Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://bpstw.com/?bpstw

Status: finished
Submission Time: 2020-05-16 22:24:03 +02:00
Malicious
Phishing
Phisher

Comments

Tags

Details

  • Analysis ID:
    230833
  • API (Web) ID:
    357984
  • Analysis Started:
    2020-05-16 22:24:03 +02:00
  • Analysis Finished:
    2020-05-16 22:30:04 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 56
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
173.194.76.155
 United States
116.202.114.158
 Germany
172.217.22.66
 United States
Click to see the 11 hidden entries
172.217.18.97
 United States
34.224.234.224
 United States
172.217.18.99
 United States
173.239.5.6
 United States
216.58.212.130
 United States
172.217.16.162
 United States
216.239.32.29
 United States
172.217.23.116
 United States
172.217.18.6
 United States
5.79.68.236
 Netherlands
172.217.18.2
 United States

Domains

Name IP Detection
googlehosted.l.googleusercontent.com
 172.217.18.97
2542116.fls.doubleclick.net
 0.0.0.0
googleads.g.doubleclick.net
 0.0.0.0
Click to see the 16 hidden entries
survey.g.doubleclick.net
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
adservice.google.co.uk
 0.0.0.0
lh3.googleusercontent.com
 0.0.0.0
ogs.google.co.uk
 0.0.0.0
about.google
 216.239.32.29
usa.khurshid-sus.com
 34.224.234.224
pagead46.l.doubleclick.net
 172.217.18.2
eutrx.com
 116.202.114.158
www.google.co.uk
 172.217.18.99
pagead.l.doubleclick.net
 216.58.212.130
stats.l.doubleclick.net
 173.194.76.155
doodle-feed.appspot.com
 172.217.23.116
bpstw.com
 173.239.5.6
api.quotes.com
 5.79.68.236
dart.l.doubleclick.net
 172.217.18.6

URLs

Name Detection
https://about.google/intl/en/products/?tab=whbl#spf=1589693105005
https://lh3.googleusercontent.com/MoYIhqLX07rjcsfhg-fO4RUbg6rc-O4unEE8b-30IFePEhiWuIng-XmV1FOBk3uRhg
https://lh3.googleusercontent.com/XwnlbUFOgnSs7pAZXueSTn-o0IgYrZwAIqFP0FYsdL_MFYch_SPJ7HJL_QBuNgHoua
Click to see the 97 hidden entries
https://lh3.googleusercontent.com/g9bgL-O8I-FpF6EaoeL2a5wK8NmB3oHkfl3IVzdYQQRnv69ar4rh_f3z1Taewvmlmt
https://www.google.co.uk/save
https://lh3.googleusercontent.com/TDgOfBuoASd6_PTEGooW1aRRHq6tIghYg97UWUeeHP7fZVnKx4AjjQ8sJpWb9clvg3
https://t.co/xlAdKEunFf
https://lh3.googleusercontent.com/E4k6yaL1rBQX9f5WggZxQ4Sca6l0DiRIxXvklfhgFYcURu52hvUQKQbXqdX2I2uUoP
https://lh3.googleusercontent.com/YyYaEKZ3ilu6LoMPn3qdN2lmr41cg5mydSJVJMqavw44ArkWJbKwYduSowo9Em8MzF
https://lh3.googleusercontent.com/j72MTKOF_63kUJWGzmYJQcb1M-gUVXNDSQJSm-mLPARg_b_GZmA8vF6PmcZ2LaBhTJ
https://lh3.googleusercontent.com/9KzeLgv6tmRuCgEuCmC_zDFzq0vtx8Dir9n0lRvpC-zs5pFR_NzqCEUc3vS_cGAoqG
http://www.twitter.com/
https://www.blog.google/products/maps/take-control-your-commute-google-maps/
https://lh3.googleusercontent.com/kM_wE3H68SPU_s7ClGAbOFWwY6UN82x0QF1LFEDlKvWVK82KEzX9b-UQfPorWw9iML
https://lh3.googleusercontent.com/zBjKkIUlmqIuZXIUhGoe42QuFKi5Fdqui25RrPciH0c9tf0qmHZqnw0YZY4rjmNHt3
https://lh3.googleusercontent.com/Qx1j5oBpN4KcqXE9U9djCvHciXl-ryq7_KPBAvgUDlxcJUhBZxJBBa2aXWYz_fpShj
https://ogs.google.co.uk/widget/app/so
https://website-dot-cl-syd-eap.appspot.com
https://lh3.googleusercontent.com/gi7X34TTW6Uy2F1aiwO9N5GHmkftlVOmfdvWRKUrK3ASh4LV3cKMn-cIJKMj0AiLwV
https://lh3.googleusercontent.com/JNpQ-rjW769A-k31qYM2-IKIcNFOWEvsokhd4FEugsZ-1k_hY15lYyucPb3ryohUKN
https://lh3.googleusercontent.com/tgO6Ew3YkxrCoGvyNpfAWyPe9q_0Zg2WFM8uW5UKzFl6g0QP2EeVpvuOPwZ6_WLbL0
https://lh3.googleusercontent.com/HUcJ2yilLdMblMI04h5DE1tf_0iCxgOmiu-7mpulXRJTol_vVsnrlQcs4esQq1ygtH
https://lh3.googleusercontent.com/_RS8nTX8HLPW-dDr374dEdQTaYn-7LI8HVVk0INaAmk7t8MYZKDssvGnep-GwPR94L
https://lh3.googleusercontent.com/wbRbWxRbQyojtDDUj_ITsoMZNbSAnroic0AYABmbab8qE-sgODk26wLCYUcJrqW11-
https://lh3.googleusercontent.com/YlU2XyvJTTeszNhdRQ9L71sC3pRzV9tsFfmf_dkKN2Ab9qu65LAJ4Jo4lKP17Etw6W
https://www.google.co.uk/imghp?hl=en&tab=wi&ogbl
https://api-google.conductrics.com
https://www.blogger.com/features
https://www.gmail.com/intl/en_us/mail/help/about.html
https://lh3.googleusercontent.com/ogw/default-user=s32)
https://bpstw.com/?bpstwRoot
https://safety.google/
http://www.nytimes.com/
https://schema.org/WebPage
https://gmail.com
https://twitter.com/google
https://news.google.co.uk/nwshp?hl
https://2542116.fls.doubleclick.net
https://g.co/familylink/schoolaccount
http://api.quotes.com/favicon.ico
https://www.blogger.com/?tab
https://lh3.googleusercontent.com/DQ8lLDfcUJCtsTiDw6PlvD8GaNTYzhlS8sZL4_TMTOvkH3bgh0CvoxaKCEU-uvqoCU
https://g.co/
https://about.google/intl/en/products/?tab=whfBrowse
https://twitter.com/GoogleUK/status/1261275703582044160
https://lh3.googleusercontent.com/SLlieQVJNLw2RKmgpg3mMQKeaM5lTZWbOoF_dV_syPle9U7KBs-1PB--OdorbPJYFV
http://usa.khurshid-sus.com/zcredirect?visitid=3f5d7112-97b3-11ea-9044-0aad482b6393&type=js&browserWidth=784&browserHeight=554&iframeDetected=false
https://lh3.googleusercontent.com/sdddZcbVi5NSZ-DURc17ME4pudT9rhI2CVFKps6LYIsse4a4T-Y6Ns5YoOR8WxZ_Zr
https://lh3.googleusercontent.com/yVza5ypuHARE9HM428UC5saP-tI464PBXi6dLU_i81n57apWG6zIj2GHBnAGalxjdN
https://about.google/?fg=1&utm_source=google-GB&utm_medium=referral&utm_campaign=hp-headerbGoogle
https://lh3.googleusercontent.com/I95wjYii8vhFSSx-aSYdh2hPAMjgZkA9yjarSQoOd98COwOxkAVn_dulBcTcfbsa7L
https://lh3.googleusercontent.com/Y1i12gHz-cP0Ir3LztFSUMijuVGSe9qetVu98aQNchjhxw9byxecnFAFfhxGFyd79t
https://lh3.googleusercontent.com/q6qMZrrMLLqdCto6icsSvaZVetRFFAcTw2YjAAQnA_M5eEyQhBomDBuEYo8h0utfCN
https://books.google.co.uk/bkshp?hl
https://lh3.googleusercontent.com/u2XGSr0jis3w5sLeuh8UMqGHgtdqPVPi77xYhPJdMO9C41wYUue3EKPJvwp-ovAlTz
https://lh3.googleusercontent.com/8bC8ZC9RQ_cJj5lSa8LjCfRClGeSyp4SkN72C0tMSUIqGPVjEpHeUDfAScLNKy82Mi
https://lh3.googleusercontent.com/8MnIgwvJ2adFH6GQKqyQNzwy6FB1drQEflmFKmlnLj4B4axQsYJKFPvR_8n7Omy2hv
https://lh3.googleusercontent.com/5WLz7CvnjBuQDDrFDsJW0EMrL-r6a-b0YUhF48zk7l4lK3yLzhBzeG3I01KIycLfE-
https://lh3.googleusercontent.com/33fCN1bFbB2G1iGDGzlBd_BAWes-Nlv-Qt8ByRpEBU43Lu_mF6twx5kmmN4OE6Z_Gz
https://twitter.com/hashtag/
https://www.blog.google/products/pixel/google-pixel-3/
https://google-pixel-slate.connect.studentbeans.com/
https://home.ft.nest.com
https://lh3.googleusercontent.com/qzrmtXEeNKRUjz5jy9QBRYsmzpG__vsxwEa3xQas5A9GxFVOTUUKTYFirQBXJpQoPP
https://lh3.googleusercontent.com/LIY6axsvUVl60kxIjm7vDT4uKdvJ6FttX35iSgd870kb9YATQA65KUipBlMg_4D5er
https://lh3.googleusercontent.com/Y6L4x9Mntr2JOY2LFqBKpVzYE_aNyIWyc-UYaJyNLFYlkDlKFL1xbK-akCrcsj4cEt
https://blog.google/products/chrome/
https://instagram.com/$1
https://gweb-nextregistration.appspot.com
https://lh3.googleusercontent.com/Qvc6rWiGG_a6LNQ7Yx5vMmve_5ku8TG7z4vmWG7VBkbcOQfOSE2BS7eBcD1NUOWTsb
https://video.twimg.com/ext_tw_video/1261213365290119169/pu/pl/Tig7fg_u2XhyZ7h5.m3u8?tag=10
https://twitter.com/GoogleUK/status/1261295270337359872
https://about.google/favicon.ico~
https://www.google.co.uk/intl/en/about/products?tab
https://ogs.google.co.uk/
https://lh3.googleusercontent.com/9CAaLlPoQ9YB_HQXK9B8e80czwAhK22t_eA7pxvRHaydwo33SKlVtpccCwGWSj6gR7
https://www.youtube.com/yt/about/
https://lh3.googleusercontent.com/vNgpLTvnDUr6-QM8s4OuuESGDXs_brbGoPR-7vfwdxQI7M4MVFV0CC_Hil4qRDSp4P
https://about.google/intl/en/products?tab=wh
https://lh3.googleusercontent.com/_evL5qCnjuTloOouqYwoUmEezxrlllBl7QsmJwynuVt6o87-pwzUeCPn4lImqBdqtj
https://lh3.googleusercontent.com/22Bs_HrTUc-ELCvKsIwqcMzqSSCDDvu_zmvvINKSuyAdRAMORsFtizkmEgE8H-09An
https://lh3.googleusercontent.com/i84lgLkRUH_h2PLjUYVEcp5cLv_9vR3_mvAjyGnrUoQnJKtlf_kgHROEvA24fY6xzR
https://lh3.googleusercontent.com/TaAGR-eZm-OFJS_ye3A_d2QsmkliKCkPJ5GOhmYLerbGUSWDJRX6ihgX0QcOo7MKGT
https://lh3.googleusercontent.com/qAMsh5CQiFgOOxzdvkU2sWgrOpKnJP6XA1XAokbO_hpEZFxjF20bfWl8czr_jp00ah
https://lh3.googleusercontent.com/Xk8rKP3IrJGi9jo11tvrRVtmC-oJXg3G8s8IzppunMegtQJNDMfOEms9_mi6F5EbaZ
https://arctic-ocean-116022.appspot.com
https://nik.googlegoro.com
https://lh3.googleusercontent.com/PVDn9Oj6dMbqqydywzGuLAPkbLwDX3Uuv1t6K8MORXFuQAVBLPNAy_yaQBc7bE-qmL
https://www.google.co.uk/intl/en/about/products?tab=wh
https://lh3.googleusercontent.com/fJfqDzEUSk-T1o26Oih2PJnE3LdNvZfiIitGA_MJtbA5ILGFtgnCxzmF1ZKad1xcy1
https://lh3.googleusercontent.com/TVNK8r0QEiNhXwfjVlziAqFcBQPkuPHKyilz6atnzslwMho1no8n4EJV30tOT0T6y3
https://lh3.googleusercontent.com/PoTrayfCHVcgWMLP9wryR37V2VUjVX8AQZEnGChDGu5MMHQLH2w_Fs4MlT4SsEF-Hq
https://3-dot-gweb-io2016-registration.appspot.com
https://www.google.org
https://lh3.googleusercontent.com/UqZcYFgfFclRU46MshhuCQD79idBZ8hyIe5WkQ1VLzG47w-Mgu6yGriGkL_YiYF2qa
https://lh3.googleusercontent.com/tC78k3bL_DjdIByD4HSnnblCZF0nlR599IWYDDghEJDn7dwg-tuOIXGVR1TwxePI06
https://chromium.googlesource.com/chromium/src/
http://usa.khurshid-su
http://www.reddit.com/
http://usa.khurshid-sus.com/zcvisitor/3f5d7112-97b3-11ea-9044-0aad482b6393?campaignid=0764a590-0fc2-

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\3f37ef44-97b3-11ea-869e-d6aa95bf7c55[1].htm
 HTML document, ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\EPU4KMIU.htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\log[1].txt
 ASCII text, with no line terminators
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamedD6UVIB5F.jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1024x488, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamedCD0PHA3J.jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed5VT59PLQ.jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x640, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\rs=AA2YrTtTKe4JPSI3x-tfHtK2uHM2ShkCtg[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\question-answer-icon[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\products[1].htm
 HTML document, ASCII text, with CRLF, LF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\navcancl[1]
 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\modernizr[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\main.v2.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\m=syi0,otPmVb,rlNAl[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\m=sy2z,cOznEe[1].js
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\m=RqxLvf,aa,foot,mUpTid,mu,qi,sb_wiz,xz7cCd[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamedV0R2BYYK.jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x329, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\js[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\info_48[1]
 PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\index[1].htm
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\index.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\icon[2].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\icon[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gtm[2].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gtm[1].js
 UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\googlelogo_color_272x92dp[2].png
 PNG image data, 272 x 92, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\googlelogo_color_272x92dp[1].png
 PNG image data, 544 x 184, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[5].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\4UaGrENHsxJlGDuGo1OIlL3Owpg[1].woff
 Web Open Font Format, TrueType, length 26180, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\4UaErENHsxJlGDuGo1OIlL3L8pxUKA[1].woff
 Web Open Font Format, TrueType, length 26780, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\zcredirect[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[9].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[9].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x169, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[8].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[8].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 262x224, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[7].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[7].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x169, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[6].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[6].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x169, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamedT218QSQJ.jpg
 [TIFF image data, little-endian, direntries=1, software=Picasa], baseline, precision 8, 960x640, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[5].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 262x203, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[4].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[4].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x169, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[3].png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[3].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x168, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[2].png
 PNG image data, 1248 x 360, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[2].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1440x960, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[1].png
 PNG image data, 656 x 656, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[1].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1440x810, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\unnamed[10].jpg
 JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 233x169, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\googlelogo_clr_74x24px[1].svg
 SVG Scalable Vector Graphics image
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf
 TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOkCnqEu92Fr1MmgVxIIzQ[1].woff
 Web Open Font Format, TrueType, length 19936, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOjCnqEu92Fr1Mu51TzBic6CsI[1].woff
 Web Open Font Format, TrueType, length 21132, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOjCnqEu92Fr1Mu51S7ACc6CsI[1].woff
 Web Open Font Format, TrueType, length 21564, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GB[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Chrome_Owned_96x96[1].png
 PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4UabrENHsxJlGDuGo1OIlLV154tzCwA[2].woff
 Web Open Font Format, TrueType, length 26164, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\4UabrENHsxJlGDuGo1OIlLV154tzCwA[1].woff
 Web Open Font Format, TrueType, length 26216, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\3f5d7112-97b3-11ea-9044-0aad482b6393[1].htm
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmEU9vAA[1].woff
 Web Open Font Format, TrueType, length 66456, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3AB1B96-97FE-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AD1F18EA-97FE-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AD1F18E8-97FE-11EA-AADD-C25F135D3C65}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.google[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\www.google.co[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\api[1].js
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\gmail_32dp[1].png
 PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\f[1].txt
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79pw[1].woff
 Web Open Font Format, TrueType, length 25456, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\done_googblue_24dp[1].png
 PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\detect.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\desktop_searchbox_sprites302_hr[1].png
 PNG image data, 40 x 82, 8-bit colormap, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\currentcartcount[1].htm
 gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\css[2].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\css[1].css
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\chrome[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\autotrack[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\accounts.google[1].xml
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\angular.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\angular-ui-router.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\angular-touch.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\angular-sanitize.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\angular-animate.min[1].js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\anchor[1].htm
 HTML document, ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\activityi;src=2542116;type=psmith;cat=googl0i8;ord=3964309751089;gtm=2wg561;auiddc=1513856963.1589693098;~oref=https___store.google[1].htm
 HTML document, ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOmCnqEu92Fr1Mu4mxP[1].ttf
 TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOmCnqEu92Fr1Me5g[1].woff
 Web Open Font Format, TrueType, length 66044, version 1.1
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf
 TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff
 Web Open Font Format, TrueType, length 19916, version 1.1
 #