Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://na3.docusign.net/Member/EmailStart.aspx?a=e48f9a7e-7630-4f4a-9e73-9ae4c68238d0&acct=6d128e02-3d7d-42e7-b7c2-14e521db149f&er=ca6b7a2d-cdb3-4ab1-8f2e-072215336210

Status: finished
Submission Time: 2022-05-26 14:18:15 +02:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    634600
  • API (Web) ID:
    1002104
  • Analysis Started:
    2022-05-26 14:18:15 +02:00
  • Analysis Finished:
    2022-05-26 14:25:51 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 56
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

IPs

IP Country Detection
104.20.184.68
 United States
3.122.210.115
 United States
54.186.32.137
 United States
Click to see the 65 hidden entries
75.101.184.39
 United States
52.223.40.198
 United States
37.252.173.27
 European Union
151.101.193.21
 United States
68.67.153.60
 United States
108.177.126.156
 United States
99.84.146.123
 United States
99.84.146.46
 United States
192.229.221.25
 United States
104.16.148.64
 United States
172.217.168.46
 United States
34.208.118.116
 United States
52.212.186.156
 United States
172.217.168.40
 United States
52.49.130.20
 United States
35.201.112.186
 United States
52.214.82.108
 United States
104.18.11.207
 United States
104.244.42.5
 United States
104.244.42.3
 United States
104.244.42.8
 United States
142.250.203.100
 United States
142.250.203.109
 United States
99.84.146.50
 United States
99.84.146.28
 United States
151.101.129.35
 United States
99.84.146.23
 United States
54.83.253.189
 United States
172.217.168.8
 United States
35.244.159.8
 United States
34.237.115.252
 United States
13.248.245.213
 United States
87.248.119.251
 United Kingdom
157.240.17.15
 United States
108.161.189.78
 United States
35.244.174.68
 United States
35.244.153.179
 United States
239.255.255.250
 Reserved
99.84.146.12
 United States
216.58.215.227
 United States
130.211.5.208
 United States
216.58.215.226
 United States
94.31.29.32
 United Kingdom
52.211.192.158
 United States
35.162.209.223
 United States
185.33.220.244
 Netherlands
35.186.194.58
 United States
93.184.220.66
 European Union
142.0.173.20
 United States
151.101.0.176
 United States
3.226.212.93
 United States
204.79.197.200
 United States
35.186.241.51
 United States
199.232.136.157
 United States
157.240.20.35
 United States
162.247.242.18
 United States
99.84.144.54
 United States
216.58.215.238
 United States
151.101.1.140
 United States
18.194.211.85
 United States
104.17.24.14
 United States
141.226.228.48
 Israel
34.197.49.154
 United States
99.84.146.68
 United States
172.217.168.67
 United States

Domains

Name IP Detection
cdn4-buysellads-net.bsa.netdna-cdn.com
 94.31.29.32
d.adroll.com
 0.0.0.0
ka-f.fontawesome.com
 0.0.0.0
Click to see the 97 hidden entries
static.ads-twitter.com
 0.0.0.0
alb.reddit.com
 0.0.0.0
edge.gycpi.b.yahoodns.net
 87.248.119.251
scripts.demandbase.com
 99.84.146.28
geolocation.onetrust.com
 104.20.184.68
ib.anycast.adnxs.com
 37.252.173.27
www.google.ch
 172.217.168.67
geo-1040374038.us-west-2.elb.amazonaws.com
 54.186.32.137
tags.srv.stackadapt.com
 3.226.212.93
api.company-target.com
 99.84.146.123
track.docusign.com
 0.0.0.0
www-fastly.glb.paypal.com
 151.101.193.21
cs1150.wpc.betacdn.net
 192.229.221.25
rs.fullstory.com
 35.186.194.58
d363pmmp0n4m95.cloudfront.net
 99.84.146.12
syndication.twitter.com
 104.244.42.8
cs41.wac.edgecastcdn.net
 93.184.220.66
lnk.to
 52.49.130.20
p13nlog-1106815646.us-east-1.elb.amazonaws.com
 34.237.115.252
www-googletagmanager.l.google.com
 172.217.168.8
www-google-analytics.l.google.com
 142.250.203.110
accounts.google.com
 142.250.203.109
cdn4.buysellads.net
 0.0.0.0
js.stripe.com
 0.0.0.0
a.docusign.com
 0.0.0.0
na3.docusign.net
 0.0.0.0
cdn.optimizely.com
 0.0.0.0
bam.nr-data.net
 0.0.0.0
www.docusign.com
 0.0.0.0
px.ads.linkedin.com
 0.0.0.0
connect.facebook.net
 0.0.0.0
images.ctfassets.net
 0.0.0.0
img.en25.com
 0.0.0.0
kit.fontawesome.com
 0.0.0.0
www.codeply.com
 0.0.0.0
siteimproveanalytics.com
 188.114.96.10
geo.docusign.com
 0.0.0.0
www.redditstatic.com
 0.0.0.0
js.adsrvr.org
 0.0.0.0
logx.optimizely.com
 0.0.0.0
t.paypal.com
 0.0.0.0
c.clarity.ms
 0.0.0.0
platform.twitter.com
 0.0.0.0
clients2.google.com
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0
secure.adnxs.com
 0.0.0.0
www.docusign.net
 0.0.0.0
www.google.com
 142.250.203.100
monetization-framework.bsa.netdna-cdn.com
 108.161.189.78
dual-a-0001.a-msedge.net
 204.79.197.200
s.twitter.com
 104.244.42.3
stats.l.doubleclick.net
 108.177.126.156
us-u.openx.net
 35.244.159.8
d1qug1xf2dk5z6.cloudfront.net
 99.84.146.50
match.prod.bidr.io
 52.211.192.158
star-mini.c10r.facebook.com
 157.240.20.35
q.quora.com
 54.83.253.189
id.rlcdn.com
 35.244.174.68
cdn.mxpnl.com
 130.211.5.208
ssl-google-analytics.l.google.com
 172.217.168.40
maxcdn.bootstrapcdn.com
 104.18.11.207
cm.g.doubleclick.net
 216.58.215.226
cdnjs.cloudflare.com
 104.17.24.14
codeply.com.herokudns.com
 75.101.184.39
elb-aws-fr-bruges-621602890.eu-central-1.elb.amazonaws.com
 18.194.211.85
t.co
 104.244.42.5
bam-pool.nr-data.net
 162.247.242.18
adserver-vpc-alb-2-1264451658.eu-west-1.elb.amazonaws.com
 52.214.82.108
platform.twitter.map.fastly.net
 199.232.136.157
eu-eb2.3lift.com
 13.248.245.213
segments.company-target.com
 99.84.146.23
s.ml-attr.com.pxlsrv.net
 68.67.153.60
trkn.us
 34.197.49.154
p01k.hs.eloqua.com
 142.0.173.20
am-vip001.taboola.com
 141.226.228.48
idsync.rlcdn.com
 35.244.174.68
scontent.xx.fbcdn.net
 157.240.17.15
insight.adsrvr.org
 52.223.40.198
t-fastly.glb.paypal.com
 151.101.129.35
dg2iu7dxxehbo.cloudfront.net
 99.84.144.54
d1tcqh4bio8cty.cloudfront.net
 99.84.146.46
d3orhvfyxudxxq.cloudfront.net
 99.84.146.68
ixf3-api.bc0a.com
 35.244.153.179
cdn.cookielaw.org
 104.16.148.64
clients.l.google.com
 216.58.215.238
gstaticadssl.l.google.com
 216.58.215.227
api.mixpanel.com
 35.186.241.51
io.narrative.io
 52.212.186.156
m.stripe.com
 35.162.209.223
googleads.g.doubleclick.net
 172.217.168.66
reddit.map.fastly.net
 151.101.1.140
www3.l.google.com
 172.217.168.46
dualstack.reddit.map.fastly.net
 151.101.1.140
stripecdn.map.fastly.net
 151.101.0.176
arya-1323461286.us-west-2.elb.amazonaws.com
 34.208.118.116
ana-collector-elb-eu-2022-04-27-1537287910.eu-central-1.elb.amazonaws.com
 3.122.210.115
edge.fullstory.com
 35.201.112.186

URLs

Name Detection
https://t.co/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=num3n&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=1ee7a3f6-0fbd-444d-90dc-e1b9418b3ab2&tw_document_href=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy
https://d.adroll.com/consent/check/DQTAWOHQF5GGTCQWS4YGYB?arrfrr=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy&_s=f105b8d4ed34b51c14b47c217923d095&_b=2
https://www.docusign.com/company/privacy-policy
Click to see the 97 hidden entries
https://accounts.google.com/MergeSession
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3ddocusign.com%26pId%3d%24UID
https://tags.srv.stackadapt.com/events.js
https://www.paypalobjects.com/muse/analytics/index.html#frameId=e8f63ab8-2658-4614-9ef6-d26a819812eb&propertyId=5FFW3R8JHUX8G-1&flow=visitor-info&variant=analytics&mrid=5FFW3R8JHUX8G&isMobileEnabled=true&isDesktopEnabled=true&shouldCheckCountry=true&mobileVariant=analytics&mobileFlow=visitor-info
https://sandbox.google.com/payments/v4/js/integrator.js
https://alb.reddit.com/rp.gif?ts=1653599999510&id=t2_bu9w1gxb&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&uuid=94c8e22e-d8bd-469e-8ff7-4adb9ff7ac7e&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=1024&v=rdt_90e98f9f
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=numgi&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=8f82e85e-b440-4993-b319-bcb1c588fff3&tw_document_href=https%3A%2F%2Flnk.to%2FUVn6LVyv
https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3ddocusign.com%26pId%3d%24UID
https://s.adroll.com/j/roundtrip.js
https://q.quora.com/_/ad/ffeff5b6f608417ebc4613dd3b055193/pixel?tag=ViewContent&i=gtm&u=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy
https://analytics.google.com
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
https://www.google.ch
https://www.codeply.com/js/chunk-0f00b7a4.20db282c.js
https://www.google.com/images/cleardot.gif
https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-1TZ7S9D6BQ&cid=1512523916.1653599999&gtm=2oe5n0&aip=1&z=1825718465
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253ddocusign.com%2526pId%253d%2524UID
https://www.google.com/
https://na3.docusign.net/Signing/conversations/?ti=967752b9f5d84541a2e08f14ad19fd12&integratorname=comments
https://trkn.us/pixel/conv/ppt=13724;g=homepage;gid=36052;ord=6950669524969.692;v=120;ip=102.129.143.42;cuidchk=1
https://scripts.demandbase.com/1IEYtQv1.min.js
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=nx68b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=a3205b9f-0c9a-4c3b-8066-16e24c2d8337&tw_document_href=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy&page_title=Privacy%20Notice%20%7C%20DocuSign&src=tag&auth=Ei4cukWmQMa3obDlAMpIyf1e4hfJpd15bDTsfJ2Q
https://googleads.g.doubleclick.net
https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
https://tags.srv.stackadapt.com/sa.css
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fwww.docusign.com
https://rs.fullstory.com/rec/integrations?OrgId=12BP4E
https://ogs.google.com
https://www.google.com/intl/en-US/chrome/blank.html
https://na3.docusign.net/Signing/EmailStart.aspx?a=e48f9a7e-7630-4f4a-9e73-9ae4c68238d0&acct=6d128e0
https://images.ctfassets.net/0jnmtsdzg6p5/2AllED5U03vd2cebLfB6rU/531a6780832941786e6ed77e0ad694dd/badge-google-play.png
https://a.docusign.com/ds_arya_wrapper.min.js?f=1
https://clients2.google.com
https://trkn.us/pixel/conv/ppt=13724;g=homepage;gid=36052;ord=6950669524969.692;v=120
https://www-googleapis-staging.sandbox.google.com
https://m.stripe.network/inner.html#url=https%3A%2F%2Fwww.codeply.com%2Fv%2FFwGGdZUxa6&title=Codeply%20v2&referrer=https%3A%2F%2Flnk.to%2FUVn6LVyv&muid=NA&sid=NA&version=6&preview=false
https://ixfd-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000030713/492852645
https://apis.google.com
https://na3.docusign.net/Signing/?ti=967752b9f5d84541a2e08f14ad19fd12
https://cdn.cookielaw.org/consent/f9d8335b-1f5b-415d-923b-2daa2d0de9bd/82cd39e0-d57d-45c8-b6cc-7a367bd38a92/en-us.json
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-39550292-1&cid=1512523916.1653599999&jid=863462262&_u=aCDACEIIBAAAAC~&z=89711445
https://attr.ml-api.io/?domain=docusign.com&pId=7979933589234140531
https://accounts.google.com
https://platform.twitter.com/widgets.js
https://static.ads-twitter.com/oct.js
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.61
https://6042533.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy&title=Privacy%20Notice%20%7C%20DocuSign&res=1280x1024&accountid=6042533&rt=4095&prev=16cf0e0d-c06e-99e8-73b6-7105c4051b8d&luid=bc72d1c1-b25d-1738-a5f8-0082daf3565b&rnd=2601
https://www.google.com/accounts/OAuthLogin?issueuberauth=1
https://t.co/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=numuc&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=0819ba63-a816-4745-ba6a-aee8ac333b97&tw_document_href=https%3A%2F%2Flnk.to%2FUVn6LVyv
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otFlat.json
https://js.adsrvr.org/up_loader.1.1.0.js
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css
https://na3.docusign.net/Member/EmailStart.aspx?a=e48f9a7e-7630-4f4a-9e73-9ae4c68238d0&acct=6d128e02
https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
https://connect.facebook.net/en_US/fbevents.js
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=num3n&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=1ee7a3f6-0fbd-444d-90dc-e1b9418b3ab2&tw_document_href=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy
https://www.codeply.com/css/chunk-vendors.146d8857.css
https://track.docusign.com/visitor/v200/svrGP?pps=3&siteid=566810826&ref2=elqNone&tzo=480&ms=783&optin=disabled&firstPartyCookieDomain=track.docusign.com
https://analytics.google.com/g/collect?v=2&tid=G-1TZ7S9D6BQ&gtm=2oe5n0&_p=1443722410&_z=ccd.NNB&_gaz=1&cid=1512523916.1653599999&ul=en-us&sr=1280x1024&ir=1&_s=1&dl=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy&dr=&sid=1653599998&sct=1&seg=0&dt=Privacy%20Notice%20%7C%20DocuSign&en=page_view&_fv=1&_nsi=1&_ss=1&_eu=Q&ep.gtm_setting=GTM-646L%20%7C%20713%20%7C%20&ep.hostname=www.docusign.com&ep.audience_region=North%20America&ep.audience_market=United%20States&up.client_id=false&up.u_uuid=941d3fdc-d5d1-454b-8c11-41e801b3c56f
https://www.google.com
https://js.stripe.com/v3
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-1TZ7S9D6BQ&cid=1512523916.1653599999&gtm=2oe5n0&aip=1
https://images.ctfassets.net/0jnmtsdzg6p5/4WOSOeq00xri7k11Xb3kkF/5a2503a98c82d94aa387922221f3daea/badge-app-store.png
https://lnk.to/~/tr/pageview/
https://www.codeply.com/js/app.923fe24b.js
https://cm.g.doubleclick.net
https://www.redditstatic.com/ads/pixel.js
https://id.rlcdn.com/464526.gif
https://s.adroll.com/j/pre/DQTAWOHQF5GGTCQWS4YGYB/L7L3QFB6AZERXCALORVQKA/fpconsent.js
https://stats.g.doubleclick.net
https://match.prod.bidr.io/cookie-sync/demandbase
https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcCenter.json
https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fwww.docusign.com
https://analytics.twitter.com/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=numuc&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=0819ba63-a816-4745-ba6a-aee8ac333b97&tw_document_href=https%3A%2F%2Flnk.to%2FUVn6LVyv
https://cdn.cookielaw.org/consent/f9d8335b-1f5b-415d-923b-2daa2d0de9bd/f9d8335b-1f5b-415d-923b-2daa2d0de9bd.json
https://www.google.com/images/dot2.gif
https://rs.fullstory.com/rec/page
https://bam.nr-data.net/1/NRJS-f792da16f1ccfaee80c?a=594002902&v=1216.487a282&to=YgAEMUZXX0sAAhFaDFtKJwZAX15WThEEVAZqCAcLVVFUSj4PClcGahMPAENpQVkGBA%3D%3D&rst=4197&ck=1&ref=https://www.docusign.com/company/privacy-policy&ap=528&be=607&fe=3995&dc=2470&perf=%7B%22timing%22:%7B%22of%22:1653599993565,%22n%22:0,%22f%22:24,%22dn%22:140,%22dne%22:189,%22c%22:189,%22s%22:190,%22ce%22:334,%22rq%22:334,%22rp%22:404,%22rpe%22:596,%22dl%22:467,%22di%22:2469,%22ds%22:2470,%22de%22:2603,%22dc%22:3994,%22l%22:3995,%22le%22:3998%7D,%22navigation%22:%7B%7D%7D&fp=2242&fcp=2242&at=TkcHRw5NTEU%3D&jsonp=NREUM.setToken
https://cdn.cookielaw.org/consent/f9d8335b-1f5b-415d-923b-2daa2d0de9bd/otSDKStub.js
https://lnk.to/UVn6LVyv
https://static.ads-twitter.com/uwt.js
https://s.adroll.com/j/pre/index.js
https://www.google.com/images/x2.gif
https://m.servedby-buysellads.com/monetization.js
https://payments.google.com/payments/v4/js/integrator.js
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://www.codeply.com/v/FwGGdZUxa6
https://t.co/i/adsct?type=javascript&version=2.3.12&p_id=Twitter&p_user_id=0&txn_id=nx68b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_order_quantity=0&tw_sale_amount=0&tw_iframe_status=0&event_id=a3205b9f-0c9a-4c3b-8066-16e24c2d8337&tw_document_href=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy
https://insight.adsrvr.org/track/up?adv=fluwpqm&ref=https%3A%2F%2Fwww.docusign.com%2Fcompany%2Fprivacy-policy&upid=5qyfcap&upv=1.1.0
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
https://dns.google
https://js.stripe.com/v3/m-outer-649431882ac2f1ed1f457f73c22ec4a1.html#url=https%3A%2F%2Fwww.codeply.com%2Fv%2FFwGGdZUxa6&title=Codeply%20v2&referrer=https%3A%2F%2Flnk.to%2FUVn6LVyv&muid=NA&sid=NA&version=6&preview=false
https://segments.company-target.com/log?vendor=choca&user_id=AAHfRE7FHuEAAEqNVqTAsQ
https://platform.twitter.com/oct.js

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\6eab8d71-d4c9-407c-aa9e-793a676d6785.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\es_419\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\es\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\en_GB\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\en\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\el\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\de\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\da\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\cs\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\ca\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\bg\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\9ef950e6-17ef-48bc-95c3-6b2db24d42ab.tmp
 Google Chrome extension, version 3
 #
C:\Users\user\AppData\Local\Temp\9ef950e6-17ef-48bc-95c3-6b2db24d42ab.tmp
 Google Chrome extension, version 3
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\et\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe
 ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe
 ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a
 current ar archive
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a
 current ar archive
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a
 current ar archive
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a
 current ar archive
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe
 ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=7511538a3a6a0b862c772eace49075ed1bbe2377, stripped
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o
 ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o
 ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\lv\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\th\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\sv\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\sr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\sl\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\sk\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\ru\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\ro\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\pt_PT\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\pt_BR\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\pl\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\nl\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\nb\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o
 ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\lt\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\ko\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\ja\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\it\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\id\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\hu\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\hr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\hi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\fr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\fil\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4572_1048040578\CRX_INSTALL\_locales\fi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\90686d25-2c17-4b20-9f42-8f22b8715f85.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\f004013e-5cc9-4312-b28b-a11390650b38.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\88f05894-20d2-452b-9e1d-b414a8c64575.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5c9753a9-ede6-4463-8cc7-145c2d9a91c2.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\59948357-64f9-4f99-8d7e-892a79ccb39d.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\510f0da1-eaf2-4526-baff-51b47474221f.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4da20b49-08f1-45ea-9c03-f09b1d326d03.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\40efeb52-1845-4ab4-b0fd-4ae0b3d82f16.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\774da0ef-9888-42bd-a638-89ba0ebcf9ca.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\7125125b-b500-40af-b87f-17d9710433be.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\3451b37c-7285-49ab-9e06-cc493da97c1e.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\280f5dae-6105-4aea-8191-3df24e7133b7.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fedc0d88-7fea-48f5-b6b2-c92112298939.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_platform_specific\x86_64\pnacl_public_pnacl_json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\4572_1706983264\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\dfbe3953-ae3f-4bc7-81e9-d46d55111282.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\dda7f0d3-3549-4e09-8677-3174a6a73f40.tmp
 SysEx File -
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\dbc01ab1-8d83-4184-a0e0-cfb99a1701e9.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\b6e56044-8e43-4bbd-9d99-a768486bb5f3.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\a7f71c43-df3f-43e9-ac7d-893a57192021.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\a2b738b0-83a2-4c65-9655-8d53d73c41e8.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
 data
 #
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f42056e0-9b88-4682-b165-20968a655a20.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\eb9ee367-a75d-4ffe-b301-7227aa516ac1.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d6dc40f8-adaf-4205-83f4-4ca904df39f8.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c7ecda7c-a6fe-4c83-acc2-a04d685ed54a.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b6447d45-fc8e-401f-adf9-5cdd1f6739fe.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b46cedc2-e37a-4d8e-969c-f4bba49300ae.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\af93317e-e64c-4ab7-9d70-f0ed81b5c46f.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\ce4b112c-4827-41a4-a959-edc28ff11e5f.tmp
 ASCII text, with very long lines, with no line terminators
 #