Loading ...

Play interactive tourEdit tour

Analysis Report https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton

Overview

General Information

Sample URL:https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton
Analysis ID:321414

Most interesting Screenshot:

Detection

HTMLPhisher
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish_20
Yara detected HtmlPhish_35
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL
Submit button contains javascript call

Classification

Startup

  • System is w10x64
  • chrome.exe (PID: 2412 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --force-renderer-accessibility 'https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebutton' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3636 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,14482813496842422081,249636669159655075,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1724 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • dllhost.exe (PID: 6616 cmdline: C:\Windows\system32\DllHost.exe /Processid:{49F171DD-B51A-40D3-9A6C-52D674CC729D} MD5: 2528137C6745C4EADD87817A1909677E)
    • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • iexplore.exe (PID: 7072 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6292 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:7072 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ois[1].htmJoeSecurity_HtmlPhish_35Yara detected HtmlPhish_35Joe Security
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ois[1].htmJoeSecurity_HtmlPhish_35Yara detected HtmlPhish_35Joe Security

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Antivirus / Scanner detection for submitted sampleShow sources
      Source: https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonSlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
      Antivirus detection for URL or domainShow sources
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#UrlScan: Label: phishing brand: microsoftPerma Link
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrSlashNext: Label: Fake Login Page type: Phishing & Social Engineering
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

      Phishing:

      barindex
      Phishing site detected (based on favicon image match)Show sources
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrMatcher: Template: microsoft matched with high similarity
      Yara detected HtmlPhish_20Show sources
      Source: Yara matchFile source: 992547.pages.csv, type: HTML
      Yara detected HtmlPhish_35Show sources
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ois[1].htm, type: DROPPED
      Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ois[1].htm, type: DROPPED
      Phishing site detected (based on image similarity)Show sources
      Source: https://vapdelbnbapp.firebaseapp.com/fguysvcxcd/themes/imgs/microsoft_logo.svgMatcher: Found strong image similarity, brand: MicrosoftJump to dropped file
      Phishing site detected (based on logo template match)Show sources
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrMatcher: Template: microsoft matched
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: Number of links: 0
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: Number of links: 0
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: Number of links: 0
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: Number of links: 0
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: Title: Sign in with Office 365 does not match URL
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: Title: Sign in with Office 365 does not match URL
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: Title: Create account does not match URL
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: Title: Create account does not match URL
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: On click: OnBack(); return false;
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: On click: OnBack(); return false;
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: On click: HOSTUI.evt_inlineBack_onclick();
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: No <meta name="author".. found
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: No <meta name="author".. found
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: No <meta name="author".. found
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: No <meta name="author".. found
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: No <meta name="copyright".. found
      Source: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0ca13d25ae102#/HrL23NdtW72OhsDvgnKTV7Nv5V9Ue8mfvCoKB3G-@&!nMo7W9B6y82fXLE3mVQIAZOb5sgkq@!&4Z1UuNv62qmRrls3xtfOVy5pbFc&@!-hZm2M8cvhno7HhcjvXE5ms0cFIgcPIbydjyxyNy8FsWDItSyEvBo9Tkq7iTwesWYR7C7cpo2eK2TVt7mmLfJugkUSIGpuDY-EoicDWUD9oHAmIGmguDfEbtuTy5PhCbGlyfyBHSrqoE93n7LpTNTF2sZl3II9flnwY0lBZmY2d/xgjRGw3OCMpm9jhxowojcuDfNcvCL860i5ImRV8KAn6eaYYP5slY8DZIE4HIDTBZdrHTTP Parser: No <meta name="copyright".. found
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: No <meta name="copyright".. found
      Source: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3dbcb5f3f6-b97d-ed7b-9df9-8861d8e6ea95&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&contextid=982B2F78FD1575EA&bk=1526624084&uiflavor=web&uaid=71693e68d6ab4064b6ac1c2f53d534bb&mkt=EN-US&lc=1033&lic=1HTTP Parser: No <meta name="copyright".. found
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: <ul><li>Sources of personal data: Interactions with users</li><li>Purposes of Processing (Collection and Sharing with Third Parties): Provide our products; product improvement; product development; customer support; and help, secure, and troubleshoot</li><li>Recipients: Service providers and user-directed entities</li></ul></li></ul><p>While the bulleted list above contains the primary sources and purposes of processing for each category of personal data, we also collect personal data from the sources listed in the <a target="_blank" class="mscom-link" href="#mainpersonaldatawecollect">Personal data we collect</a> section, such as developers who create experiences through or for Microsoft products. Similarly, we process all categories of personal data for the purposes described in the <a target="_blank" class="mscom-link" href="#mainhowweusepersonaldatamodule">How we use personal data</a> section, such as meeting our legal obligations, developing our workforce, and doing research.</p><p><strong>Disclosures of personal data for business or commercial purposes</strong>. As indicated in the <a target="_blank" class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section, we share personal data with third parties for various business and commercial purposes. The primary business and commercial purposes for which we share personal data are the purposes of processing listed in the table above. However, we share all categories of personal data for the business and commercial purposes in the <a class="mscom-link" href="#mainreasonswesharepersonaldatamodule">Reasons we share personal data</a> section.</p></span></div><div class="divModuleDescription"><span id="Header">Advertising</span><span id="navigationHeader">Advertising</span><span id="moduleName">mainadvertisingmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>Advertising allows us to provide, support, and improve some of our products. Microsoft does not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target ads to you. We use other data, detailed below, for advertising in our products and on third-party properties. For example:</p><ul><li>Microsoft may use data we collect to select and deliver some of the ads you see on Microsoft web properties, such as <a target="_blank" class="mscom-link" href="https://www.microsoft.com">Microsoft.com</a>, MSN, and Bing.</li><li>When the advertising ID is enabled in Windows 10 as part of your privacy settings, third parties can access and use the advertising ID (much the same way that websites can access and use a unique identifier stored in a cookie) to select and deliver ads in such apps.</li><li>We may share data we collect with partners, such as Verizon Media, AppNexus, or Facebook (see below), so that the ads you see in our products and their products are more r
      Source: Cookies.1.drString found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
      Source: Cookies.1.drString found in binary or memory: .www.linkedin.combscookie//L equals www.linkedin.com (Linkedin)
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: s <a target="_blank" class="mscom-link" href="https://www.linkedin.com/legal/privacy-policy">Privacy Policy</a>.</p></span></div><div class="divModuleDescription"><span id="Header">Search, Microsoft Edge, and artificial intelligence</span><span id="navigationHeader">Search, Microsoft Edge, and artificial intelligence</span><span id="moduleName">mainsearchaimodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information equals www.linkedin.com (Linkedin)
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also personalize ads based on custom, non-sensitive health-related interest categories as requested by advertisers.</li><li><strong>Children and advertising</strong>. We do not deliver personalized advertising to children whose birthdate in their Microsoft account identifies them as under 16 years of age.</li><li><strong>Data retention</strong>. For personalized advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.</li><li><strong>Data sharing</strong>. In some cases, we share with advertisers reports about the data we have collected on their sites or ads.</li></ul><p><strong>Data collected by other advertising companies</strong>. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Microsoft partners with third-party ad companies to help provide some of our advertising services, and we also allow other third-party ad companies to display advertisements on our sites. These third parties may place cookies on your computer and collect data about your online activities across websites or online services. These companies currently include, but are not limited to: <a target="_blank" class="mscom-link" href="https://www.appnexus.com/">AppNexus</a>, <a target="_blank" class="mscom-link" href="https://www.facebook.com/help/568137493302217">Facebook</a>, <a target="_blank" class="mscom-link" href="https://www.media.net/adchoices">Media.net</a>, <a target="_blank" class="mscom-link" href="https://my.outbrain.com/recommendations-settings/home">Outbrain</a>, <a target="_blank" class="mscom-link" href="https://www.taboola.com/privacy-policy#user-choices-and-optout">Taboola</a> and <a target="_blank" class="mscom-link" href="https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html">Verizon Media</a>. Select any of the preceding links to find more information on each company's practices, including the choices it offers. Many of these companies are also members of the <a target="_blank" class="mscom-link" href="https://www.networkadvertising.org/managing/opt_out.aspx">NAI</a> or <a target="_blank" class="mscom-link" href="https://www.aboutads.info/choices/">DAA</a>, which each provide a simple way to opt out of ad targeting from participating companies.</p></span></div><div class="divModuleDescription"><span id="Header">Collection of data from children</span><span id="navigationHeader">Collection of data from children</span><span id="moduleName">maincollectionofdatafromchildrenmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>When a Microsoft product collects age, and there is an age in your jurisdiction under which parental consent or authorization is required to use the p
      Source: unknownDNS traffic detected: queries for: www.canva.com
      Source: explorer.exe, 00000003.00000000.227467369.0000000008907000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: axios.min[1].js.8.drString found in binary or memory: http://feross.org
      Source: icons[1].eot.8.drString found in binary or memory: http://fontello.com
      Source: icons[1].eot.8.drString found in binary or memory: http://fontello.comiconsRegulariconsiconsVersion
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
      Source: 50-f1e180[1].js0.8.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
      Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.8.drString found in binary or memory: http://jquery.com/
      Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.8.drString found in binary or memory: http://jquery.org/license
      Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.8.drString found in binary or memory: http://knockoutjs.com/
      Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.8.drString found in binary or memory: http://opensource.org/licenses/mit-license.php)
      Source: jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2[1].js.8.drString found in binary or memory: http://sizzlejs.com/
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: http://www.asp.net/ajaxlibrary/CDN.ashx.
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
      Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.8.drString found in binary or memory: http://www.json.org/json2.js
      Source: servicesagreement[1].htm.8.drString found in binary or memory: http://www.mpegla.com
      Source: servicesagreement[1].htm.8.drString found in binary or memory: http://www.mpegla.com).
      Source: knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2[1].js.8.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
      Source: explorer.exe, 00000003.00000000.227759354.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
      Source: Current Session.0.drString found in binary or memory: https://9812343.fls.doubleclick.net
      Source: Current Session.0.drString found in binary or memory: https://9812343.fls.doubleclick.net/activityi;dc_pre=CPKCve-nlO0CFcDJuwgdfJIKSg;src=9812343;type=ret
      Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report?s=%2FiF37Jdg5v1kkl4zN2xmt40KaHSs2RIhp4VBtMecUDFyqsp8NQOYmTa65bVx
      Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report?s=418BYoh9G3tmPZ4YRyqz1DILiTSaDtvuGqwezMhgmDBGsUKhW9c2nNuSax29ZN
      Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report?s=832zGJqDTn8bpWGX2zcBrX45%2FOH%2BVnRuvlVxEMe%2BllyGF%2F1lpcCl9v
      Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report?s=Q42UNRo%2Fz2ZO04fxuZrsWp6lM1HtqA3LAS8FX0WiaVN62O%2FKlj%2F0O2xX
      Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report?s=fP6c4NQXT5R6CtiH5v3fb0dwWJNdcVwLQDjTMF3wPbdkFq65nd8VaqX4TE9He0
      Source: manifest.json0.0.dr, bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://accounts.google.com
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/converged_ux_v2_RfnRCrmapm3W_OFn994CMA2.css?v=1
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/images/2_vD0yppaJX3jBnfbHF1hqXQ2.svg)
      Source: imagestore.dat.8.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2
      Source: imagestore.dat.8.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~
      Source: imagestore.dat.8.drString found in binary or memory: https://acctcdn.msauth.net/images/favicon.ico?v=2~(
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/images/microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2.svg
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/jquerypackage_1.10_5V7LAuc3bNAQx2QQfr1RPw2.js?v=1
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/knockout_3.3.0_X1BYS2jZMbi7hfUj8VuqFA2.js?v=1
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/lightweightsignuppackage_oZIcfFtGMdm_yHyDEji_8w2.js?v=1
      Source: signup[1].htm.8.drString found in binary or memory: https://acctcdn.msauth.net/lwsignupstringscountrybirthdate_en-us_pVtahKS9WUIZdNqg1DDhHg2.js?v=1
      Source: Current Session.0.drString found in binary or memory: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CPKCve-nlO0CFcDJuwgdfJIKSg;src=9812343;type=retar0;c
      Source: Current Session.0.drString found in binary or memory: https://adservice.google.com
      Source: Current Session.0.drString found in binary or memory: https://adservice.google.com/ddm/fls/i/dc_pre=CPKCve-nlO0CFcDJuwgdfJIKSg;src=9812343;type=retar0;cat
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://aka.ms/redeemrewards
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://aka.ms/redeemrewards).
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://aka.ms/taxservice
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://aka.ms/useterms
      Source: manifest.json0.0.dr, bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://apis.google.com
      Source: signup[1].htm.8.drString found in binary or memory: https://az416426.vo.msecnd.net/scripts/c/ms.analytics-web-2.min.js
      Source: ~DF6CB4169852C01DFC.TMP.7.drString found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/
      Source: ~DF6CB4169852C01DFC.TMP.7.drString found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/$HTTP
      Source: ~DF6CB4169852C01DFC.TMP.7.drString found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b0975
      Source: {78B7B8C5-2C76-11EB-90E4-ECF4BB862DED}.dat.7.drString found in binary or memory: https://candanappdevmoe.azurewebsites.net/RG3aVe6N/VwsGHUr/lgy3xO/ois.php?bbre=e2925b097549ccda96f0c
      Source: bb69cd55fcfa7140_0.0.dr, c3d256598d5af694_0.0.drString found in binary or memory: https://canva.com/
      Source: 865fd4c70d31683c_0.0.drString found in binary or memory: https://canva.com/D
      Source: be13fec43ec95b31_0.0.drString found in binary or memory: https://canva.com/S
      Source: f50d7bc85406f58b_0.0.drString found in binary or memory: https://canva.com/U
      Source: e3511df7a5a5c326_0.0.drString found in binary or memory: https://canva.com/g
      Source: eba1480a166263c9_0.0.drString found in binary or memory: https://canva.com/r
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://clients2.google.com
      Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
      Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://developer.yahoo.com/flurry/end-user-opt-out/
      Source: f12a1474-b215-46cb-a5cf-1ff4f9516ed0.tmp.1.dr, eb720268-0b80-48ff-9de9-f7e2c5524892.tmp.1.dr, bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://dns.google
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
      Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
      Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
      Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
      Source: signup[1].htm.8.drString found in binary or memory: https://github.com/douglascrockford/JSON-js
      Source: app[1].css.8.drString found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
      Source: mobile-detect.min[1].js.8.drString found in binary or memory: https://github.com/hgoebl/mobile-detect.js
      Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
      Source: e4115b2c93fca474_0.0.drString found in binary or memory: https://js.appboycdn.com/web-sdk/3.0/appboy.core.min.js
      Source: signup[1].htm.8.drString found in binary or memory: https://login.live.com
      Source: 2Jmn3lA[1].htm.8.drString found in binary or memory: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&amp;amp;mkt=EN-US&amp;amp;vv=1600
      Source: 39oebGZ[1].htm.8.drString found in binary or memory: https://login.live.com/gls.srf?urlID=WinLiveTermsOfUse&amp;amp;mkt=EN-US&amp;amp;vv=1600
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://login.skype.com/login
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://mixer.com/about/tos
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://mixer.com/contact
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://mixpanel.com/optout
      Source: lodash.min[1].js.8.drString found in binary or memory: https://npms.io/search?q=ponyfill.
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://ogs.google.com
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://ondemand.webtrends.com/support/optout.asp
      Source: manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://play.google.com
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://priv-policy.imrworldwide.com/priv/browser/us/en/optout.html
      Source: {78B7B8C5-2C76-11EB-90E4-ECF4BB862DED}.dat.7.drString found in binary or memory: https://privacy.m
      Source: {78B7B8C5-2C76-11EB-90E4-ECF4BB862DED}.dat.7.drString found in binary or memory: https://privacy.mRoot
      Source: {78B7B8C5-2C76-11EB-90E4-ECF4BB862DED}.dat.7.drString found in binary or memory: https://privacy.micros
      Source: manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
      Source: 000003.log2.0.drString found in binary or memory: https://sdk.iad-01.braze.com/api/v3
      Source: imagestore.dat.8.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico
      Source: imagestore.dat.8.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico~
      Source: imagestore.dat.8.drString found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.6669.4/content/images/favicon_a.ico~(
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://signin.kissmetrics.com/privacy/#controls
      Source: {78B7B8C5-2C76-11EB-90E4-ECF4BB862DED}.dat.7.drString found in binary or memory: https://signup.live.co
      Source: ~DF6CB4169852C01DFC.TMP.7.drString found in binary or memory: https://signup.live.com/
      Source: signup[1].htm.8.drString found in binary or memory: https://signup.live.com/error.aspx?errcode=1045&amp;mkt=en-US
      Source: ~DF6CB4169852C01DFC.TMP.7.drString found in binary or memory: https://signup.live.com/signup?wa=wsignin1.0&rpsnv=13&ct=1526624083&rver=6.7.6640.0&wp=MBI_SSL&wrepl
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://skype.com/go/myaccount
      Source: 5e83b9cfa3f81ad1_0.0.drString found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
      Source: Favicons.0.drString found in binary or memory: https://static.canva.com/static/images/favicon.ico
      Source: d0b48746d2734b6a_0.0.drString found in binary or memory: https://static.canva.com/static/lib/cl/cl-0.4.1.min.js
      Source: c4950d0815c21f68_0.0.drString found in binary or memory: https://static.canva.com/static/lib/sentry/5.15.4.min.js
      Source: 56a246e5228caa4a_0.0.drString found in binary or memory: https://static.canva.com/web/169aab431c6d134d2e5b.2.js
      Source: e3511df7a5a5c326_0.0.drString found in binary or memory: https://static.canva.com/web/292bbecde0fce6ffe18847a12c9a6dc6.2.runtime.js
      Source: b21148925dccb19e_0.0.drString found in binary or memory: https://static.canva.com/web/36db7dd680be1e933b01f9539cc51480.2.js
      Source: bb69cd55fcfa7140_0.0.drString found in binary or memory: https://static.canva.com/web/3ad8884d65b676ef0625a45577e2cc20.2.js
      Source: be13fec43ec95b31_0.0.drString found in binary or memory: https://static.canva.com/web/a8284a82e57c7d67d5e3.2.js
      Source: f50d7bc85406f58b_0.0.drString found in binary or memory: https://static.canva.com/web/c016d495185ffe7a19888c458fd053f3ac228bdc.strings.js
      Source: dda81cf9b0b047b1_0.0.drString found in binary or memory: https://static.canva.com/web/cb08f5718bdf9fb49247.2.js
      Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
      Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://support.xbox.com/help/friends-social-activity/community/use-safety-settings
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://tools.google.com/dlpage/gaoptout
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.aboutads.info/
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.acuityads.com/opt-out/
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.adjust.com/opt-out/
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://www.adr.org
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.appnexus.com/
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.appsflyer.com/optout
      Source: 000003.log3.0.dr, Current Session.0.drString found in binary or memory: https://www.canva.com
      Source: QuotaManager.0.drString found in binary or memory: https://www.canva.com/
      Source: History.0.drString found in binary or memory: https://www.canva.com/design/DAEOEcu9Gnc/C6LvqPRfMOYoF6OWlu9bVg/view?utm_content=DAEOEcu9Gnc&utm_cam
      Source: 057b19b2-c529-4082-b40c-6b9f75226950.tmp.0.drString found in binary or memory: https://www.canva.com:443
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.clicktale.net/disable.html
      Source: c3d256598d5af694_0.0.drString found in binary or memory: https://www.google-analytics.com/analytics.js
      Source: 6726d42dc28e6fb9_0.0.drString found in binary or memory: https://www.google-analytics.com/plugins/ua/ec.js
      Source: manifest.json0.0.dr, bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://www.google.com
      Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
      Source: servicesagreement[1].htm.8.drString found in binary or memory: https://www.google.com/intl/en_ALL/help/terms_maps.html
      Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
      Source: 865fd4c70d31683c_0.0.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion/804757079/?random=1606017274529&cv=9&fst=16060172
      Source: 270ae0528ce28f93_0.0.drString found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://www.googleapis.com
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
      Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
      Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
      Source: eba1480a166263c9_0.0.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-TZPTKRR&l=dataLayer
      Source: bf83cbd0-4553-4aaa-b88b-2db8426c696f.tmp.1.drString found in binary or memory: https://www.gstatic.com
      Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.here.com/)
      Source: PrivacyStatement[1].htm.8.drString found in binary or memory: https://www.linkedin.com/legal/privacy-policy
      Source: PrivacyStatement[1].htm.8.drString found in binary or