Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

http://data.danetsoft.com/webmail.gov.nl.ca

Status: finished
Submission Time: 2020-08-12 13:28:25 +02:00
Malicious

Comments

Tags

Details

  • Analysis ID:
    262847
  • API (Web) ID:
    422294
  • Analysis Started:
    2020-08-12 13:29:05 +02:00
  • Analysis Finished:
    2020-08-12 13:37:41 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 48
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
178.250.2.151
 France
62.144.160.15
 Germany
151.101.14.208
 United States
Click to see the 16 hidden entries
185.60.216.19
 Ireland
172.217.168.34
 United States
151.101.1.44
 United States
172.217.168.2
 United States
172.217.168.70
 United States
13.224.89.204
 United States
216.58.215.226
 United States
178.250.0.130
 France
104.18.11.39
 United States
37.252.173.38
 European Union
31.13.86.36
 Ireland
13.224.95.44
 United States
104.28.30.99
 United States
52.6.123.172
 United States
93.158.134.119
 Russian Federation
195.141.173.221
 Switzerland

Domains

Name IP Detection
adservice.google.ch
 0.0.0.0
www.google.ch
 172.217.168.3
ib.anycast.adnxs.com
 37.252.173.38
Click to see the 32 hidden entries
lebara.ch
 195.141.173.221
9772745.fls.doubleclick.net
 0.0.0.0
www.facebook.com
 0.0.0.0
www.googletagservices.com
 0.0.0.0
cacerts.thawte.com
 0.0.0.0
sunrise-lebara.cdn.prismic.io
 0.0.0.0
dualstack.com.imgix.map.fastly.net
 151.101.14.208
trc.taboola.com
 0.0.0.0
secure.adnxs.com
 0.0.0.0
connect.facebook.net
 0.0.0.0
sslwidget.criteo.com
 0.0.0.0
googleads.g.doubleclick.net
 0.0.0.0
cdn.taboola.com
 0.0.0.0
images.prismic.io
 0.0.0.0
static.criteo.net
 0.0.0.0
ssl.hurra.com
 62.144.160.15
static.par.vip.prod.criteo.net
 178.250.0.130
pagead46.l.doubleclick.net
 172.217.168.66
mc.yandex.ru
 93.158.134.119
dart.l.doubleclick.net
 172.217.168.70
tls13.taboola.map.fastly.net
 151.101.1.44
d3pettoeguc9mf.cloudfront.net
 13.224.89.204
cdn.digicertcdn.com
 104.18.11.39
data.danetsoft.com
 52.6.123.172
star-mini.c10r.facebook.com
 31.13.86.36
d119wgbtegajwl.cloudfront.net
 13.224.95.44
widget.am5.vip.prod.criteo.com
 178.250.2.151
partnerad.l.doubleclick.net
 172.217.168.34
scontent.xx.fbcdn.net
 185.60.216.19
asf-ris-prod-neurope.northeurope.cloudapp.azure.com
 168.63.67.155
pagead.l.doubleclick.net
 216.58.215.226
www.danetsoft.com
 104.28.30.99

URLs

Name Detection
http://data.danetsoft.com/views.php?id=6655&r=49913
http://data.danetsoft.com/cogitosolutions.com
http://data.danetsoft.com/seozoic.com
Click to see the 97 hidden entries
https://mc.admetrica.ru/sync_cookie_image_check
http://data.danetsoft.com/env.gov.nl.caxWelcome
http://data.f
http://data.danetsoft.com/views.php?id=6655&r=52637
https://www.ejpd.admin.ch/ejpd/de/home/aktuell/meldungen/2017/vuepf-faq.html
http://d3pettoeguc9mf.cloudfront.net/pic/412x227/p/palteinsurance.com.png
https://www.danetsoft.com/themes/danetsoft/js/jquery.js
https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
http://bxslider.com
http://googleads.g.doubleclick.net
http://d3pettoeguc9mf.cloudfront.net/pic/412x227/m/mylittlevanities.wordpress.com.png
https://github.com/twbs/bootstrap/blob/master/LICENSE)
https://github.com/ded/bonzo
http://d3pettoeguc9mf.cloudfront.net/pic/412x227/h/halfbackcompliance.com.png
https://www.danetsoft.com/themes/danetsoft/js/classie.js
http://data.danetsoft.com/rnc.gov.nl.ca
https://www.danetsoft.com/about
https://www.danetsoft.com/favicon.ico~
http://mc.yandex.ru/metrika/watch.js
http://data.danetsoft.com/ajax/danetsoft/whois/webmail.gov.nl.ca?h=THFYdVRvVkhBaHN2dWt5Vm9kY2tSV1NnTi9hQlI1eC9XcnMwZGxNU3RSRT06OrEanmg%2BihMFxJvP3bKVmc0%3D
http://www.macromedia.com/go/getflashplayer
http://d3pettoeguc9mf.cloudfront.net/pic/620x343/w/webmail.gov.nl.ca.png
http://data.danetsoft.com/views.php?id=5982&r=87273
http://data.danetsoft.com/depts.washington.edu
http://www.danetsoft.com/favicon.ico
http://data.danetsoft.com/bengali-pitt.org
https://www.sunrise.ch/content/dam/sunrise/residential/hilfe/agbs/Special_provisions_for_internet_la
https://googleads.g.doubleclick.net/pagead/adview?ai
http://stevenwanderski.com
https://www.danetsoft.com/contact
https://images.prismic.io/sunrise-lebara/09a28233-56ed-4041-a629-293d8f3d0764_nokia_6.1_black_0.jpg?
http://data.danetsoft.com/env.gov.nl.ca/
http://data.danetsoft.com/rnc.gov.nl.ca/careers%252Fsalary.html
https://adclick.g.doubleclick.net/aclk?sa=l&ai=CCnZI8dIzX5-6KNTw3wOy64fIB6bbhb9e28LyzfML9c2W0UIQ
http://data.danetsoft.com/ofc.ca
https://googleads.g.doubleclick.net/pagead/html/r20200805/r20190131/zrt_lookup.html
http://data.danetsoft.com/lesvefurinn.hi.is
https://www.danetsoft.com/aboutliotdisplay&utm_mediu
http://data.danetsoft.com/views.php?id=5499&r=66256
http://www.twitter.com/
http://data.danetsoft.com/larsen-sant.lili.org
http://www.amazon.com/
http://d3pettoeguc9mf.cloudfront.net/pic/412x227/e/env.gov.nl.ca.png
http://www.danetsoft.com/about
https://yastatic.net/q/global-notifications/cc/_lego-cc
https://www.danetsoft.com/aboutliotdisplay&utm_medium=display&utm_campaign=mobile&utm_content=euplus
http://data.danetsoft.com/fundacionfedna.org
https://www.danetsoft.com/themes/danetsoft/js/agency.js
https://www.danetsoft.com/portfoliotdisplay&utm_mediu
http://data.danetsoft.com/webmail.gov.nl.ca/z
http://data.danetsoft.com/views.php?id=5893&r=72858
https://www.danetsoft.com/2015/08/comment-fragment-tiny-module-for-seo-and-performance
http://data.danetsoft.com/src/fonts/fontawesome-webfont.eot?
http://data.danetsoft.com/ajax/proxyAdsHits?domain=rnc.gov.nl.ca&is_ads_hidden=0&viewport_height=906&ads_top_coord=1102.1300048828125&device=1
http://www.opensource.org/licenses/mit-license.php
https://www.danetsoft.com/2016/01/danland-7x-has-been-ported-to-drupal-8
http://data.danetsoft.com/dgfm-ev.de
http://data.danetsoft.com/ajax/danetsoft/whois/env.gov.nl.ca?h=ZmlQeTFqaDRUU3ZscHFRUElmalBiNGpWOS9hUHR2VzBVbjBwN2dYOTNQMD06Oqa2EallglHapkKdrHCx6OQ%3D
http://schema.org/Article
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5950914822071007&output=html&adk=181227
http://getbootstrap.com)
http://data.danetsoft.com/webmail.gov.nl.ca/zGovernment
http://data.danetsoft.com/src/img/adult-stub.png
https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
http://data.danetsoft.com/src/pic/main-banner.jpg
https://www.danetsoft.com/blog
http://data.danetsoft.com/sam.nrel.gov
http://data.danetsoft.com/src/js/functions.js
http://data.danetsoft.com/htmly.com
http://data.danetsoft.com/src/pic/banner-domain.jpg
http://data.danetsoft.com/praktiki.upatras.gr
http://data.danetsoft.com/views.php?id=5499&r=12825
http://data.danetsoft.com/innge.net
http://commercialtype.comhttp://www.moderntypography.comNot
https://images.prismic.io/sunrise-lebara/dde21273-cbfe-4460-b80e-fd967571c446_YOL_covid_landingpage_
http://d3pettoeguc9mf.cloudfront.net/pic/412x227/w/webmail.gov.nl.ca.png
http://127.0.0.1
https://html5shiv.googlecode.com/svn/trunk/html5.js
https://www.danetsoft.com/servicesRoot
http://data.danetsoft.com/ajax/proxyHits?d=webmail.gov.nl.ca&dv=1&fg=0&r=32555
https://images.prismic.io/sunrise-lebara/1c1be6c4-6962-4a54-bf95-f17834c1f600_YMK-1571_Lebara_Prismi
http://data.danetsoft.com/webmail.gov.nl.ca
http://data.danetsoft.com/contact-usisplay&utm_medium=display&utm_campaign=mobile&utm_content=euplus
http://data.danetsoft.com/src/js/jquery-2.1.4.min.js
http://data.danetsoft.com/src/css/font-awesome.min.css
http://cacerts.thawte.com/ThawteRSACA2018.crt
http://data.danetsoft.com/englishfirst.org
https://www.danetsoft.com/themes/danetsoft/img/portfolio/Danland-preview.jpg);background-repeat:no-r
https://www.google.ch/pagead/1p-user-list/9772745/?random
http://www.reddit.com/
http://commercialtype.com/licenseChiswick
http://data.danetsoft.com/webmail.gov.nl.ca#populariu
http://data.danetsoft.com/views.php?id=5893&r=48732
https://stats.g.doubleclick.net/j/collect
https://lebara.ch/en?utm_source=smartdisplay
https://www.danetsoft.com/blogliotdisplay&utm_mediu
http://data.danetsoft.com/rnc.gov.nl.casafebrowsing/diagnostic?site=webmail.gov.nl.ca

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\font-awesome.min[1].css
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\proxyAdsHits[1].json
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\o-0OIpQlx3QUlC5A4PNr4ARCQ_8[1].woff
 Web Open Font Format, TrueType, length 19044, version 1.1
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\o-0NIpQlx3QUlC5A4PNjXhFVZNyH[1].woff
 Web Open Font Format, TrueType, length 20036, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\o-0IIpQlx3QUlC5A4PNr5TRG[1].woff
 Web Open Font Format, TrueType, length 19916, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\metrikaScript[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\mastertech.xyz[1].png
 PNG image data, 412 x 227, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\landing[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\json[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\hiring.gov.nl.ca[1].png
 PNG image data, 412 x 227, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\health.gov.nl.ca[1].png
 PNG image data, 412 x 227, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\fontawesome-webfont[2].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\fontawesome-webfont[1].eot
 Embedded OpenType (EOT), FontAwesome family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\search[1].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\fbevents[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[1].ico
 MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon-32x32[1].png
 PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\f[3].txt
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\f[2].txt
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\f[1].txt
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\errorPageStrings[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\en_utm_source=smartdisplay&utm_medium=display&utm_campaign=mobile&utm_content=euplus39&utm_term=en&gclid=_[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\downsize_200k_v1[2].png
 PNG image data, 300 x 300, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\downsize_200k_v1[1].png
 PNG image data, 399 x 209, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\default-favicon[1].ico
 MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\webmail.gov.nl[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bombardier[1].jpg
 [TIFF image data, little-endian, direntries=1, copyright=\302\251 2014 Bloomberg Finance LP.], baseline, precision 8, 400x289, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\banner-domain[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1340x120, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\arrow-right[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\adult-stub[1].png
 PNG image data, 412 x 226, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\ads[3].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\ads[2].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\ads[1].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\activeview[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\NewErrorPageTemplate[1]
 UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Danland[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x289, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff
 Web Open Font Format, TrueType, length 26464, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\widgets[1].js
 ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[6].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\watch[1].js
 UTF-8 Unicode (with BOM) text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\w.alltopics.com[1].png
 PNG image data, 412 x 227, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\views[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\tr[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\sunrise-lebara_491e3b0f-2cf9-4c7d-a645-d40b1d07a8a9_istock-956411182[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 550x350, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\servicenl.gov.nl.ca[1].png
 PNG image data, 412 x 227, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\search[6].json
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\search[5].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\search[4].json
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\search[3].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\search[2].json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\9eb08b54-2244-44b7-af59-9d21e4c57496_YMK-1562_Lebara_Bildmaterial_phoning_man_2[1].jpg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1600x840, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\9772745[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\87LR3SKV.htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff
 Web Open Font Format, TrueType, length 26228, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\2434447156806299[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\20150805122632-hashtag[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 399x400, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\20150804140303-htmly[1].jpg
 [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rl[1].woff
 Web Open Font Format, TrueType, length 23020, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9ECFE68B-DCDA-11EA-90E0-ECF4BB2D2496}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94BFD120-DCDA-11EA-90E0-ECF4BB2D2496}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94BFD11E-DCDA-11EA-90E0-ECF4BB2D2496}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\JK7I7TUC\data.danetsoft[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\BWF3GVYG\lebara[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A4D93321211DF6EB063AE7C571FBD27
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ads[3].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[5].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[4].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[3].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[2].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\css[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\contact-us[1].htm
 HTML document, UTF-8 Unicode text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\booking.thetotsquad.com[1].png
 PNG image data, 412 x 227, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\blog[1].htm
 HTML document, ASCII text, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\blog[1]
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\analytics[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\agency[1].css
 assembler source, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ads[4].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A4D93321211DF6EB063AE7C571FBD27
 data
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ads[2].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ads[1].htm
 HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\activeview[1].gif
 GIF image data, version 89a, 1 x 1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\about[1].htm
 HTML document, ASCII text, with very long lines, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\N8S5VHXV.htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\KFOmCnqEu92Fr1Mu4mxM[1].woff
 Web Open Font Format, TrueType, length 20268, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ChiswickGrotesqueLebara-Regular-Web[1].eot
 Embedded OpenType (EOT), Chiswick Grot Lebara Web RG family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ChiswickGrotesqueLebara-Light-Web[1].eot
 Embedded OpenType (EOT), Chiswick Grot Lebara Web LT family
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojIWmb2Rl[1].woff
 Web Open Font Format, TrueType, length 22512, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISmb2Rl[1].woff
 Web Open Font Format, TrueType, length 22932, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4Omb2Rl[1].woff
 Web Open Font Format, TrueType, length 23028, version 1.1
 #