Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

https://www.evernote.com/shard/s670/sh/55910dd8-9887-4018-3dce-75c372206cc5/1536ce86c6cb14e023f30a8fc3201040

Status: finished
Submission Time: 2022-05-26 20:01:22 +02:00
Malicious
Phishing
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    634786
  • API (Web) ID:
    1002290
  • Analysis Started:
    2022-05-26 20:01:22 +02:00
  • Analysis Finished:
    2022-05-26 20:07:27 +02:00
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 72
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
216.58.215.238
 United States
216.58.215.227
 United States
108.177.127.157
 United States
Click to see the 5 hidden entries
142.250.181.238
 United States
239.255.255.250
 Reserved
69.49.247.60
 United States
35.190.3.250
 United States
142.250.203.109
 United States

Domains

Name IP Detection
gstaticadssl.l.google.com
 216.58.215.227
accounts.google.com
 142.250.203.109
www-google-analytics.l.google.com
 142.250.181.238
Click to see the 8 hidden entries
stats.l.doubleclick.net
 108.177.127.157
dashboard.svc.www.evernote.com
 35.190.3.250
nonatgridhike.org
 69.49.247.60
clients.l.google.com
 216.58.215.238
clients2.google.com
 0.0.0.0
content.evernote.com
 0.0.0.0
www.evernote.com
 0.0.0.0
stats.g.doubleclick.net
 0.0.0.0

URLs

Name Detection
https://nonatgridhike.org/voicemail/1drvme/qcz25rbt697up7wwbry0ghn7.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
https://nonatgridhike.org/voicemail/1drvme/ufqr3iimuvmyhyl1bvk017s8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
https://nonatgridhike.org/voicemail/1drvme/qcz25rbt697up7wwbry0ghn7.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
Click to see the 51 hidden entries
https://nonatgridhike.org/voicemail/1drvme/ufqr3iimuvmyhyl1bvk017s8.php?rand=13InboxLightaspxn.1774256418&fid&1252899642&fid.1&fav.1&email=
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked@2x.16dd62aafb400734f63f9359d38353b5.png
https://dns.google
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
https://www.google.com/intl/en-US/chrome/blank.html
https://ogs.google.com
https://nonatgridhike.org/favicon.ico
https://nonatgridhike.org/voicemail/1drvme/img/logo_strip.png
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
https://payments.google.com/payments/v4/js/integrator.js
https://dashboard.svc.www.evernote.com/app/nv/main.7df2ea8aefc64dfe7f5f.js
https://www.google.com/images/x2.gif
https://www-googleapis-staging.sandbox.google.com
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked@2x.11f80f43dc76ab8d3830eb04f348a2d7.png
https://www.google.com/images/dot2.gif
https://www.evernote.com/shard/s670/client/snv?noteGuid=55910dd8-9887-4018-3dce-75c372206cc5&noteKey
https://nonatgridhike.org/voicemail/1drvme/img/logo.png
https://clients2.googleusercontent.com
https://nonatgridhike.org/voicemail/1drvme/css/share-point.css
https://dashboard.svc.www.evernote.com/app/nv/en.9677374f5226e3503d72.js
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.3f5a792446497fedcefe.js
https://www.google.com/
https://nonatgridhike.org/voicemail/1drvme/
https://clients2.google.com/service/update2/crx
https://dashboard.svc.www.evernote.com/app/nv/vendors~main.09d176dfea5b9d297bca.js
https://stats.g.doubleclick.net
https://www.google.com/images/cleardot.gif
https://nonatgridhike.org/voicemail/1drvme/img/voicemail.png
https://play.google.com
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-checked.7590e8cd2c641835fc28e0b773603bba.png
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-450b2463e5.css
https://dashboard.svc.www.evernote.com/app/nv/ce/note_viewer_ce.8df7565ed507240152c9.css
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-285778-5&cid=542477154.1653620554&jid=718981104&gjid=927434812&_gid=1435588268.1653620554&_u=YGBAgEABAAAAAE~&z=1225098921
https://sandbox.google.com/payments/v4/js/integrator.js
https://dashboard.svc.www.evernote.com/app/nv/ce/ce-001e22adb7.js
https://accounts.google.com/MergeSession
https://www.google.com
https://clients2.google.com
https://www.evernote.com/shard/s670/client/snv?noteGuid=55910dd8-9887-4018-3dce-75c372206cc5&noteKey=1536ce86c6cb14e023f30a8fc3201040&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs670%2Fsh%2F55910dd8-9887-4018-3dce-75c372206cc5%2F1536ce86c6cb14e023f30a8fc3201040&title=INCOMING%2BVOICEMAIL
https://www.evernote.com/shard/s670/client/snv/ce
https://dashboard.svc.www.evernote.com/app/nv/icons-1ec2b385e995168bc5bb4934b116d4a6/favicon.ico
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked@2x.c3c4ff13b71dfbc14ef9a45a561a92a2.png
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-unchecked.176215f068a388a063888b3512d0a1a4.png
https://accounts.google.com
https://www.evernote.com/shard/s670/sh/55910dd8-9887-4018-3dce-75c372206cc5/1536ce86c6cb14e023f30a8f
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked.8aea89f504987c4f067bc6a76ef46aee.png
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-checked@2x.87213c0ded0782f6022161f7d871234a.png
https://apis.google.com
https://dashboard.svc.www.evernote.com/app/nv/ce/images/todo-before-unchecked.ed4d0e5dfd5dea7b3ca2d0009433c527.png
https://www.google.com/accounts/OAuthLogin?issueuberauth=1

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\es_419\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\lt\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\ko\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\ja\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\it\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\id\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\hu\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\hr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\hi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\fr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\fil\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\fi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\et\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\lv\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\es\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\en_GB\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\en\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\el\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\de\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\da\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\cs\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\ca\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\bg\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\319083ba-5c47-4e1c-ae4e-aa6117f7f67d.tmp
 Google Chrome extension, version 3
 #
C:\Users\user\AppData\Local\Temp\a3ee477d-974e-4a36-8f9a-4a320064f28c.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\th\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\images\icon_128.png
 PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\images\flapper.gif
 GIF image data, version 89a, 30 x 30
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\html\craw_window.html
 HTML document, ASCII text
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\css\craw_window.css
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\craw_window.js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\craw_background.js
 ASCII text, with very long lines
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\zh_TW\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\zh_CN\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\vi\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\uk\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\tr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\4008_859207919\ssl_error_assistant.pb
 data
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\sv\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\sr\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\sl\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\sk\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\ru\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\ro\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\pt_PT\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\pt_BR\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\pl\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\nl\messages.json
 ASCII text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Temp\scoped_dir4008_1536203125\CRX_INSTALL\_locales\nb\messages.json
 UTF-8 Unicode text, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\963c1942-ab33-49d8-8821-e812d304e93b.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\c5d15f24-7ca1-4aa6-85f3-6dae24a813d6.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9ca7608c-fe8c-44ab-813f-28eac9f5ff49.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7f58542d-5902-4e61-afaf-29d5954fb67d.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4d46e135-4777-437e-b6a0-6f0746451c0e.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2791d42a-060a-4706-b1da-8dec2bb97ec1.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0af2b80c-e266-4e56-bfa2-1c3c597e54a3.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\8ea281fa-f186-4281-9a3e-357def9575f8.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\517059e9-9b38-4488-a89e-bb647aa73d52.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\4b152e75-610a-492e-9fd1-1e17876e3814.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\48be0cb9-1646-42da-8bc2-0bf0f4d44c7a.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\38029280-807d-4e79-aa79-f1004dde65f4.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\2e0cfa24-789d-4879-a9f1-91f6b355fc3f.tmp
 SysEx File -
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\4008_859207919\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\4008_859207919\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\4008_859207919\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\4008_809099686\preloaded_data.pb
 data
 #
C:\Users\user\AppData\Local\Temp\4008_809099686\manifest.json
 ASCII text
 #
C:\Users\user\AppData\Local\Temp\4008_809099686\manifest.fingerprint
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\4008_809099686\_metadata\verified_contents.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Temp\319083ba-5c47-4e1c-ae4e-aa6117f7f67d.tmp
 Google Chrome extension, version 3
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\f1bc0f50-151a-48de-8d2c-cc80fae3bce4.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\d04d2aca-a31e-4807-a642-6127b55a4dbb.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\ba6a6e6c-551f-4804-b7b4-1bc8c14ecdbf.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)
 data
 #
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f314be41-debd-49a7-ae2a-fd5e6fd8e631.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\eba520b4-7518-4b48-b833-5f3830a7a21a.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ea1509c6-b71f-42bc-8b8f-4b8e033c035b.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\dc32edf7-6b61-4db0-9144-2945e39df7e3.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\be448b82-3f70-425d-8e1b-3ab9d2db6ce2.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\e6fb21dd-d822-4c79-a59b-b0bdcb42390b.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy)
 ASCII text, with very long lines, with no line terminators
 #