIF image data, version 89a, 29 x 20
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\flag_en[2].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x36, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\flag_en[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x36, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\flag[1].png
 PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\fbevents[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon-32x32[1].png
 PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\etus_logo[1].png
 PNG image data, 133 x 44, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\en[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\embed[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dnserror[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dmb[2].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\prettyPhoto[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\smar-email[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 550x450, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\slick[1].eot
 Embedded OpenType (EOT), slick family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\slick-theme[1].css
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\simple-line-icons[1].css
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\shad2[2].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\shad2[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\settings[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\renascer[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\proxy[2].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\proxy[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\profibus[2].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\profibus[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dmb[1].png
 PNG image data, 150 x 85, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\postmessageRelay[1].htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\platform[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\pharus-manual[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 600x600, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\pTPrknVR9YY[1].js
 C source, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\owl.carousel[1].css
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\npm[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mockup-viralcool[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 545x400, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mockup-caldema[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 545x400, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mem8YaGs126MiZpBA-UFVZ0d[1].woff
 Web Open Font Format, TrueType, length 18100, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\mem5YaGs126MiZpBA-UNirkOUuhv[1].woff
 Web Open Font Format, TrueType, length 18696, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\logo_aroeleven[1].png
 PNG image data, 120 x 35, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\404[3].htm
 HTML document, UTF-8 Unicode text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\404[2].htm
 HTML document, UTF-8 Unicode text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\404[1].htm
 HTML document, UTF-8 Unicode text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\3m-kGflBch9[1].png
 PNG image data, 21 x 77, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\2[1].png
 PNG image data, 60 x 64, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\1577185062-postmessagerelay[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\-r3j-x8ZnM7[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\-PAXP-deijE[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4JKQuH0Oopd[1].woff
 Web Open Font Format, TrueType, length 91728, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4217E1B-9E82-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAD61370-9E82-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAD6136E-9E82-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.aroeleven.com[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\C16CYV4I\www.youtube[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\vars.hotjar[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\badge_compiled[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dmb[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dlg-small[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x250, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\collect[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cb=gapi[5].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cb=gapi[4].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cb=gapi[3].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cb=gapi[2].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\cb=gapi[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bootstrap[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bootstrap.min[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bootstrap-theme.min[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bframe[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\api.whatsapp[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\authomathika[1].png
 PNG image data, 150 x 85, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\audioplayer[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\api[1].js
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\anchor[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ajax-loader[1].gif
 GIF image data, version 89a, 32 x 32
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\_gCoI-iROin[1].woff
 Web Open Font Format, TrueType, length 86184, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\T8TDE0V6.htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOkCnqEu92Fr1Mu51xIIzQ[1].woff
 Web Open Font Format, TrueType, length 21952, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff
 Web Open Font Format, TrueType, length 22020, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\K8dazIFwW1KlVqgqx5dQIuX5N_hrd7RTD-uGhYAev8E[1].js
 ASCII text, with very long lines, with no line terminators
 #