Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

ACH WIRE PAYMENT ADVICE..xlsx

Status: finished
Submission Time: 2021-01-13 19:45:46 +01:00
Malicious
Phishing
Exploiter
HTMLPhisher

Comments

Tags

Details

  • Analysis ID:
    339280
  • API (Web) ID:
    580481
  • Analysis Started:
    2021-01-13 19:45:47 +01:00
  • Analysis Finished:
    2021-01-13 20:05:49 +01:00
  • MD5:
    a66a202e970df086cc265cb646127bfb
  • SHA1:
    c8986173e16bb9b0703490afba594ec5eef08a4a
  • SHA256:
    e29c6206512f1f778f1af9a1ff2af2bb82107271e00c873930398b703294d75e
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 52
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Full Report Management Report IOC Report
malicious
Score: 56
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior

IPs

IP Country Detection
13.224.194.7
 United States
162.247.242.19
 United States
54.190.208.247
 United States
Click to see the 7 hidden entries
143.204.93.100
 United States
143.204.99.83
 United States
162.247.242.21
 United States
239.255.255.250
 Reserved
108.177.126.132
 United States
143.204.93.16
 United States
54.69.177.146
 United States

Domains

Name IP Detection
d296je7bbdd650.cloudfront.net
 143.204.99.83
api.segment.io
 54.69.177.146
d2citsn5wf4j9j.cloudfront.net
 143.204.93.100
Click to see the 11 hidden entries
d2nvsmtq2poimt.cloudfront.net
 143.204.93.16
bam.nr-data.net
 162.247.242.21
googlehosted.l.googleusercontent.com
 108.177.126.132
d2p6vz8nayi9a3.cloudfront.net
 13.224.194.7
clients2.googleusercontent.com
 0.0.0.0
cdn.segment.com
 0.0.0.0
renderer-assets.typeform.com
 0.0.0.0
public-assets.typeform.com
 0.0.0.0
js-agent.newrelic.com
 0.0.0.0
images.typeform.com
 0.0.0.0
24mbw17feyn.typeform.com
 0.0.0.0

URLs

Name Detection
https://graph.windows.net
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
http://www.youtube.com/
Click to see the 97 hidden entries
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
https://outlook.office365.com/autodiscover/autodiscover.json
https://24mbw17feyn.typeform.com/to/ZlFRrg5sz
https://prod-global-autodetect.acompli.net/autodetect
https://analysis.windows.net/powerbi/api
https://officesetup.getmicrosoftkey.com
https://renderer-assets.typeform.com
https://dataservice.o365filtering.com/
https://public-assets.typeform.com/public/favicon/favicon-32x32.png-
https://web.microsoftstream.com/video/
https://api.powerbi.com/v1.0/myorg/groups
https://images.typeform.com/images/nXkRcNPp6wtg/background/large);background-position:top
https://www.odwebp.svc.ms
https://dev0-api.acompli.net/autodetect
https://store.officeppe.com/addinstemplate
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://24mbw17feyn.typeform.com/oembed?url=https%3A%2F%2F24mbw17feyn.typeform.com%2Fto%2FZlFRrg5s
https://globaldisco.crm.dynamics.com
https://outlook.office.com/autosuggest/api/v1/init?cvid=
https://wus2-000.pagecontentsync.
https://public-assets.typeform.com/public/favicon/favicon-32x32.png
https://github.com/kof/animationFrame
https://clients.config.office.net/user/v1.0/android/policies
https://asgsmsproxyapi.azurewebsites.net/
https://incidents.diagnosticssdf.office.com
https://api.office.net
https://outlook.office365.com/api/v1.0/me/Activities
https://o365auditrealtimeingestion.manage.office.com
https://insertmedia.bing.office.net/odc/insertmedia
https://renderer-assets.typeform.com/vendors~blocks-ranking.f8aee16223a106724ea1.js
https://clients.config.office.net/user/v1.0/ios
https://incidents.diagnostics.office.com
https://24mbw17feyn.typeform.com/to/ZlFRrg5s6MlCR0S0FT
https://store.office.cn/addinstemplate
https://management.azure.com
https://api.segment.io
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
https://feedback.googleusercontent.com
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://renderer-assets.typeform.com/vendors~attachment.6e37d3fcdf703c1517e1.js
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
https://apis.live.net/v5.0/
http://weather.service.msn.com/data.aspx
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
https://github.com/js-cookie/js-cookie
https://api.addins.omex.office.net/appinfo/query
https://public-assets.typeform.com/public/favicon/site.webmanifest
https://public-assets.typeform.com/public/favicon/browserconfig.xml
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://cortana.ai
https://cdn.segment.com
https://lookup.onenote.com/lookup/geolocation/v1
https://typeform.com/
https://rpsticket.partnerservices.getmicrosoftkey.com
https://powerlift.acompli.net
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
https://clients.config.office.net/user/v1.0/tenantassociationkey
https://wus2-000.contentsync.
https://cloudfiles.onenote.com/upload.aspx
https://24mbw17feyn.typeform.com/to/ZlFRrg5sMlCR0S0FT
https://renderer-assets.typeform.com/phonenumber.6ea5ec50b9fa21e816ff.js
https://cdn.entity.
https://public-assets.typeform.com/public/favicon/favicon-16x16.png
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://renderer-assets.typeform.com/blocks-matrix.0544beec0e1a4e11a24a.js
https://renderer-assets.typeform.com/vendors~phonenumber.32d788474b661d4d3074.js
https://autodiscover-s.outlook.com/
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
https://shell.suite.office.com:1443
https://login.microsoftonline.com/
https://24mbw17feyn.typeform.com/to/ZlFRrg5sRoot
https://dns.google
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
https://officeci.azurewebsites.net/api/
https://tasks.office.com
https://powerlift-frontdesk.acompli.net
https://res.getmicrosoftkey.com/api/redemptionevents
https://graph.ppe.windows.net
https://ecs.office.com/config/v2/Office
http://www.reddit.com/
https://portal.office.com/account/?ref=ClientMeControl
https://cdn.segment.com/analytics.js/v1/9at6spGDYXelHDdz4r0cP73b3wV1f0ri/analytics.min.js
https://cr.office.com
https://api.diagnosticssdf.office.com
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
https://api.microsoftstream.com/api/
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://public-assets.typeform.com/public/favicon/apple-touch-icon.png
https://ofcrecsvcapi-int.azurewebsites.net/
https://images.typeform.com
https://public-assets.typeform.com
https://api.aadrm.com/
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://entitlement.diagnosticssdf.office.com
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ZlFRrg5s[1].htm
 HTML document, UTF-8 Unicode text, with very long lines
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG
 ASCII text
 #
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
 ASCII text, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa91f3b9-9420-45a4-80ce-8851f76db981.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f1a10366-1ee1-4f75-bd61-9f6fbc002c7c.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
 MPEG-4 LOAS
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c44fee25-0092-40ac-a9da-5f73eae89e17.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\20e2898a-d285-4d9f-8d10-b7e7f4aba100.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ea1248e2-0a9f-4741-8e90-d8c262f479e6.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\LnkQ4hGmxTTD[1].png
 PNG image data, 131 x 109, 8-bit/color RGBA, non-interlaced
 #
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B4F4C909.jpeg
 JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 816x1056, frames 3
 #
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D4DE5721-EBA8-4504-8FEE-A00A3563C20B
 XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat
 data
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.18.0\Indexing in Progress
 empty
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
 XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BFCE4E9-55D1-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BFCE4E7-55D1-11EB-90EB-ECF4BBEA1588}.dat
 Microsoft Word Document
 #
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\24mbw17feyn.typeform[1].xml
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\f1518fdb-9dbc-4a48-aa35-2ffa77485d5a.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\df951774-713f-4ed2-a238-1938e7fec817.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\d79b57a5-124b-4867-9ec0-2946e4bc40a5.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\b8b4bedb-dcae-4f37-b100-d8f672b30c59.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\a85084f5-fe15-4d9b-8431-bdec6b2b0a77.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\a53bfe15-510a-4783-8735-83614c03a371.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir1380_2128720777\Ruleset Data
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\433510f9-d009-4436-b79d-8362dbef739a.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
 x86 executable not stripped
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75b6d577ef7e1c2b_0
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5b4c207083ca8268_0
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\45f83ee2a5dff1fd_0
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\06e7ddbb9e13886c_0
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8fcd80dd-fcff-4532-9690-4adef02e9067.tmp
 very short file (no magic)
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\885d0152-61f9-4bc2-8f6d-3463cb597828.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7db05ec8-0ce4-444f-9033-de204e61a328.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\275d7afb-2a2f-471c-8364-036aeb480a2a.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05f90d01-05c6-4c9e-8eee-cd2c527f665c.tmp
 UTF-8 Unicode text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\05835c44-982c-44b5-913a-2d082b35336b.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\748b0c34-1a12-4268-bcec-551967eff599.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\39c4aff4-8de1-4f02-8578-c2433955c8e4.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\3778490d-51e1-4011-a535-4e5c5b24193b.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\25d33ad3-8e2d-4c82-ac05-468efc067692.tmp
 SysEx File -
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\2142d810-d0fd-4283-982d-74e4029f24e3.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\0daa239f-c2f1-497f-a03b-d83a2dde088f.tmp
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\0793a687-1f65-4732-8b2a-c195738cb07c.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\06bc3361-d8cd-49e4-8179-fa6669ef9440.tmp
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons
 SQLite 3.x database, last written using SQLite version 3032001
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_1\_metadata\computed_hashes.json
 ASCII text, with very long lines, with no line terminators
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
 ASCII text
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
 data
 #
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
 data
 #