Analysis Report https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton

Overview

General Information

Sample URL:	https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Analysis ID:	321415
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish_20

Yara detected HtmlPhish_35

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Submit button contains javascript call

Classification

Signatures

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Phishing site detected (based on favicon image match)

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish_20

Source: Yara match	File source: 473627.pages.csv, type: HTML
Source: Yara match	File source: 473627.1.links.csv, type: HTML

Yara detected HtmlPhish_35

Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ois[1].htm, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ois[1].htm, type: DROPPED

Phishing site detected (based on image similarity)

Source: https://vapdelbnbapp.firebaseapp.com/fguysvcxcd/themes/imgs/microsoft_logo.svg

Matcher: Found strong image similarity, brand: Microsoft

Jump to dropped file

Phishing site detected (based on logo template match)

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	Matcher: Template: microsoft matched
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: Number of links: 0
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: Number of links: 0
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: Number of links: 0
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: Number of links: 0
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: Title: Sign in with Office 365 does not match URL
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: Title: Create account does not match URL
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: Title: Create account does not match URL

Submit button contains javascript call

Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: On click: OnBack(); return false;
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: No <meta name="author".. found
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: No <meta name="author".. found
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: No <meta name="author".. found
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: No <meta name="author".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: No <meta name="author".. found

Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: No <meta name="copyright".. found
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	HTTP Parser: No <meta name="copyright".. found
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: No <meta name="copyright".. found
Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: No <meta name="copyright".. found
Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1	HTTP Parser: No <meta name="copyright".. found

Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: <ul><li>Sources of personal data: Interactions with users</li><li>Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot</li><li>Recipients: Service providers and user-directed entities</li></ul></li></ul><p>While the bulleted list above contains the primary sources and purposes of processing for each category of personal data, we also collect personal data from the sources listed in the <a target="_blank" class="mscom-link" href="#mainpersonaldatawecollect">Personal data we collect</a> section, such as developers who create experiences through or for Microsoft products. Similarly, we process all categories of personal data for the purposes described in the <a target="_blank" class="mscom-link" href="#mainhowweusepersonaldatamodule">How we use personal data</a> section, such as meeting our legal obligations, developing our workforce, and doing research.</p><p><strong>Disclosures of personal data for business or commercial purposes</strong>. As indicated in the <a target="_blank" class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. However, we share all categories of personal data for the business and commercial purposes in the <a class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section.</p></span></div><div class="divModuleDescription"><span id="Header">Advertising</span><span id="navigationHeader">Advertising</span><span id="moduleName">mainadvertisingmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>Advertising allows us to provide, support, and improve some of our products. Microsoft does not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target ads to you. We use other data, detailed below, for advertising in our products and on third-party properties. For example:</p><ul><li>Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as <a target="_blank" class="mscom-link" href="https://www.microsoft.com">Microsoft.com</a>, MSN, and Bing.</li><li>When the advertising ID is enabled in Windows 10 as part of your privacy settings, third parties can access and use the advertising ID (much the same way that websites can access and use a unique identifier stored in a cookie) to select and deliver ads in such apps.</li><li>We may share data we collect with partners, such as Verizon Media, AppNexus, or Facebook (see below), so that the ads you see in our products and their products are more r
Source: Cookies.1.dr	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: Cookies.1.dr	String found in binary or memory: c.www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: Cookies.1.dr	String found in binary or memory: c.www.linkedin.combscookie//L equals www.linkedin.com (Linkedin)
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: s <a target="_blank" class="mscom-link" href="https://www.linkedin.com/legal/privacy-policy">Privacy Policy</a>.</p></span></div><div class="divModuleDescription"><span id="Header">Search, Microsoft Edge, and artificial intelligence</span><span id="navigationHeader">Search, Microsoft Edge, and artificial intelligence</span><span id="moduleName">mainsearchaimodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information equals www.linkedin.com (Linkedin)
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also personalize ads based on custom, non-sensitive health-related interest categories as requested by advertisers.</li><li><strong>Children and advertising</strong>. We do not deliver personalized advertising to children whose birthdate in their Microsoft account identifies them as under 16 years of age.</li><li><strong>Data retention</strong>. For personalized advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.</li><li><strong>Data sharing</strong>. In some cases, we share with advertisers reports about the data we have collected on their sites or ads.</li></ul><p><strong>Data collected by other advertising companies</strong>. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Microsoft partners with third-party ad companies to help provide some of our advertising services, and we also allow other third-party ad companies to display advertisements on our sites. These third parties may place cookies on your computer and collect data about your online activities across websites or online services. These companies currently include, but are not limited to: <a target="_blank" class="mscom-link" href="https://www.appnexus.com/">AppNexus</a>, <a target="_blank" class="mscom-link" href="https://www.facebook.com/help/568137493302217">Facebook</a>, <a target="_blank" class="mscom-link" href="https://www.media.net/adchoices">Media.net</a>, <a target="_blank" class="mscom-link" href="https://my.outbrain.com/recommendations-settings/home">Outbrain</a>, <a target="_blank" class="mscom-link" href="https://www.taboola.com/privacy-policy#user-choices-and-optout">Taboola</a> and <a target="_blank" class="mscom-link" href="https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html">Verizon Media</a>. Select any of the preceding links to find more information on each company's practices, including the choices it offers. Many of these companies are also members of the <a target="_blank" class="mscom-link" href="https://www.networkadvertising.org/managing/opt_out.aspx">NAI</a> or <a target="_blank" class="mscom-link" href="https://www.aboutads.info/choices/">DAA</a>, which each provide a simple way to opt out of ad targeting from participating companies.</p></span></div><div class="divModuleDescription"><span id="Header">Collection of data from children</span><span id="navigationHeader">Collection of data from children</span><span id="moduleName">maincollectionofdatafromchildrenmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>When a Microsoft product collects age, and there is an age in your jurisdiction under which parental consent or authorization is required to use the p

Source: unknown

DNS traffic detected: queries for: www.canva.com

Source: axios.min[1].js.9.dr	String found in binary or memory: http://feross.org
Source: icons[1].eot.9.dr	String found in binary or memory: http://fontello.com
Source: icons[1].eot.9.dr	String found in binary or memory: http://fontello.comiconsRegulariconsiconsVersion
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: 50-f1e180[1].js.9.dr	String found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.9.dr	String found in binary or memory: http://jquery.com/
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.9.dr	String found in binary or memory: http://jquery.org/license
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.9.dr	String found in binary or memory: http://knockoutjs.com/
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.9.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.php)
Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.9.dr	String found in binary or memory: http://sizzlejs.com/
Source: explorer.exe, 00000003.00000000.653903529.0000000002B50000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: http://www.asp.net/ajaxlibrary/CDN.ashx.
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.9.dr	String found in binary or memory: http://www.json.org/json2.js
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: http://www.mpegla.com
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: http://www.mpegla.com).
Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.9.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: explorer.exe, 00000003.00000000.669306015.000000000B976000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Current Session.0.dr	String found in binary or memory: https://9812343.fls.doubleclick.net
Source: Current Session.0.dr	String found in binary or memory: https://9812343.fls.doubleclick.net/activityi;dc_pre=CPXhifynlO0CFQbhuwgdo-gHww;src=9812343;type=ret
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=RrI6%2F6uhRf8Bamd0EHaUo7aah9x8n8AF%2BnzkNA10dqLmwzpodG9QtLqKsz
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=aW2xMiZ3RDaz89WO4lC7JHnHmA8KwPbvn2lgToL2UL%2BuOFrik%2FuuuxVGKh
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=j58cTkLrSxTm%2BifGB25qLfcJ949J3J7RS44PQ%2Ft0qiSIgYwA30jMx5yas%
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=v4prBolerkKeiP8s3KyQOMPHSF%2FOV8X4ERoqkDtraXTfrNWH0AcLl114zcoG
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=yKTF3Tw3WsroBgCs9Rxj4V5KpFLD3NThcAIBlXbYHHfXWpC34FRp1AxKnv18dg
Source: manifest.json0.0.dr, 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)
Source: imagestore.dat.9.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
Source: imagestore.dat.9.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~
Source: imagestore.dat.9.dr	String found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~(
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1
Source: signup[1].htm.9.dr	String found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1
Source: Current Session.0.dr	String found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CPXhifynlO0CFQbhuwgdo-gHww;src=9812343;type=retar0;c
Source: Current Session.0.dr	String found in binary or memory: https://adservice.google.com
Source: Current Session.0.dr	String found in binary or memory: https://adservice.google.com/ddm/fls/i/dc_pre=CPXhifynlO0CFQbhuwgdo-gHww;src=9812343;type=retar0;cat
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://aka.ms/redeemrewards
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://aka.ms/redeemrewards).
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://aka.ms/taxservice
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://aka.ms/useterms
Source: manifest.json0.0.dr, 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: signup[1].htm.9.dr	String found in binary or memory: https://az416426.vo.msecnd.net/scripts/c/ms.analytics-web-2.min.js
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://candanappGHUr/lgy3xO/bsites.net/RG3aVe6
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://candanappGHUr/lgy3xO/bsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca1
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://candanappdevmoe.azurewebsites.ne
Source: ~DF9D51126FF4AB1D0F.TMP.8.dr	String found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/
Source: ~DF9D51126FF4AB1D0F.TMP.8.dr	String found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/$HTTP
Source: ~DF9D51126FF4AB1D0F.TMP.8.dr	String found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/SPS
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0c
Source: c4950d0815c21f68_0.0.dr, dda81cf9b0b047b1_0.0.dr, c2189956b60b2ce5_0.0.dr	String found in binary or memory: https://canva.com/
Source: 4cbfe86bb692371e_0.0.dr	String found in binary or memory: https://canva.com/$2
Source: 6726d42dc28e6fb9_0.0.dr	String found in binary or memory: https://canva.com/1
Source: 270ae0528ce28f93_0.0.dr	String found in binary or memory: https://canva.com/M
Source: bb69cd55fcfa7140_0.0.dr	String found in binary or memory: https://canva.com/U_
Source: e4115b2c93fca474_0.0.dr	String found in binary or memory: https://canva.com/h
Source: c3d256598d5af694_0.0.dr	String found in binary or memory: https://canva.com/p
Source: 56a246e5228caa4a_0.0.dr	String found in binary or memory: https://canva.com/q3
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://developer.yahoo.com/flurry/end-user-opt-out/
Source: 2a4dce63-53c8-42f1-bd1f-a68a480ec17f.tmp.1.dr, 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr, e8d153f1-2252-49dc-be36-ebde0e5a28b9.tmp.1.dr	String found in binary or memory: https://dns.google
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: signup[1].htm.9.dr	String found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: app[1].css.9.dr	String found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: mobile-detect.min[1].js.9.dr	String found in binary or memory: https://github.com/hgoebl/mobile-detect.js
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: e4115b2c93fca474_0.0.dr	String found in binary or memory: https://js.appboycdn.com/web-sdk/3.0/appboy.core.min.js
Source: signup[1].htm.9.dr	String found in binary or memory: https://login.live.com
Source: 2Jmn3lA[1].htm.9.dr	String found in binary or memory: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&amp;mkt=EN-US&amp;vv=1600
Source: 39oebGZ[1].htm.9.dr	String found in binary or memory: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&amp;mkt=EN-US&amp;vv=1600
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://login.skype.com/login
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://mixer.com/about/tos
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://mixer.com/contact
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://mixpanel.com/optout
Source: lodash.min[1].js.9.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://ondemand.webtrends.com/support/optout.asp
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://privacy.micros
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 000003.log2.0.dr	String found in binary or memory: https://sdk.iad-01.braze.com/api/v3
Source: imagestore.dat.9.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
Source: imagestore.dat.9.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico~
Source: imagestore.dat.9.dr	String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico~(
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://signin.kissmetrics.com/privacy/#controls
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://signup.live.co
Source: ~DF9D51126FF4AB1D0F.TMP.8.dr	String found in binary or memory: https://signup.live.com/
Source: signup[1].htm.9.dr	String found in binary or memory: https://signup.live.com/error.aspx?errcode=1045&mkt=en-US
Source: ~DF9D51126FF4AB1D0F.TMP.8.dr	String found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wrepl
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://skype.com/go/myaccount
Source: 5e83b9cfa3f81ad1_0.0.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: Favicons.0.dr	String found in binary or memory: https://static.canva.com/static/images/favicon.ico
Source: d0b48746d2734b6a_0.0.dr	String found in binary or memory: https://static.canva.com/static/lib/cl/cl-0.4.1.min.js
Source: c4950d0815c21f68_0.0.dr	String found in binary or memory: https://static.canva.com/static/lib/sentry/5.15.4.min.js
Source: 56a246e5228caa4a_0.0.dr	String found in binary or memory: https://static.canva.com/web/169aab431c6d134d2e5b.2.js
Source: e3511df7a5a5c326_0.0.dr	String found in binary or memory: https://static.canva.com/web/292bbecde0fce6ffe18847a12c9a6dc6.2.runtime.js
Source: b21148925dccb19e_0.0.dr	String found in binary or memory: https://static.canva.com/web/36db7dd680be1e933b01f9539cc51480.2.js
Source: bb69cd55fcfa7140_0.0.dr	String found in binary or memory: https://static.canva.com/web/3ad8884d65b676ef0625a45577e2cc20.2.js
Source: be13fec43ec95b31_0.0.dr	String found in binary or memory: https://static.canva.com/web/a8284a82e57c7d67d5e3.2.js
Source: 4cbfe86bb692371e_0.0.dr	String found in binary or memory: https://static.canva.com/web/b144f4025476bd90a66e5378b1d15df650125aed.strings.js
Source: dda81cf9b0b047b1_0.0.dr	String found in binary or memory: https://static.canva.com/web/cb08f5718bdf9fb49247.2.js
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://support.xbox.com/help/friends-social-activity/community/use-safety-settings
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://tools.google.com/dlpage/gaoptout
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.aboutads.info/
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.acuityads.com/opt-out/
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.adjust.com/opt-out/
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.adr.org
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.appnexus.com/
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.appsflyer.com/optout
Source: 000003.log3.0.dr, Current Session.0.dr	String found in binary or memory: https://www.canva.com
Source: QuotaManager.0.dr	String found in binary or memory: https://www.canva.com/
Source: History.0.dr	String found in binary or memory: https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_cam
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.clicktale.net/disable.html
Source: c3d256598d5af694_0.0.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 6726d42dc28e6fb9_0.0.dr	String found in binary or memory: https://www.google-analytics.com/plugins/ua/ec.js
Source: manifest.json0.0.dr, 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.google.com/intl/en_ALL/help/terms_maps.html
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 7f6bd7aed19fc99b_0.0.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion/804757079/?random=1605984900626&cv=9&fst=16059849
Source: 270ae0528ce28f93_0.0.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: eba1480a166263c9_0.0.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-TZPTKRR&l=dataLayer
Source: 13f18794-7164-4700-be87-b9da15fd8ee6.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.here.com/)
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.linkedin.com/legal/privacy-policy
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
Source: {18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat.8.dr	String found in binary or memory: https://www.microsoft.
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.optimizely.com/legal/opt-out/
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.privacyshield.gov/welcome
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com).
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com/go/allrates
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com/go/legal
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com/go/legal.broadcast
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com/go/store.reactivate.credit
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.skype.com/go/ustax
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/Legal/ThirdPartyDataSharing
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/en-US/Legal/CodeOfConduct
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/en-US/Legal/CodeOfConduct)
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/managedatacollection
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/xbox-game-studios
Source: servicesagreement[1].htm.9.dr	String found in binary or memory: https://www.xbox.com/xbox-game-studios)
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.youradchoices.ca
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.youradchoices.ca/fr
Source: PrivacyStatement[1].htm.9.dr	String found in binary or memory: https://www.youronlinechoices.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal88.phis.win@36/273@32/22

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5FB96280-1A4C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\e8910868-be4c-442d-82c3-5e812f5359eb.tmp

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --force-renderer-accessibility 'https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,11732546741858598205,15005368519812649130,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1752 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D}
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:8120 CREDAT:17410 /prefetch:2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,11732546741858598205,15005368519812649130,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1752 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:8120 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next
Source: C:\Program Files\internet explorer\iexplore.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source:	Binary string: wscui.pdbUGP source: explorer.exe, 00000003.00000000.663965188.0000000005A00000.00000002.00000001.sdmp
Source:	Binary string: wscui.pdb source: explorer.exe, 00000003.00000000.663965188.0000000005A00000.00000002.00000001.sdmp

Source: explorer.exe, 00000003.00000000.668976027.000000000A897000.00000004.00000001.sdmp	Binary or memory string: 700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA~
Source: explorer.exe, 00000003.00000000.668114684.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000003.00000000.663320325.00000000058C0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: explorer.exe, 00000003.00000000.664618097.0000000006650000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000003.00000000.668114684.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000003.00000000.660981778.0000000004710000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
Source: explorer.exe, 00000003.00000000.668782858.000000000A716000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
Source: explorer.exe, 00000003.00000000.663320325.00000000058C0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: explorer.exe, 00000003.00000000.663320325.00000000058C0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: explorer.exe, 00000003.00000000.668832231.000000000A782000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
Source: explorer.exe, 00000003.00000000.663320325.00000000058C0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: explorer.exe, 00000003.00000000.653036555.0000000000AD8000.00000004.00000020.sdmp	Binary or memory string: ProgmanMD6
Source: explorer.exe, 00000003.00000000.653268091.0000000001080000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000003.00000000.664605514.0000000005E50000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000003.00000000.653268091.0000000001080000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000003.00000000.653268091.0000000001080000.00000002.00000001.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000003.00000000.668782858.000000000A716000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWnd5D

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
108.177.15.154	unknown	United States	15169	GOOGLEUS	false
216.58.205.226	unknown	United States	15169	GOOGLEUS	false
172.217.22.66	unknown	United States	15169	GOOGLEUS	false
104.16.124.175	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.215.67	unknown	United States	13335	CLOUDFLARENETUS	false
185.63.144.5	unknown	United States	14413	LINKEDINUS	false
185.60.216.35	unknown	Ireland	32934	FACEBOOKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	unknown	United States	15133	EDGECASTUS	false
172.217.18.102	unknown	United States	15169	GOOGLEUS	false
172.217.21.195	unknown	United States	15169	GOOGLEUS	false
172.217.16.194	unknown	United States	15169	GOOGLEUS	false
172.217.16.193	unknown	United States	15169	GOOGLEUS	false
212.82.100.181	unknown	United Kingdom	34010	YAHOO-IRDGB	false
104.18.216.67	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.1.195	unknown	United States	54113	FASTLYUS	false
172.217.23.98	unknown	United States	15169	GOOGLEUS	false
67.199.248.10	unknown	United States	396982	GOOGLE-PRIVATE-CLOUDUS	false
104.22.9.79	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.185.66	unknown	United States	13335	CLOUDFLARENETUS	false
104.16.19.94	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
star-mini.c10r.facebook.com	185.60.216.35	true
dart.l.doubleclick.net	172.217.18.102	true
pagead46.l.doubleclick.net	172.217.23.98	true
stats.l.doubleclick.net	108.177.15.154	true
sni1gl.wpc.alphacdn.net	152.199.21.175	true
cl.canva.com	104.18.216.67	true
vapdelbnbapp.firebaseapp.com	151.101.1.195	true
www.canva.com	104.18.215.67	true
spdc-global.pbp.gysm.yahoodns.net	212.82.100.181	true
pop-tln1-alpha.mix.linkedin.com	185.63.144.5	true
cnd11.smsmail.net	172.67.185.66	true
static.canva.com	104.18.216.67	true
pagead.l.doubleclick.net	216.58.205.226	true
js.appboycdn.com	104.22.9.79	true
cdnjs.cloudflare.com	104.16.19.94	true
bit.ly	67.199.248.10	true
font-public.canva.com	104.18.215.67	true
www.google.co.uk	172.217.21.195	true
unpkg.com	104.16.124.175	true
googlehosted.l.googleusercontent.com	172.217.16.193	true
media-private.canva.com	104.18.216.67	true
sp.analytics.yahoo.com	unknown	unknown
sdk.iad-01.braze.com	unknown	unknown
assets.onestore.ms	unknown	unknown
acctcdn.msauth.net	unknown	unknown
ajax.aspnetcdn.com	unknown	unknown
adservice.google.co.uk	unknown	unknown
stats.g.doubleclick.net	unknown	unknown
client.hip.live.com	unknown	unknown
clients2.googleusercontent.com	unknown	unknown
secure.aadcdn.microsoftonline-p.com	unknown	unknown
www.facebook.com	unknown	unknown
signup.live.com	unknown	unknown
www.linkedin.com	unknown	unknown
aadcdn.msauth.net	unknown	unknown
px.ads.linkedin.com	unknown	unknown
candanappdevmoe.azurewebsites.net	unknown	unknown
googleads.g.doubleclick.net	unknown	unknown
snap.licdn.com	unknown	unknown
9812343.fls.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/Umolh1n7Zre4LrFlHAzNANn4EAJkIjpIAJQJ2a9-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-PenYufW5GJ10TL4CWplkVPjQPYhRRPu3UpBfORylr9rgqo1afqTdA8dbrthM595yI030V7c0y7J45Qhsl7jmrmZB008iRII-8tEiLm1CEIozXYyPvoAMQUjyEoOBKIybdzgJF6a2YehPPRNl9jogm8OQcHXhcmC6lqkTIdwTnA/D1710RZrrztcKgkEZ4JFqIWIPWV5jXvcqcQGJBtbA7iNk0YKz7LRuiS5wa888sf8gq	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/riY01eQv887WU97FVLJpUH3nwahsbJVSKWGfN1S-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-ALxhpotzQX4Kno3EABjId9bKhZXdr81TPrNibSp5cetprWbvSr2wotx6wTV7UbQxXWoy8oxtr8Y75ffZCVcXCY5SHEkNm5u-5CSfWsT50XMXwKBmzDTgjftO5FWYMCKrYujcOUMofd7ZpHVGMlp5vUkBW2pkno7bpIMMZCmgbw/1LczHYZ0J6EiKvr07cnkHnbiTXBH4kslNTBLXfkemVwqzryLlzmwn1Swku1zFAFj9p	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\4007a6f6-7c08-484e-a2c4-b5fa92c8e8c7.tmp	data	0755F3FA2F669F2B4CAA424C278DC5B0	BEAAC1DCEE0090F8C08E5D49AC2FD55F0F40521F	0BCC57F62E431D695191DCC4C62A53B044A5456905B1FDEE2F09565C376F3F0E
C:\Users\user\AppData\Local\Google\Chrome\User Data\984134fe-e9b9-4fb6-98a5-206eeb4dc9fe.tmp	ASCII text, with very long lines, with no line terminators	FD4A810071A015549E0549A77F1753F3	D67922F7A44933E1FD753142DCFF19EC0DB27B06	32756CDF3A4D24F0E2717E43DAF474CABB268F4A4652A6C6D4EE1FEB12577818
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	E6C1693D9F0F6B6E878D098FBFD4C92A	D9D2708143B4A3BA5D14DFED59DCB6B88DF172D9	E9DA6B8F6549D084D8740EB4C25755989B057EBF4F36B5E526F34DFFAB7500CF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\00a53aa8-48ec-40ab-be40-fb1bac72e355.tmp	ASCII text, with very long lines, with no line terminators	91F256FDCC91B481CBC510FAECCCEEE7	866F7A1E02D12CEC509C55E2A995B8D06CB0E533	1CE2EEC89F53304297309887136016A5CDCC5898AE9EDF4D3F847E5494FC729F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\13f18794-7164-4700-be87-b9da15fd8ee6.tmp	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7451052b-e8bd-46fd-b306-473b9332d20b.tmp	ASCII text, with very long lines, with no line terminators	3653465877ED98D67E2A45F2EE7C81F6	C50A171839057A153E736B0EF93DE7C8867CDD2C	0F4A76F398018D5AE94B179162BBEB10A108B84060B5A317FC4D17A303C41DD6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9e7b714b-9213-4edb-837c-bff706fa3709.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	B600B746AB0AEFFA16F543F31A6AE9C6	BA2690BBAC745AE8436BC41096D73271F52E9778	F5A0313571276DFB3BAE3D424A8742D59A982D10336073998E200C2E6DDD5D1D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	E032E12A864E7B0B57F3536DC7A4CFFD	C35E2F8FDE71796BA4AD44BF772BB1B85EF50D64	53892D135379A09F39EFDF216265E307C99EA74A4A84BC93B636D46F7C915710
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	7B258E6B2DC5AFA19762E48A1AE52205	8947857411269F03F0F14FFE8CAFA3B14F251F69	67C3E3FB85BA7121C2F98C672132D1175EEA6F0A01EBBDD24A6445ED14F2456F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\270ae0528ce28f93_0	data	F7FD1F0A163E69AA4AFBE628457ACDEE	E2C09CAFFF600BF17C0F38277C9AF5A9D6F779C8	A48D2856ECCD180436D97FA566A1E2FF45993371A70E091A35CCE71B2E335F22
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4cbfe86bb692371e_0	data	27560E195C931469EED19C1FBAFDBA84	03035534C3C4746C08012A660945AF094143850E	F3E86335D871EFCA6C6A7FD6FC6F841A69AD6D64D462D3EA2F9D98C84D2355F8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56a246e5228caa4a_0	data	DFB99F2C2564B6D96B57BC7588CDB8E0	3D5DCEBC4ADC8C67DA7165B2774CE06269512F74	9BC74742D4F9071D39A8D114BBA7ABCA436F79254F01462D6A31449059FEB898
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e83b9cfa3f81ad1_0	data	EC823936C1F05EBE8213DD562D9E3CF6	2940E77E492A09BB1AF3A577076AB4DA865E8B06	170E2D6F6B7A5D05D8529EBC59D1AB093FD91E4F584A58BF0A44495570375347
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6726d42dc28e6fb9_0	data	8AF361D3B25AD7F0778BF5B203CEA729	8F72C3080839942B3D82C52DF37AF152B9D56DE7	50AB8CDBA7E3209C17E3BA4B2D1E457752269754D7DBA74D116DBFA9B895FCB0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7f6bd7aed19fc99b_0	data	3DF5764DA4E003F927FE3DE0D39A4590	D3E8D72898EE8BCE60C3095EB69847E968738227	81458BF973A68153EB0B1050398B21A6D8EE0D94C4E1279A5F2493F2ABD0BCED
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b21148925dccb19e_0	data	C914B12730F4B925B5B2A9DF66D556A5	F1C9C61A89E3CFBB47D87138D14F0E4BB701D351	495CC9F649B3DDA6D7F93C2F5EF87F917CBAFCD579300CCADC2278D931D4B22E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bb69cd55fcfa7140_0	data	EC71016FCD7624627B737B7355AB2823	F20182C2121405E3367607DFB2E5A984DA913EF6	DCD56D38B24ED396476662E52C05AB51645F63702EF3A68D584A4B8ACF6E3534
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\be13fec43ec95b31_0	data	A2A29E89DBE83FBB95FB5253AC1FBCFF	63AC49F63FBB0E4C30C321429B5FBFF9CBBE65FA	08FDD3AFD505732151A1BFDBAE97DB3A823A38EC57D3C06FB0CC345886AFA8AB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2189956b60b2ce5_0	data	3C2D3E96EF5D150E865ED51D33DA871C	E4124C20326416696EC91D8B3B0BABA414CC4DDF	50D8ED7A67F4C1D1837A0C195FD56AFF40405E074215620D75DE6434D199610A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c3d256598d5af694_0	data	470A2B19FF83D1EF45DDE9ABD0CA7A00	090448F658F9ED276295A15BB99963149A766804	98F5DB774F16FB9B2171124BFDDED6E579E9B4DC793A7652FA772AB748896E87
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c4950d0815c21f68_0	data	BAE81DF2B0A366F9A98A4E772CDA1719	C9B59BCF7E1D0895256F1662E1CE4C00CF13D4B4	E445DF83232460664FB2F9AF16F062E427D535EEF2C08BA03FE29FE551E760F9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0b48746d2734b6a_0	data	FF05183400CFE4634AB3035ECACB903E	F159004A85E0B01434071D1DCE70086E0B138A76	FCFA2A97CB3EA34EF0F8E1CA9B28C457732CAA25DF4CA7FE96487020EE99CCA0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dda81cf9b0b047b1_0	data	B41EBADDD8BF35F607C9A237096B8D86	9E6D1DE903B52300DA997C2D60ABD427A8B74F05	BAC82A244EFCB51DB91C635E180152013FED1B5E38B08F595E7ABBFBA1E9A0A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e3511df7a5a5c326_0	data	8118C15B781521D6EFF410A174FC8686	B6B628EEDFDBF40B91E900F9542CDF5E418E01AD	881BF4B050EE7F1ADB4E045B081ACA2B23ABCF61FFB10686432B07178F942A30
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e4115b2c93fca474_0	data	EF6E187FEE0B4627D5C9C4930C960CA3	9A17057DEB87F47C161350534C78C81815C5BEBA	39DC3495F2BD56759903B2D96EFAD58D2E643956EBAFD75C89397307D778049C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eba1480a166263c9_0	data	5D98312764C5799178E8FBE38D97DFEA	98FD35D1C44D2CE45A1D1F36D825DE4E399FC6B9	E43080FA5C2ECA2126D977D82AC33915A6D9E600B55D17694CA20B0452BDDA1D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index	data	8F855F3E422DC98AA834A4345A0E0F1E	2A964D99D500A5CA72EFEA554D2ADA88B76377DD	C4433738976D9E0E1ECE21A885AEA3B6B998A01CD56B77E86ECDA22418C35699
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	E430AE175EFE80BA6E1DAD51C1D3B741	F00BD2D0A370AE3A878BDD7641DA182EE428AF0F	47B533AA632F5DAD196A460C38267970732CDC637D858E3CF5B776009741FC63
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal	data	4FA06C5A1E42DE88E78D19E570485A55	FC00125BE4C52BB01BBA46DC65EA7A57D4D6BBF2	0561E2FE1FC1F0410B66C6616E5B5FC2D17EF7FD0BE845F3B013E1D80757AA53
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	6315498C76D66A35EECA5A3F2C8892F4	3963C268D401DDF3503D5D8775A03485A14580BF	7BB5A41E9DBA1C347547701CFC6F1067BBB786081503B8F4E474D77DA8545BDF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	A6F19D87A9FECD74BECD85527B2AA15A	B2558F22DB4B9B72C8DF48C1D964FDCBCE624DD2	F8A38B6E1F0BA9244F8BB75AB29A0EE899A5DEDFC846C33F35C3E3A1A0ADFF65
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	C92EABB217D45C77F8D52725AD3758F0	43B422AC002BB445E2E9B2C27D74C27CD70C9975	388C5C95F0F54F32B499C03A37AABFA5E0A31030EC70D0956A239942544B0EEA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	65C30C27720A26DBA28D3112F13505B6	41DA63D4B6111631327539477FF9A67C1A99CA34	9032CB7A84AD1B776329E4E5FEE8A6F3B2BBADC05B6304C8B04962FA5FD0822C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	58E0F46E53B12F255C9DCFD2FC198362	24E3904DED013ED70FFC033CFA4855FBB6C41C19	F82EEF4F80D86F5DEF0F40F91FFB6453E1706CA5FD8A7172EDB19C4B17E2F330
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	6AE2135EA4583C2F06CDEBEA4AE70FA4	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons	SQLite 3.x database, last written using SQLite version 3032001	7944315521DF9A96E8F5B64E1F33F4DA	4439C37F332B686E97BAC25B389D409668637B25	1A1674291274E85E76153A5D012464B558BD561D8F13853A2BA89D9CABB7F76E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal	data	AB7DF371E565C59F5D7D22EFC7E400F5	AEA1494CBD916BACA47A32809314EE1FEAAA8FEE	3AE26FD7DE82C4059AA76C456913A93B8B3F78F32E1C3831DD65215D1BE02CB8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	0407B455F23E3655661BA46A574CFCA4	855CB7CC8EAC30458B4207614D046CB09EE3A591	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	D92B59A1A462AA733DD785538834BE93	51F635E88D7077EFDCACB9041335D3909B4B6995	85B447D8C030C613584D27A9AE6F252820CCBA5976B896BD1B52452B49A5677E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	D1F99F2BB33043816DD7135ABC10B67B	D3EA8AEE8DEE92CFC01879DDB5E79EF39AADBCD6	7AE516F18621A9F48111FD58D3F9244B3A322DEFB11A3114C5FB3FA29D41A0E6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	C247C4E74A7AE9FE49644972E4BCFC88	E23E3C42665529FE4C94C38D2482DB610C335E63	DEAAFAC52D69D09C52F54CD8CC9B129EE90313F3CAB8D48C74AD66CD9610AFD3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3032001	90D579147BA560FDEBF489214663F8E9	08FFA0B0D30C02A79C99AA82FB44F485742E71C3	4B69F05CE6624EB05AB713C3ACF65423C496D246A2FC957A06F77C293744686A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	6B8039B8C980DA2265F7D0442B61ED4B	A66737FBEFD42ED053CE240ACDB0F76E32C8D257	80EF0401D1B18F9301B51243B47ABCF140D0D4CC2DDD1C858135ADADF370EB67
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	3FD7571F20C29E41D4DB6D852F0D4843	C84E77D6D87E3A3E0FEBC7714BB3F4F4CDCFE8F1	06A4CC2347A464BA5B8E1C1591EC72660E750422DFA1FF013B8447F5C9714007
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.canva.com_0.indexeddb.leveldb\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.canva.com_0.indexeddb.leveldb\000003.log	data	14164B3B685D4DC67E14CA65C053C01B	0831FF6B4229220F941EDAFAB17BEC3B4E0A56C4	430A632362A99BCD3C5E5558CF79F0DFBB1FED4FBF04E24C39F09B82B2581D83
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.canva.com_0.indexeddb.leveldb\LOG	ASCII text	5CADD316C96DED0EE2BFD00B31C2A475	9512FACBB8108E5A7F44155FBAC829BC5BE7E98A	F19D8BB35E09913CEEF972291D0BD36D014D7AE446CBF047F5B91823048B070F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.canva.com_0.indexeddb.leveldb\MANIFEST-000001	data	3FD11FF447C1EE23538DC4D9724427A3	1335E6F71CC4E3CF7025233523B4760F8893E9C9	720A78803B84CBCC8EB204D5CF8EA6EE2F693BE0AB2124DDF2B81455DE02A3ED
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	0D3139BF6DCF7E74CDC599D9464DDF68	F6715D2610ACDB04F5348B79E4313F8293961316	77AB8035BD5C49E8A0D42E376F3C36056008E04A3F99B2D2687988854D4BA033
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	75B31E4C74806C90B72CCD39F2F140F2	93D4C01F261F34ACA5E70F4976F3C0D56D0EBACB	D60BA620D62DB3A06E70A689848C5D9C80753DE28037E42021E18676EC7BDBB3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	8DDD44CBC99FA154F3774238003F0368	DE842022EADC865A74C173478FC9ED5FFC8036F6	0D0737F8F61756EA36BEA8EA258BEC95ABEBA8708302D0FB38089EC2B8CBF81E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager	SQLite 3.x database, last written using SQLite version 3032001	AF331B37541997223B8A5380506D5144	3EF0D7D747EB456235FDB417D7D8F19FCE70F82C	E9C37BD386EFBA2225C3945CA10F8D80F6CA69F864392EFBC81128C5A573026F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal	data	A670D0DBDE9B402E76F364B621809417	9278711985B4531434476636E85910FAC7ECCF8C	17E5E95D6DF932064978FC5C77876738F307900DDD81C58C5F134B2F6DB765DC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	D457C32BBCEB3F869D2A6F5C61050BCB	F32CF74BA7040AFF882795A89EE5B549BFA77B7F	36961E9A53B1E53D98897323ABBECF8B1A80715C81BC8A7E97090EEE0F3FA35E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal	data	772FF81058A8B3632A663E6807A8A14F	8CFFB28B0511EB3A6D9ED4600C71D5A33BF7B22A	E9C43080C8F13CD5E90322C03A0B628814CBB831F30DD3D0A71655972B8ADA44
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	181ED05FAE6D31CDBFC2680CB632F859	B6391180B7167969686A3986E06D975F4CE67FAD	62150C5EA1D8CFDE4916440F9662C32F3DCC1207BBC5441536D121EC683607E4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	70598DE7ADFAF5006A0419927658EF0F	7CD291C5C4AA41110FD82DBD8BF2AC73B5000E3B	D5C1C676F1A24CAF754B780D9D9BD6BDC3DFD9C3AE1EA88AA4B81319E6C3DE4B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	0C7D8B27321D1E9399C63724822D5F12	2F7904945F28EAB51508F2B82E125DFB4F40A7A1	EA28C4C6069BA72F8F55C2A4FA4127343456603B34FB6483623DD29143A0A098
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	C4DF0FB10C4332150B2C336396CE1B66	780A76E101DE3DE2E68D23E64AB1A44D47A73207	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	0ED0911ABAF451FE633B4D12F58D4EC4	39AE670B2C184072A6B8C4DFC82A7DA841587402	37C8E2AFEE70C3D9B3826162F54016A51FDD48EFB17B761722D226EFB2F0E7B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	B5E912D2149B579352C271C29B59C5B4	43BC2C1470BC48FE3B9A3FF7B2D25E5D2DCBCCAA	49349375CF801F1FBBB144E78F4DDF06866D8EDA0D35679367834CC87BFCEFC5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	E556F26DF3E95C19DBAECA8F5DF0C341	247A89F0557FC3666B5173833DB198B188F3AA2E	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	9969DC19A055F0DA5A06A22CCD0BEC64	542CA82EBB32209A0C5E154AA2D70EA321D00AD2	3CAFAC79703AD82E3A57E0CD7174F975A8C63FFD83B684265B636406925F5FE8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\e8d153f1-2252-49dc-be36-ebde0e5a28b9.tmp	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\2a4dce63-53c8-42f1-bd1f-a68a480ec17f.tmp	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	C4DF0FB10C4332150B2C336396CE1B66	780A76E101DE3DE2E68D23E64AB1A44D47A73207	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	6E524D0A040E60B7D9DE497E003776D6	CEF699CCE43DD387BFDA451679A64A45CEC6F993	D5AD76E2E9EE7A5C1F20EAA44778207B786609BCFAAEBD2FCF3A01662ECC240F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	B8795C48BB8B0F7ADDABA45127E1A7F3	DB04A80D869E1A31165759D3EEA12E8093D80031	2CD14C1CBF119445051E6154820433D08B51A20056C84E120DF57C1B8A074731
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	E556F26DF3E95C19DBAECA8F5DF0C341	247A89F0557FC3666B5173833DB198B188F3AA2E	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	E3D8B5354A3F5ABCCB86585FADD4AC25	5A19F69E5ADBFAB55AD874BB84D67327854027A1	6878786076323C91009273636215A3B257A52760E8CCB9F68AF2932DCF8B4CFC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	45A8ECA4E5C4A6B1395080C1B728B6C9	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	B83533B6EEDC5B54BEA1A7C2D67E7F7F	E6A73A45CB3C06645E92953320C7555E88610280	DBDE04043E88F86E35ABA96314FC988C49D4D4C71C9C2A28D5B829B9F1FE7DEF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG	ASCII text	80A247FDBE81D4E965CBF1C732C19A19	F084E8B54C3BB716ADADD283130D829DFD0EB8D2	8FA13C258E139292BB263749548E1544B88305F371E4008E06170BC6DD66B3F2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links	data	F6F565AB482950A0DDEC2E59AEE08FF0	59B64E6D5CD466EE93CB513D1E05F5A2BBC4E257	42ED4CA450D693D8020981F801399B9CA770179CE873FC1BC80BF9C244826E9C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c53c27a6-cdb1-47f5-a1aa-c44562c2649d.tmp	ASCII text, with very long lines, with no line terminators	75C3125B26E7539A6A17060D68D4A3B2	D7F99D0C7436E954E2EC298199CB6FBB9FEA9C7E	EE64D25DD001ACC0806AC95BEE4A87143A75A25CE0F9E4A92A0B2EBA01BAAB56
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c620d02a-bb2b-4a86-97db-32acab4519b5.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	72271E6BBE6C348EF1331F995F6968DA	500CD684C6E873A51E33851E15029DCA9A84DCB3	BD8E9351279125EE9A4D1EB643B3F8D97FE09B838BC05866384FBF8C8A2B0C9E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cc4c80bb-8921-4ef6-91ae-17d42d6b7a64.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	4B8C4B9DA93834F8913D2950C8564FDF	0B8E5AF7289DEBBB1C9E2184414B4A7E806BCFE4	CBAE456A9E83BC5EF915CE37AC0B72081D78CFE0D816208734E46045B32C7C3F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db	SQLite 3.x database, last written using SQLite version 3032001	089C02B21909DD4D739ADC2F093231BF	B33D36CAF38B5B342ACD0EFA9DC0F6F6C37D5F85	184814D16B8115D3929672ABCFBAD21D2440E3F41257AAC26429764340FA19EA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal	data	4B7F9A03AB53F3EA38FAF15B65A2FA4C	D2C12F21754B9345FA4412F4F6DD5E7322728DD9	10D9EB164FEE816CA898BF8C36E4CC5848757517276CE51822A414B05F8D6223
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	ABEBA8008F04C091E67BB3A6CEBC5A0F	556919EE2AB8592A47B0832083397DFFEE35583A	88495DF4CE3ADAE83CE2C13AA9E87791993FFD71E85BF2D4B4D2B24F79FD4AC7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\c073a44b-4e22-4b24-b824-6603e06d2713.tmp	ASCII text, with very long lines, with no line terminators	4B13AE3C0D2FE110CF0A01704A4019E6	D8D939469A65F2A270ACD0B62CDAACA9EC5F624A	72D1B54D598A4CE8C4C0F82699078678E40991E8FEE1CBD0EEB70C57123D2B9F
C:\Users\user\AppData\Local\Google\Chrome\User Data\daf0b36f-ca66-4a83-8f93-d06681184404.tmp	SysEx File -	8B73D5CA5A8C2FB10E3BDD412E68F3FA	35D79D8E3F507DCDA20389E0981A2EE1F1629C5B	434360C950E7B73E4B400022B4C79B703BF96B2C9DB38A22264FBF8A7381E4E8
C:\Users\user\AppData\Local\Google\Chrome\User Data\f43de022-f4d8-4e35-bf84-2d423e4a1f62.tmp	ASCII text, with very long lines, with no line terminators	4B13AE3C0D2FE110CF0A01704A4019E6	D8D939469A65F2A270ACD0B62CDAACA9EC5F624A	72D1B54D598A4CE8C4C0F82699078678E40991E8FEE1CBD0EEB70C57123D2B9F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\candanappdevmoe.azurewebsites[1].xml	ASCII text, with very long lines, with no line terminators	E87B2B46C93D8C830E9B8A83BF4FA37D	C8EFBB2CAD70523C5AD194140CE894EB376D9610	5BD853D672B09DF5F3280F5499D78DF2B37B2884984ED69A3751654F98D23763
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18055A4A-2C2B-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	AD601FA911C83F326895128831D6C4B0	316B1E9B021DC4953FFC2221C6FD89127DEEE7B3	A593F59513A050A47350AA3241A27461B00511163D6030FAAD737203DC21FD8F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18055A4C-2C2B-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	B94FA344128338CA47B26FD9C9660627	6CF6B90DE0B4CC6CD8FA4F5AEB7AB060984C530C	CBFBDF470688FA2549DFA7194554B30F28C9A7C9BF23C90049BCB5DDDF6E8770
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F0C296B-2C2B-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	D4C51D135BE62BCA9A45FA7A0CF9F9F6	2453A8B53F725497452F788DA2594643509DD40C	02BD1590AEF7CA3625F5BD6B452F2EF7C236625B9DBA5DAF7D80296E7FD2855F
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	6AA26C283438205FE0BE69D30E329651	8955427DFFAF9C632A4DFEC038434F5FCEC8CDA2	0DDF8F9FCA62CBC992B77839800B39C59B40C29998A507955FE6147FB2787468
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\39oebGZ[1].htm	HTML document, ASCII text	F87CF707CD5DE27A2DC45E8937B5B279	D41FEC89494938DF928E0F24ADB01CA39DBC46E8	FDD2F5C270688B4A112324C8A4A879B0B846BE1A4A3187369D80A6E9C8E24506
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\7d-3b8b80[1].css	UTF-8 Unicode text, with very long lines	7A091EA3F595695C19CED8B52228FF48	587B8C1FFF5C84755C8BE6C2029FC0B46C0F76B3	C55B3700FA0698B9F057F40512CFD3B9D6AED620598BACE734338F4F6DAF7A86
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\RE1Mu3b[1].png	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\axios.min[1].js	ASCII text, with very long lines	B371B4971205183230CC6C734C09BD7C	4AD94B8585F7F4F8F642FCF43BDF0D40F8EF1BD5	6B2114A050AED49F4A24237D4D1F437B75CA10C6FC8623EAE23C0558C53A7E21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\converged_ux_v2_RfnRCrmapm3W_OFn994CMA2[1].css	ASCII text, with very long lines	45F9D10AB99AA66DD6FCE167F7DE0230	D443993E7ADB3108167BCD94E5D3126A2E3EE7EE	D72952FC8950D26C08C6BAD73D389C35D0EAF164CB73503183A2966DEFAAD991
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\datarequestpackage_h-_7C7UzwdefXJT9njDBTQ2[1].js	ASCII text, with very long lines	87EFFB0BB533C1D79F5C94FD9E30C14D	4E4F5F3CDDDDBFDDB46A1626D7CE579A639DE389	617E32CA57507098771FD30AF6B9DCAB063448F6D7E0BC6D6557DD1895F80543
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http_403[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	3215E2E80AA8B9FABA83D76AEF71F1B9	C7582D414EE6A1DAE098F6DBBBF68ED9641D0023	D91C22EF6451561F346B8C8BC6F98897E2E5C28135A421EE946800F6C8451B24
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\info_48[1]	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced	5565250FCC163AA3A79F0B746416CE69	B97CC66471FCDEE07D0EE36C7FB03F342C231F8F	51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js	ASCII text, with very long lines, with CRLF, LF line terminators	5F50584B68D931B8BB85F523F15BAA14	FAF4BD348F40016BCE0ABF54F167C7923B303ABB	3C829DCF48768082A6177B77AE4E499337ED4C8BD056705CDB1E979F7B6EFCE5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\latest[1].eot	Embedded OpenType (EOT), Segoe UI Light family	17DFE73CB9C64527F7248B0A24DB317D	345198B9239FCDAF038FB2D3A919E4724037DBAA	AD75FB92B2EBCE6C37640F03E1AB96A752F388BCE60C877ADE4780B13839E8C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\lodash.min[1].js	ASCII text, with very long lines	C8515F131F3194C32A3670C8E274FAB6	60DE6E43C4A2C3326275AB12D4FFD90B2582AEE9	23258114961C94563C3E7DF66F059D487995E01F4CE666F2E5B84F1C499E63CC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\microsoft_logo[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\ois[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators	312D0B02ECDAEDCD56603A8D51B65F3C	05250CE6BBAB2570C39B5353FD635452C3D9B5F7	1BD1A2D16A4BADCDB024464A8B21B7C74091B2F13EA13CCD80BF06662DE69EAB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\print-icon[1].png	PNG image data, 16 x 16, 8-bit/color RGB, non-interlaced	023F5AC6E0114AF1F781BE5D3C956385	C166284B8541F1DE32DC5C4DEC635C296BF85C98	75D637BF6B6DFF2525095D0BE7E0C90F012BB118C2EF19099AFDCBC630ADFC79
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\script[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	633B23CA8A850C508C146635DB4239F5	CF78DA53BD7561F3ACB33710016ECBF60E9F0204	DAA1677D2640BE8A77F6C69EEE3911D2F8CF81DAA7BB604800A2D63A8F130C95
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\script[2].js	ASCII text, with very long lines, with no line terminators	F620D4D38655075DF3268D640BF479BD	79BEBF5E6907D4CDD5764B9B9CF3A72932F9C343	7E1377CD02DAFE245ED719FCA972C5E8CFDE30CBF3910D2795A922BB466D08C2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\servicesagreement[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	2ED803CF6565253A8600B3D5BE88FCC8	02A34DD77614C4A07C94A74A3CF51CC39DE3A286	2AEA0F4E21DBD18CF56C20C5E610F5E3755183A8CC85DB29F3B3276F881901E4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\signup[1].htm	HTML document, ASCII text, with very long lines, with CRLF, LF line terminators	2CEB3C096D29F71D0A1FE3DF9C3435DB	EF218A43353C55FCA5C0FBFE2711D28BBA54FDA8	30E5042DD0B9164C48ACDEF91D8965AF1E8EDF8B7A39341FC971E5C0BDD57231
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\vuex.min[1].js	ASCII text, with very long lines	7101720FFAA05035A439A00C348CB05A	CFB58BB7E151ED23B33449D78B74ACF84EDC1D26	5F1597D8C4AD4932102D5F5FBB0C35B827D7CCFC58A30FF6CDFE9DD0C3E5EFA7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_bc3d32a696895f78c19df6c717586a5d[1].svg	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svg	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2_vD0yppaJX3jBnfbHF1hqXQ2[2].svg	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\594a1ffedbcead0d014ab6452e6b1bf4nbr1605868747[1].css	ASCII text, with very long lines, with no line terminators	CB372B95DFCAF79CF09DA253AEDEA8B1	08E7999607C2F6B8EBB5E07681B0F22857D88E94	118F4D0A8C85BFBE5E7DFA3162E04E73C6FCDA9CF1736B28F9472AA7E03BA2AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\7d-3b8b80[1].css	UTF-8 Unicode text, with very long lines	7A091EA3F595695C19CED8B52228FF48	587B8C1FFF5C84755C8BE6C2029FC0B46C0F76B3	C55B3700FA0698B9F057F40512CFD3B9D6AED620598BACE734338F4F6DAF7A86
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\PrivacyStatement[1].htm	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	F8956541E1D86A83E7E0E98E82397BB0	CC5B39E524F3B7E83EC5AB9D5D25540E361E3F0A	FBDE57BC687512A91DAACB002614A28F55363AAF48A6255F1F2007B61AEC58AE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\arrow_px_up[1].gif	GIF image data, version 89a, 7 x 9	95B65C94F57061E15ECC8304D3E578D5	A7483D668A780949FDA842F39877A3C08D0FC51C	BDA2D6EB8E72B3DBCA5EEF086178033F8A2BB3481180B2C63295FCF23843D960
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\c8f347a58d02cef818cc00448cbdfb4c[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	CDA865A15400EC7A2895C04E38B24C31	E1811BABF775B16122DD386F46981113D4B99004	07B7E71891F721121029C1A06F7D976A06EB648F360FC6D85CF81CDE67DEF46C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\icons[1].eot	Embedded OpenType (EOT), icons family	77E1987DF3A0274C5A51E3C55CEE7C98	9B0FE96AF141AB09183F386F65BC627B8C396460	EF04649D4D068673CF0FA47EF4C45C8BE291E703F4EC5FC0E507F17839120AA2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jquery-1.11.2.min[1].js	ASCII text, with very long lines	5790EAD7AD3BA27397AEDFA3D263B867	8130544C215FE5D1EC081D83461BF4A711E74882	2ECD295D295BEC062CEDEBE177E54B9D6B19FC0A841DC5C178C654C9CCFF09C0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\latest[1].eot	Embedded OpenType (EOT), Segoe UI family	CAD76E4816AF6890C9BFD02A6D1EA899	9EDC91541C31034FCE0D83AABBAAD4C314CD3D33	D5794223D1A062E5DBE6C34C1994C8CE3792B24AFD5218D0644CB1F53DA4BE58
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\oneds_Xr2D7Nex80v7A-8bxF8jgQ2[1].js	ASCII text, with very long lines, with CRLF, LF line terminators	5EBD83ECD7B1F34BFB03EF1BC45F2381	CD1E0062A04B11EEB36586766BF5144955250E65	4C57821AA26F21DEEBC39E3C750BC4FE246C430E5E50F4ADD0CFF53943C8C608
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\script[1].js	ASCII text, with very long lines, with no line terminators	B110D87662D257F657ABCCEF7AF5CD09	FD7519D842B6344448E6F1D69DFFA5F896FAE4A6	65E82E7414D88BC864191400084C24DA27052E7A61F9F3C1F1EFDFEE433D558C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\style[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	D0519383C16A2B2D2879BFBF15845F0C	B2FBBC365B2CA853B1CBEAAA0F10BB05148ED9AA	046BA9FDD7992751785036A03AB6EDD3052465C23C2BAD1ADC80905DC6AA39A9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vee-validate.min[1].js	UTF-8 Unicode text, with very long lines	5E18E3D4C35864304D38C3C284F6071B	B8D4F52EC6738FDCFCA4C0B25326E82F4C8BA70A	7649E92AA760B806193241148E8B88F3BC12C4E6CFFBC35622A99477DB798242
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\vue.min[1].js	ASCII text, with very long lines	6C81F02AD0BF8E12A66C18CAB188D029	ABD239F02966B2D324B0512C203BDBAF82A4ED7A	9E0156DD49C03744E79BBEA60EEBBBB94B5811C1B71B91F5FB38A8270DEDFBAF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\337f0c7db1b3ea35c1495edbed3946fdnbr1605868747[1].css	ASCII text, with very long lines, with no line terminators	AF2D0C3A14493654BC5629EC578A7D99	03A2AE4B41764C012F040AAC31CC5E5644C42F28	EC4D5D32EEBA618F5CCD9CD732B42965B3F4B42AAB64F3875E6D6496E8277A0A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Print[1].png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	B8E8859FCD4E43D51233559C17A3C7BD	F0CA023F26A84761995FA0BF6935DE6A3B8AE6F8	DC15A37B4015D0DECF639006E4F9002E742DDBFD7C669EC0AE469057F238B78D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\a3107e4d4ae0ea783cd1177c52f1e6301605868730[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	DF440D2A6D17388FDF60FA004CFFBB1F	A44725B31F89AB5872E1EF80722EF520E7D2BB81	F2DAF401541EDDD339C31364F77549A9817517BF8FC067CF5569771C91EA610C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\background_gradient[1]	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3	20F0110ED5E4E0D5384A496E4880139B	51F5FC61D8BF19100DF0F8AADAA57FCD9C086255	1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\dropdown_caret_KXSZjGsyILZaoTf0sI9X-A2[1].svg	SVG Scalable Vector Graphics image	2974998C6B3220B65AA137F4B08F57F8	F4F08DA689179DE68EE40CD12ECDCC5AC54B3979	96D52BD03E244A44931A541A807067792D638DD29EC14A87A78F2BE85D12D19A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon[2].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\favicon_a[1].ico	MS Windows icon resource - 6 icons, 128x128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery-1.7.2.min[1].js	HTML document, UTF-8 Unicode text, with very long lines	B8D64D0BC142B3F670CC0611B0AEBCAE	ABCD2BA13348F178B17141B445BC99F1917D47AF	47B68DCE8CB6805AD5B3EA4D27AF92A241F4E29A5C12A274C852E4346A0500B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\latest[1].eot	Embedded OpenType (EOT), Segoe UI Semibold family	E812BA8B7E2A657F2B70CFACE93C7682	2F02CDDBB483F9B11BBBE74C3CA917A4C345FBAD	3330C1DEAC468874238DD0C6BF902179A8731EDA8A208C7D01DAC0AB1EAE1BC9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\ois[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with no line terminators	312D0B02ECDAEDCD56603A8D51B65F3C	05250CE6BBAB2570C39B5353FD635452C3D9B5F7	1BD1A2D16A4BADCDB024464A8B21B7C74091B2F13EA13CCD80BF06662DE69EAB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\override[1].css	ASCII text, with very long lines, with CRLF line terminators	A570448F8E33150F5737B9A57B6D889A	860949A95B7598B394AA255FE06F530C3DA24E4E	0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\style[1].css	ASCII text, with very long lines, with no line terminators	2AC383F4677A1036C8EA4289F99A31E3	E65967B9273029CDDD5A5F8DF9E61DACF89CF11C	2206A95E6BAC7C185CC54638EBF0B0089CBC27FF729B45AC63C968CFE4991AA4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\vue-i18n.min[1].js	ASCII text, with very long lines	3C74FD5B6645CB0C44BBC7C1F07F6120	607EDA976E1390E64BF07F125A64A0F782522433	20527289CA6A43ABAFB1FA42079D6C68425C583D5F93960EAE5B5737BF28493B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\vue-router.min[1].js	ASCII text, with very long lines	5D3E35710DBE02DE78C39E3E439B8D4E	6F6FB1BCB54DA8AE375879370B3C1FD410176A82	5A01A4F435AE1E511D874F1ABC960898902B1D6D4731C3CF0F3383B1EC3FFD1D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\wcp-consent[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	38B769522DD0E4C2998C9034A54E174E	D95EF070878D50342B045DCF9ABD3FF4CCA0AAF3	208EDBED32B2ADAC9446DF83CAA4A093A261492BA6B8B3BCFE6A75EFB8B70294
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\2Jmn3lA[1].htm	HTML document, ASCII text	4945449B469ED079C325815126801C19	1D9D98C1C8A127D5F039589DB79D09EC01C07826	73ABAB0FEC5F7F9F9E28CE2E55DA468961F45AA0D758BF35DFDDC808BD04D314
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\50-f1e180[1].js	ASCII text, with very long lines	365A10154187380204CA942771D68129	B34E3B77D8D2D6CBF29F57AEE3C14BE3F567EF39	0FA4389403FD21C7C419C3EDD787F90E198D8D05639967D85BB8D391294B7B75
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\50-f1e180[2].js	ASCII text, with very long lines	365A10154187380204CA942771D68129	B34E3B77D8D2D6CBF29F57AEE3C14BE3F567EF39	0FA4389403FD21C7C419C3EDD787F90E198D8D05639967D85BB8D391294B7B75
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\594a1ffedbcead0d014ab6452e6b1bf4nbr1605868747[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	79F77C73207261E3236BAE680BB2B9A5	E0A0B01210C53010E56E68F306E561A51A4F6C01	74116901AC0EC12DD7AF88A1E9AC55A5531F2DAC5DA8053CFA70042D738587E3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	F4FE1CB77E758E1BA56B8A8EC20417C5	F4EDA06901EDB98633A686B11D02F4925F827BF0	8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\HY04K89O.js	UTF-8 Unicode text, with very long lines, with no line terminators	7771E66AF675B2D89D4E63E9044F9F44	C1FD7FF66A248264C9A5D6240DA53BCE6D94AB34	24CF6279A308A921EAB8DEB278684BC8953AF1043EB97E8DA9DFB5B4A4FFB5D8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\app[1].css	ASCII text, with very long lines, with CRLF, LF line terminators	7C593B06759DB6D01614729D206738D6	0D4F76D10944933B8DDECFFE9691081439A77A3C	F7D9FB0479DE843CF3FB0B78FC56BBB9E30BF0A238C6F79D9209FA8B22EFB574
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bullet[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	26F971D87CA00E23BD2D064524AEF838	7440BEFF2F4F8FABC9315608A13BF26CABAD27D9	1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ellipsis_grey[1].svg	SVG Scalable Vector Graphics image	2B5D393DB04A5E6E1F739CB266E65B4C	6A435DF5CAC3D58CCAD655FE022CCF3DD4B9B721	16C3F6531D0FA5B4D16E82ABF066233B2A9F284C068C663699313C09F5E8D6E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery.min[1].js	ASCII text, with very long lines	C9F5AEECA3AD37BF2AA006139B935F0A	1055018C28AB41087EF9CCEFE411606893DABEA2	87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js	UTF-8 Unicode text, with very long lines	E55ECB02E7376CD010C764107EBD513F	FA6D184DF01EC535628DC8FAF38211591BAADFC8	5776881753B95A0ABE5D1F6EFE3ABE7B83A3265EACCD117DD948E523C044600C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2[1].js	UTF-8 Unicode text, with very long lines	A1921C7C5B4631D9BFC87C831238BFF3	EDC924AF3FB85C030002885B8477FAE5BA76480C	8BE695914CB1309017E5CBFEC706ABA98EFEA6E0EE9E65CC43F124CCABD5960A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2[1].js	HTML document, UTF-8 Unicode text, with very long lines	A55B5A84A4BD59421974DAA0D430E11E	09926A2D8BBFA41C3085BCF8A546AEAD3FB8C0FC	FC6D389E166EBA3F121C4A92F446C1C36997D770862F4D6994192CE1AD4A1051
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svg	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mobile-detect.min[1].js	ASCII text, with very long lines	AD5E6902874557B076942E11A9416B43	3566FD3F7162A37FF393A07139FC2464475B37D1	FC8B081BA3D5A5270FB663B4856CE474277A52421F98A3B8AA385100C342A3D8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\mwfmdl2-v3.54[1].woff	Web Open Font Format, TrueType, length 26288, version 0.0	D0263DC03BE4C393A90BDA733C57D6DB	8A032B6DEAB53A33234C735133B48518F8643B92	22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\override[1].css	ASCII text, with very long lines, with CRLF line terminators	A570448F8E33150F5737B9A57B6D889A	860949A95B7598B394AA255FE06F530C3DA24E4E	0BD288D5397A69EAD391875B422BF2CBDCC4F795D64AA2F780AFF45768D78248
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\shell.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	1F9995AB937AC429A73364B4390FF6E8	81998DCC6407CEB5CEF236AD52B9F2A3A9528D3B	49E5166F40D8586714F86E08AB76A977199DF979357147A0E81980A804151C2A
C:\Users\user\AppData\Local\Temp\56bd6c56-23ff-4ff2-bad5-53b5090c3779.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\5d9c6f74-c79f-495a-b664-7f2e21814cff.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\e8910868-be4c-442d-82c3-5e812f5359eb.tmp	Google Chrome extension, version 3	1FE8E0AEB768437A23CEEAE6053E5822	5529A275644B729009E22035F6125879450F4ABB	25A2F515CEC98CF2ACF11B34C59723D76820A4B5734E223D7EBEA55E5A851468
C:\Users\user\AppData\Local\Temp\f8723296-5858-4322-8d8c-82c138260a6a.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\56bd6c56-23ff-4ff2-bad5-53b5090c3779.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6911CE87E8C47223F33BEF9488272E40	980398F076BB7D451B18D7FDE2DE09041B1F55AD	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F9DDF525C07251282A3BFFCEE9A09ABB	A343A078E804AF400A8F3E1891E3390DA754A5CD	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A90CF7930E7C3BEC61EE252DEFAD574A	F630CA01114A7BDD39607CB84B8280CCE218A5C6	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	17E753EE877FDED25886D5F7925CA652	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F08A313C78454109B629B37521959B33	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	980FB419ED6ED94AD75686AFFB4E4C2E	871BFBCA6BCBA9197811883A93C50C0716562D57	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	40EB778339005A24FF9DA775D56E02B7	B00561CC7020F7FE717B5F692884253C689A7C61	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\en\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8351AF4EA9BDD9C09019BC85D25B0016	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8A70C18BB1090AA4D500DE9E8E4A00EF	8AFC097FA956C1317DB0835348B2DA19F0789669	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A62F12BCBA6D2C579212CA2FF90F8266	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\fa\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	852BD3CFF960F1BC3A2AAB3CB3874EF9	C9F6F3C776542889FE3B67971D65ACFE048A3A0A	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3902581B6170D0CEA9B1ECF6CC82D669	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\fil\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	59483AD798347B291363327D446FA107	C069F29BB68FA7BA2631B0BF5BBF313346AC6736	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9B416146FE4F1403C2AACAC4DCF1A5C3	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\gu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	68B03519786F71A426BAC24DECA2DD52	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	20C86E04B1833EA7F21C07361061420A	617C0D70E162CF380005E9780B61F650B7A39F9B	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3ED90E66789927D80B42346BB431431E	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8E9FF7E49473C5734A2F6F0812E12EB3	A4F10DDD1580582533D5EB59EDF6D8048F887C81	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\id\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	7ADF9F2048944821F93879336EB61A78	C3DA74FB544684D5B250767BB0CB66FFB7C58963	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	BB3041A2B485B900F623E57459AE698A	502F5EA89F9FB0287E864B240EA39889D72053A4	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6F2CC1A6B258DF45F519BA24149FABDC	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\kn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2E3239FC277287810BC88D93A6691B09	FC5D585DA00ADC90BF79109C7377BD55E6653569	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	E303CD63AD00EB3154431DED78E871C4	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	93BBBE82F024FBCB7FB18E203F253429	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	388590CE5E144AE5467FD6585073BD11	61228673A400A98D5834389C06127589F19D3A30	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ml\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2AF93901DE80CA49DA869188BCDA9495	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\mr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	659F5B4ACA112D3ECBB6EC1613DDE824	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ms\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	09D75141E0D80FBD3E9E92CE843DA986	B24EAB4B1242C31B69514D77BC1DB36A3F648F40	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	ED99169537909291BCC1ED1EA7BB63F0	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\nl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	E9236F0B36764D22EEC86B717602241E	DE82B804B18933907095DEF3F2EF164C1BB5F9B6	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8254020C39A5F6C1716639CC530BB0D6	A97A70427581ADA902CA73C898825F7B4B4FAC8F	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\pt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FABD5D64267F0E6D7BE6983AB8704F8C	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	75E16A8FB75A9A168CFF86388F190C99	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8EF94823972EA8D2FC9BB7EC09AB1846	4171DC9CE9D82FDA5A280517A1FE58C907D75CE3	1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C314FAC15AFF6A2EE9C732C64AB5A66D	D51F3362B5FDD2F3756DE42D7D6227DC818C6344	8EE2A25A09D6D0F89063FAA34BA2BC4DB505DD31FE6D5064C5D6E1E153721484
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F60AB4E9A79FD6F32909AFAC226446B3	07C9E383D4488BEBE316CA86966FC728F55A2E32	CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	4E233461D805CA7E54B0B394FFF42CAB	77F30833FC73A4C02C652C9E5A6EAFE9C3988A30	E1E1C64213EBF2CFEB7BA83E51B697CEA449B3A8B279B1024B859228DE869879
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	897DAE6B0CF0FDE42648F0B47CB26E06	E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0	52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\sw\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	EC233129047C1202D87DC140F7BA266D	537E4C887428081365D028F32C53E3C92F29AAA6	28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\ta\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C50C5D2EDFC79DBDCBD5A58A027A3231	14314D760A18C39F06CD072CF5843832AFB86689	EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\te\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F740F25488BE253FCF5355D5A7022CEE	203A8DF19BA5A602A43DE18E99A6615D950C450E	5B9C96CB5D62510836B321EB9CEEF23865BB9D4DC4DE7716E90A858E00701FDF
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9F926FCB8BAEA23453B99EA162CCDEA1	04D1E45591C0435A39DCA00A81E83E68585E8B64	100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	B0420F071E7C6C2DE11715A0BF026C63	F41CC696786B18805DB8DC9E1E476146C0D6BE90	309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FF06E78C06E8DFF4A422EA24F0AB3760	A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE	E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C3A40E8433D96D7E766C011D9EC7502B	EAB7BFAE48B1D29B95A8AE040DE94D3500824EE3	BD3D0F8CF100C96415B224011F550082D4516593CBD3631347748B7D6AD5B85A
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\zh\messages.json	UTF-8 Unicode text, with CRLF line terminators	D4513639FFC58664556B4607BF8A3F19	65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A	C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	494CE2ACB21A426E051C146E600E7564	D045ECC2A69C963D5D34A148FE4A7939DE6A1322	A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
C:\Users\user\AppData\Local\Temp\scoped_dir6732_1842450730\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	0F604F138A921EE7270C45E520621C30	E2BA940AF44609BEAC49B603EB1C379E43F4AAEB	A149D52858570C9544E33B183915556230B7F66CF4ABAD4DDB00B1409476FBE1
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	DDD77BA67108D8D88D66E35AA72A8048	F9C217728E756728B788C969F5101484D0557065	3DB4D2B1586C020EC679C09148DB226DBB23857D326BECBB6CC48976036C391F
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	B587AF92ECD087AAE3EF210364960844	AD78B31888863D3F0EC0D8CDCA316EDE9EBD7543	9796A230BA459EF31E3D102B02575B73D6F1C812BF11F4D1E55B17C17891D2C5
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	639CEF5231701AE13F81DBB67730BB95	E249FE0C70B0F85B033730719B6D1B30F0B04431	6C71F9D37006245D0E2E956D6D2C1815FFEB43236DD3D427A02F8DD348AC93C5
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6E1B49ABC0AA5C1E2764E48EB1EA256A	604E76C89D4763C002C51908CEFE8C11AF7CBBE5	B692DB1A249223E62E62DE9725334039419B5942AF715669F0F0F4BDEDAC5733
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	41BB0DB6EC99E4664C6E2247EC704151	BF2268F9A77218384F1F73951F98829296318452	90FC75C419D7359C2241F54562177252655526F3074E7E419E36F5C473843842
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	64CBD0878A320F70E8F9DC2AD540C8DE	E95BC23E053C078BA4C269B2F75C22159450C2F2	E99F26D0540E2C71802716B24668D9B4611E9BC429CD681606963E095D18EDFD
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	64CBD0878A320F70E8F9DC2AD540C8DE	E95BC23E053C078BA4C269B2F75C22159450C2F2	E99F26D0540E2C71802716B24668D9B4611E9BC429CD681606963E095D18EDFD
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	B4B479436878DA0B032F1B656B310637	F525EDB5B376CE665280DB32EFE3684CE6DC10DC	3B3DEB56AD7A5F85ED5AB944172B715A5F5F49E3C5A0F7915DB879BF8ACCFEE0
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	807730218B74CA040AD8DD01E5B2E0D8	ADA0042296C448DCD5C2B22F520C9304526FE9AD	2823F6DDBF6905D9F4459091A85073644E64B5F7AAAA7FC435495C50DC5ECE68
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	B5DF9CEA0A2FEAE9816F8D41470D744E	65C86CD677A68FF7E11A789EAB078FB932A9E157	AD75B59775C8F6688FFA9F0453868999996E04B9EE9645721765D1C731D04578
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	50EF678CECF0C82675B9DF64CC3CF72E	F9D9A994530C86C1A99B6D104E86666AB56AD4DA	7F5B921E0D0B01D8D3287D3293729BFFF07ABC7DBCB1227134823A404DF29E83
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	0CA8EE1D816E684D781E7DF18C18455D	F711596B4049CBAA99296AD3755CCC0E79D47051	CA9739F4FA8514C8669AE6221842B1F5D148BD80492888CECBA7410CB32225A8
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	BE3C2C2BF4551641D84A60EC9F1E6E15	AAB0C8097A5B35FA40F2B137E1889677CB105B40	DDDDAA9A83C34BF2874CBBE0214351C15E2620C0DC3863B2B79C4ACF9C2A4637
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	8CFF82EB516A180F2BFA22DA0B18D9E7	87053836FFDB4103302D17D221BC76C8DB842A28	EA0020B530B3E047559248C076B54E90EFEF6A233DA130D5F43445C25BCB2008
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	5A777479C6072C009FF6EEEDD167B205	D4B509E3AD07A7EABEB32E7EF06166D5A60D4B54	1650A45BF772FA06F99EB68015FD356B8BCC1DD4AEE0A4213C626BA2216D9D43
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	C3AD6A15FC6370A3D3E18A313AB22237	E1FB9248DA5E0607882DBCC1819DE5B67F8614F5	F895E3D151B52E817531C21F877689109B92EC2DA5F0F1A677CC8219A6315373
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	8B27E83CA394C9D73B58C33910881F01	007F3DFA6CACB4D96D5C057930A8D45241F9908F	EE050F8DE5EC6F49D4B8E5CE1A432BDE43B4EAFA0963C045D8A097AB622D96E8
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	DCA488BB7ACBBDC0FF63246899F85933	9408CEF9B8C2EB24E66700E7CD6405A232803EDE	43267C5F695BCD2A31360D6B03699EFD27D9F53215479042642F42F8612EB7BB
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FB01096BE49765965AE2148455ADD74	BA73186A0A0D81A20D2830432DEDA52A0527C9A1	C6BE17C57BB3500A02F98F8A218B120F63D4F29BAE2A960210DC14656D37CBE3
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	087B93BE3016C3C7CBB1753C38E337EF	01F9EAB9C8E614DDAC5AE7CAEB564E4803586753	F49A563FD4545BE61DBB720325E4DF86E2C6674F9EBC53C24E190F291E44E364
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	FC774504DD2DCE69B8DD55AFC02AF58D	1D31DC3F3DA200AC24026B2F542BB30B52CE6B16	6F976F9ED367A7B85CE9B1DE0CB3B228E9E983E3FBBA4D3CD35A59BCA58EDBBC
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	4FDBF2298A69836E8F76B3374E20DDA7	445DFC32C1D748D3B100D1211D2A2ABCD26C5834	5E3FEFF17B28742EE0D5882D94C7A31D13CDB1D9C1524FE69F045AB109B2A173
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF502C935CB5F2C61F7B9EFD6426CF5	31D25CF9B1DC6CDBA07203C107AA1233987D6FFF	AB56E763119222142A2A69B694238E7C2069F03D909623B7DA25BEAB87494A8A
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	F7739EB95F617BFC907FD1D245B49329	D7E6850E8EE0743726BB9CBFE0CDC68F2272D188	D614E1F67703BC80B0DBEB0896C87E31466E3E3E668A41364EEA7478A8049CB2
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	B0329570F687126C3D9D26FD4279A107	DCF852F8E558C9445AE3598B814226D8C756932B	9A50EB2C558B250F198F3D1EED232056D3BF8C4463DCEFF37D99579381C84118
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	F39681D5543FB19D168EEBE59277C73B	B279538A6B837A0930CD4CD86200792B58E10454	619631AA6317854DF7FE928288E3A13B2AEAEFAB2F2B46F019F68856E1B02B1E
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	EFCAC911642CA7FAF70B8807891387D4	9F603B7AE7A06D83540B4C6B2EF5955C8ECB7C26	0327B23F28CEC110209093E1305FF1EFE550C04AE977C31A3E1D5AFB2098BD7F
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	AC696B33EC1AFDAE3A4A3E2029E92CCB	2B1D6F49C25A082C876E98C71DF96CAF4D1A1681	E7829B9A2FC8F518340A97A09C537608DB005EB265B670581682728E0FB0DA41
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	7A151C71B963B0547E30005DF632B5A2	AB9D0B08786AF05AEAE7DAD971934B82C21D38D5	6FE9E5A1B0C425766582273747F85911C40D8EE125CD609209BA1E3C706EF6E8
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	C3DC2B3DC1DFF033F0687C6FF017BA39	E50BBB328E2A500BED3590DBBC1F7378443A7C03	E2CD4F04332E33D5C733CACEADE0512ADDC1401A0EC36549FC53B066BB99A220
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	E9FD187A41491AB6CB1A62D1FB704C31	F158189AB73A614C84FA42C0CA21595591A1D418	744BE9A108C755A6FBCADF571F8A319B75E9076F47BA0C62A1354134DD78DDFE
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	903D486DA74BB1A637D94C8ABF8A3462	4036AEDC1823F9EC05BF3B0CBC5594C86AC26065	0EF65E44921254DDEEEB7DC1DDC8A9ED8A9E0F5B7B8152EE9A0121E2023932D4
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	79733424BB4B9547D18D8395A4221CBF	28B49907E1DB3D1FB5850DA4167A010E2288D082	401FF6EE0C8B1EB757F78890D00456054C844609C4C5E5F02489AF731199AB9F
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	D59DE8DC9C5331BD40CE319F89F71BE0	93EF48DBAD9870C892E70CB6CD12B9550BA7627C	450702399CCDB6E9E70B493032BA20C953FAE351337C1A9B4EBE633AA45FC965
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	060C95DFAFF0EF7D6F54FD0F8423A10F	C48DD8EE033E7FFDEA9B64A802C8772F6353674C	CCE914437100AD00567D4434FEA53E5326FB1AE851969AD60554C2A95FAC525F
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	999FD8B9760D9C9EBA2DDF945807074D	371F1E2B036820DE2E4ACEC50C2D9817B7C0E178	52AABBCACEAA834BE4003C4A8C1EF0B6B56444C6035DC560765D348F66118589
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	AFDA308D47CA0C53158DDEAE46E7E75C	911EE2485C1D1736DF3A7FDC3E443CB40539495B	86E2E942BFC23A205E0D7C04466A4D63CE29DF5A7D94652A2533499BEE998FB7
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	59D0FC29DEC89BAE9C1F62B281D18AAF	33047B47BFEF3A2D29E27709DCD8A1EAA7E76436	8E05F6A2F0F355AF3CC56CAD5D93DE9661E340BAF11EC224BBCB2B9ECD39D938
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	105797173F0759A38104A71AC9AA8514	4F57A7151387EAA2CDDFA7476F9945476EE6C568	84768D8AE07657B123AAF1A070FAA3B11FFE835D59444E11FF38C93F9E9137B3
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	2297666E99750869AFDD49638EEAF95B	A867CC74FFFC3469D19D3EA6B2206DE69FB5FF98	6159461884E738A585EEB550CD2B84734557606AFF29F5D1AD34D9DFA202F1D3
C:\Users\user\AppData\Local\Temp\scoped_dir6732_214671776\e8910868-be4c-442d-82c3-5e812f5359eb.tmp	Google Chrome extension, version 3	1FE8E0AEB768437A23CEEAE6053E5822	5529A275644B729009E22035F6125879450F4ABB	25A2F515CEC98CF2ACF11B34C59723D76820A4B5734E223D7EBEA55E5A851468
C:\Users\user\AppData\Local\Temp\~DF03034786FC142DD4.TMP	data	B406FF89B1D99FA41E74A714158F762F	AD612F1666D9F801A6AD0CF3DCD6915909F01EF7	F31E0948B0D9E3B2342DB5B80E80F47B8D40966BF146B183D63DD1C1AA7BD2A5
C:\Users\user\AppData\Local\Temp\~DF3C34069EE6DB4EDE.TMP	data	8000FBA0BDC5AB1554997BE9DD30BF19	96B13D299DF8391FB59088ACCCE8BE417803D942	8A6C484D62D69BE98E24F134DAE7447534748C6D16B8C3CE91126AD613EF9656
C:\Users\user\AppData\Local\Temp\~DF9D51126FF4AB1D0F.TMP	data	5765983EF80353A254E4DC75020648CE	05FD070667221F756421F73EAB8A1604F4B9D5DD	8BB2227011FFE833CDA24B48D2D5E204059558877DAF865EDB8C82AC2B22875E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N2EFVN9LVDOKTLLUMQFJ.temp	data	0B38411F29FC6F34E56F5B909EDF658A	0A09DA69A96893A0B951FB8101AB063A78F53CCD	8DC42C11D825743E2DD8843E3C6EF2186B2DD775349A2B785C7009D161503C72

ID:	321415
Product:	CloudBasic
Start time:	19:54:11
Start date:	21.11.2020
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Networking:

System Summary:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs