Loading ...

Analysis Report https://go.microsoft.com/fwlink/?LinkId=615007

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:102811
Start date:11.01.2019
Start time:19:53:27
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 53s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://go.microsoft.com/fwlink/?LinkId=615007
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean2.win@4/275@95/47
Cookbook Comments:
  • Adjust boot time
  • Browsing link: https://www.microsoft.com/
  • Browsing link: https://www.office.com/
  • Browsing link: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimaryr1
  • Browsing link: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm
  • Browsing link: https://www.microsoft.com/en-us/p/office-365-personal/cfq7ttc0k5bf
  • Browsing link: https://products.office.com/en-us/explore-office-for-home
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold20 - 100Report FP / FNfalseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold30 - 5true
ConfidenceConfidence


Classification

Analysis Advice

All HTTP servers contacted by the sample do not resolve. Likely the sample is an old dropper which does no longer work
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingProcess Discovery1Application Deployment SoftwareData from Local SystemData Encrypted1Standard Non-Application Layer Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol2

Signature Overview

Click to jump to signature section


Phishing:

barindex
Form action URLs do not match main URLShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: Form action: https://products.office.com/en-us/site-search microsoft office
Source: https://www.microsoft.com/en-us/p/office-365-personal/cfq7ttc0k5bf?activetab=pivot%3aoverviewtabHTTP Parser: Form action: https://products.office.com/en-us/site-search microsoft office
Invalid T&C link foundShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: Invalid link: Most helpful
Source: https://www.microsoft.com/en-us/p/office-365-personal/cfq7ttc0k5bf?activetab=pivot%3aoverviewtabHTTP Parser: Invalid link: Most helpful
META author tag missingShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: No <meta name="author".. found
Source: https://www.microsoft.com/en-us/p/office-365-personal/cfq7ttc0k5bf?activetab=pivot%3aoverviewtabHTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: No <meta name="copyright".. found
Source: https://www.microsoft.com/en-us/p/office-365-personal/cfq7ttc0k5bf?activetab=pivot%3aoverviewtabHTTP Parser: No <meta name="copyright".. found

Networking:

barindex
Connects to many different domainsShow sources
Source: unknownNetwork traffic detected: DNS query count 82
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)Show sources
Source: global trafficTCP traffic: 192.168.2.6:49812 -> 23.10.249.49:443
Source: global trafficTCP traffic: 192.168.2.6:49817 -> 23.10.249.27:443
Source: global trafficTCP traffic: 192.168.2.6:49830 -> 104.46.0.93:443
Source: global trafficTCP traffic: 192.168.2.6:49862 -> 23.54.112.111:443
Source: global trafficTCP traffic: 192.168.2.6:49864 -> 13.32.176.135:443
Source: global trafficTCP traffic: 192.168.2.6:49868 -> 31.13.86.4:443
Source: global trafficTCP traffic: 192.168.2.6:49872 -> 54.152.181.221:443
Source: global trafficTCP traffic: 192.168.2.6:49878 -> 31.13.75.12:443
Source: global trafficTCP traffic: 192.168.2.6:49881 -> 52.31.219.56:443
Source: global trafficTCP traffic: 192.168.2.6:49882 -> 54.154.158.135:443
Source: global trafficTCP traffic: 192.168.2.6:49890 -> 13.32.176.126:443
Source: global trafficTCP traffic: 192.168.2.6:49892 -> 31.13.75.36:443
Source: global trafficTCP traffic: 192.168.2.6:49894 -> 216.58.215.226:443
Source: global trafficTCP traffic: 192.168.2.6:49896 -> 185.63.145.5:443
Source: global trafficTCP traffic: 192.168.2.6:49898 -> 13.32.176.147:443
Source: global trafficTCP traffic: 192.168.2.6:49907 -> 108.174.10.10:443
Source: global trafficTCP traffic: 192.168.2.6:49911 -> 35.190.27.37:443
Source: global trafficTCP traffic: 192.168.2.6:49913 -> 52.214.119.15:443
Source: global trafficTCP traffic: 192.168.2.6:49916 -> 52.201.27.16:443
Source: global trafficTCP traffic: 192.168.2.6:49917 -> 13.32.176.103:443
Source: global trafficTCP traffic: 192.168.2.6:49919 -> 54.77.192.192:443
Source: global trafficTCP traffic: 192.168.2.6:49925 -> 52.213.73.206:443
Source: global trafficTCP traffic: 192.168.2.6:49927 -> 13.32.176.84:443
Source: global trafficTCP traffic: 192.168.2.6:49935 -> 52.4.47.171:443
Source: global trafficTCP traffic: 192.168.2.6:49938 -> 35.186.234.100:443
Source: global trafficTCP traffic: 192.168.2.6:49945 -> 216.58.205.67:443
Source: global trafficTCP traffic: 192.168.2.6:49948 -> 13.32.176.49:443
Source: global trafficTCP traffic: 192.168.2.6:49953 -> 208.89.12.87:443
Source: global trafficTCP traffic: 192.168.2.6:49955 -> 52.205.127.94:443
Source: global trafficTCP traffic: 192.168.2.6:49956 -> 185.29.133.58:443
Source: global trafficTCP traffic: 192.168.2.6:49958 -> 185.33.223.215:443
Source: global trafficTCP traffic: 192.168.2.6:49960 -> 34.199.78.214:443
Source: global trafficTCP traffic: 192.168.2.6:49968 -> 199.16.156.73:443
Source: global trafficTCP traffic: 192.168.2.6:49972 -> 52.51.227.120:443
Source: global trafficTCP traffic: 192.168.2.6:49976 -> 18.185.82.66:443
Source: global trafficTCP traffic: 192.168.2.6:49983 -> 188.125.66.34:443
Source: global trafficTCP traffic: 192.168.2.6:49991 -> 151.101.62.49:443
Source: global trafficTCP traffic: 192.168.2.6:49992 -> 35.157.151.32:443
Source: global trafficTCP traffic: 192.168.2.6:49995 -> 34.226.149.92:443
Source: global trafficTCP traffic: 192.168.2.6:49997 -> 13.32.176.185:443
Source: global trafficTCP traffic: 192.168.2.6:50000 -> 52.18.169.38:443
Source: global trafficTCP traffic: 192.168.2.6:50004 -> 151.101.2.2:443
Source: global trafficTCP traffic: 192.168.2.6:50010 -> 23.10.249.9:443
Found strings which match to known social media urlsShow sources
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" href="https://www.facebook.com/sharer.php?u=https://support.office.com/en-us/article/feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a" ms.interactiontype="1" ms.ea_offer="SOC" equals www.facebook.com (Facebook)
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: <a id="ocLinkedInButton" class="ocShareButton" target="_blank" href="https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2farticle%2ffeedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a&amp;title=Feedback+about+non-delivery+report+5.7.133" ms.interactiontype="1" ms.ea_offer="SOC" equals www.linkedin.com (Linkedin)
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/10609c90/office.testdrive/images/social/Twitter.png" alt="Twitter Logo"> equals www.twitter.com (Twitter)
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/30de2af0/office.testdrive/images/social/LinkedIn.png" alt="LinkedIn Logo"> equals www.linkedin.com (Linkedin)
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/e2b1dcf2/office.testdrive/images/social/Facebook.png" alt="Facebook Logo"> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/85288795/coreui.statics/images/social/facebook.png" alt=" " title=" "> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/93690392/coreui.statics/images/social/twitter.png" alt=" " title=" "> equals www.twitter.com (Twitter)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/b23f9ba2/coreui.statics/images/social/linkedin.png" alt=" " title=" "> equals www.linkedin.com (Linkedin)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/c79952ca/coreui.statics/images/social/youtube.png" alt=" " title=" "> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/2532198d/coreui.statics/images/social/facebook.svg"> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/2d505657/coreui.statics/images/social/youtube.svg"> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/413bd4a8/coreui.statics/images/social/linkedin.svg"> equals www.linkedin.com (Linkedin)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/6f40299c/coreui.statics/images/social/twitter.svg"> equals www.twitter.com (Twitter)
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: Your Microsoft account is the combination of an email address and password that you use to sign in to services like Hotmail, OneDrive, Windows Phone, Xbox LIVE, and Outlook.com. If you use any of these services, you already have a Microsoft account that you can use, or you can create a new account.<a href="https://go.microsoft.com/fwlink/p/?LinkID=403717" class="c-hyperlink"> Learn more about a Microsoft account</a>. As part of signing up for a trial or purchasing Office, you will be prompted to sign in with a Microsoft account. You must be signed in with this account to install and manage your Office software, or to use some subscription benefits, including OneDrive storage and Skype minutes. equals www.hotmail.com (Hotmail)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n1m1r6a2","sN":1,"aN":"m1r6a2"}' itemprop="sameAs" href="https://www.facebook.com/microsoftschweiz" aria-label="follow microsoft on facebook"> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n2m1r6a2","sN":2,"aN":"m1r6a2"}' itemprop="sameAs" href="https://twitter.com/microsoft_ch" aria-label="follow microsoft on twitter"> equals www.twitter.com (Twitter)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n3m1r6a2","sN":3,"aN":"m1r6a2"}' itemprop="sameAs" href="https://www.linkedin.com/company/1035" aria-label="follow microsoft on linkedin"> equals www.linkedin.com (Linkedin)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n4m1r6a2","sN":4,"aN":"m1r6a2"}' itemprop="sameAs" href="https://www.youtube.com/user/MicrosoftCH" aria-label="follow microsoft on youtube"> equals www.youtube.com (Youtube)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <img class="social-media__link--image" data-src="//weuofficehome.msocdn.com/s/9321b9bd/Content/images/twitter.svg" aria-hidden="true" alt="" /> equals www.twitter.com (Twitter)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <img class="social-media__link--image" data-src="//weuofficehome.msocdn.com/s/a81acccc/Content/images/linkedin.svg" aria-hidden="true" alt="" /> equals www.linkedin.com (Linkedin)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <img class="social-media__link--image" data-src="//weuofficehome.msocdn.com/s/b3340616/Content/images/facebook.svg" aria-hidden="true" alt="" /> equals www.facebook.com (Facebook)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <source type="image/svg+xml" data-srcset="//weuofficehome.msocdn.com/s/9321b9bd/Content/images/twitter.svg" /> equals www.twitter.com (Twitter)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <source type="image/svg+xml" data-srcset="//weuofficehome.msocdn.com/s/a81acccc/Content/images/linkedin.svg" /> equals www.linkedin.com (Linkedin)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <source type="image/svg+xml" data-srcset="//weuofficehome.msocdn.com/s/b3340616/Content/images/facebook.svg" /> equals www.facebook.com (Facebook)
Source: SLSVJK5K.htm.2.drString found in binary or memory: <a id="social-media-linkedin" class="social-media__link" href="https://www.linkedin.com/company/3509299" aria-label="Linkedin"> equals www.linkedin.com (Linkedin)
Source: sdk[1].js.2.drString found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {new Image().src="https:\/\/www.facebook.com\/" + 'common/scribe_endpoint.php?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script)+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"4678942","namespace":"FB","message":"'+e.message+'"}}');} equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: * As with any software that integrates with the Facebook platform, your use of equals www.facebook.com (Facebook)
Source: react.min[1].js.2.drString found in binary or memory: * Copyright (c) 2013-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: * Copyright (c) 2017-present, Facebook, Inc. All rights reserved. equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: * [http://developers.facebook.com/policy/]. This copyright notice shall be equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: * in connection with the web services and APIs provided by Facebook. equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: * this software is subject to the Facebook Platform Policy equals www.facebook.com (Facebook)
Source: react-dom.min[1].js.2.drString found in binary or memory: 'use strict';(function(na,l){"object"===typeof exports&&"undefined"!==typeof module?module.exports=l(require("react")):"function"===typeof define&&define.amd?define("react-dom", ["react"],l):na.ReactDOM=l(na.React)})(this,function(na){function l(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,d=0;d<b;d++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[d+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."); equals www.facebook.com (Facebook)
Source: react.min[1].js.2.drString found in binary or memory: 'use strict';(function(q,k){"object"===typeof exports&&"undefined"!==typeof module?module.exports=k():"function"===typeof define&&define.amd?define('react', k):q.React=k()})(this,function(){function q(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,d=0;d<b;d++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[d+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."); equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9690ad76,0x01d4aa2a</date><accdate>0x9690ad76,0x01d4aa2a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x9690ad76,0x01d4aa2a</date><accdate>0x9692e96c,0x01d4aa2a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x96da8e08,0x01d4aa2a</date><accdate>0x96da8e08,0x01d4aa2a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x96da8e08,0x01d4aa2a</date><accdate>0x96db2404,0x01d4aa2a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x96de8194,0x01d4aa2a</date><accdate>0x96de8194,0x01d4aa2a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x96de8194,0x01d4aa2a</date><accdate>0x96dfcfaf,0x01d4aa2a</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: <div id="fb-root"></div><script>/*<![CDATA[*/(function(n,t,i){var r,u=n.getElementsByTagName(t)[0];n.getElementById(i)||(r=n.createElement(t),r.id=i,r.src="//connect.facebook.net/en_IN/sdk.js#xfbml=1&version=v2.3".replace("amp;",""),u.parentNode.insertBefore(r,u))})(document,"script","facebook-jssdk")/*]]>*/</script><section id="pmgFooterSocial" class="social-footer pmg-mv-0003" role="region"><div class="ms-grid pmg-pv-0202"><div id="pmgSocialMediaContainer" class="ms-row pmg-social-mh l-pmg-pv-1500 pmg-outline-black pmg-outline-3" tabindex="0" aria-label="Office social media links"> equals www.facebook.com (Facebook)
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: Lhttps://staticxx.facebook.com/connect/xd_arbiter/r/j-GHT1gpo6-.js?version=43 equals www.facebook.com (Facebook)
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: LinkedIn equals www.linkedin.com (Linkedin)
Source: www-widgetapi[1].js.2.drString found in binary or memory: Wa.prototype.g=function(a){if(a.origin==V(this,"host")||a.origin==V(this,"host").replace(/^http:/,"https:")){try{var b=JSON.parse(a.data)}catch(c){return}this.c=!0;this.a||0!=a.origin.indexOf("https:")||(this.a=!0);if(a=U[b.id])a.A=!0,a.A&&(y(a.s,a.B,a),a.s.length=0),a.H(b)}};function W(a,b,c){this.h=this.a=this.b=null;this.g=this[r]||(this[r]=++t);this.c=0;this.A=!1;this.s=[];this.f=null;this.l=c;this.m={};c=document;if(a=l(a)?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?Ba(a.src):"https://www.youtube.com"),this.b=new Wa(b),c||(b=Ya(this,a),this.h=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.a=a,this.a.id||(a=b=this.a,a=a[r]||(a[r]=++t),b.id="widget"+a),R[this.a.id]=this,window.postMessage){this.f=new M;Za(this);b=V(this.b,"events"); equals www.youtube.com (Youtube)
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: Your Microsoft account is the combination of an email address and password that you use to sign in to services like Hotmail, OneDrive, Windows Phone, Xbox LIVE, and Outlook.com. If you use any of these services, you already have a Microsoft account that you can use, or you can create a new account. <a href="https://go.microsoft.com/fwlink/p/?LinkID=403717" style="" class="c-hyperlink">Learn more about a Microsoft account</a>. As part of signing up for a trial or purchasing Office, you will be prompted to sign in with a Microsoft account. You must be signed in with this account to install and manage your Office software, or to use some subscription benefits, including OneDrive storage and Skype minutes. equals www.hotmail.com (Hotmail)
Source: sdk[1].js.2.drString found in binary or memory: __d("FBPixelEndpoint",["FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g,h){"use strict";__p&&__p();var i="https://www.facebook.com/tr/",j=location.href,k=window.top!==window,l=document.referrer;function m(a,b,c,d){__p&&__p();d=d||{};var e=new g();e.append("id",a);e.append("ev",b);e.append("dl",j);e.append("rl",l);e.append("if",k);e.append("ts",new Date().valueOf());e.append("cd",c);e.append("sw",window.screen.width);e.append("sh",window.screen.height);for(var f in d)e.append(f,d[f]);return e}function a(a,b,c,d){a=m(a,b,c,d);b=a.toQueryString();2048>(i+"?"+b).length?n(i,b):o(i,a)}function n(a,b){var c=new Image();c.src=a+"?"+b}function o(a,b){__p&&__p();var c="fb"+Math.random().toString().replace(".",""),d=document.createElement("form");d.method="post";d.action=a;d.target=c;d.acceptCharset="utf-8";d.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+c+'">':"iframe";var e=document.createElement(a);e.src="javascript:false";e.id=c;e.name=c;d.appendChild(e);h.li
Source: j-GHT1gpo6-[1].htm.2.drString found in binary or memory: __d("initXdArbiter",["QueryString","resolveWindow","Log","XDM"],(function(a,b,c,d,e,f){__p&&__p();(function(){__p&&__p();var a=b("QueryString"),c=b("resolveWindow"),d=b("Log"),e=b("XDM");function f(a){return a?a.replace(/[\"\'<>\(\)\\@]/g,""):a}function g(){return!window.chrome||!location.ancestorOrigins?!1:!/\.facebook\.com$/.test(location.ancestorOrigins[1])}function h(a,b){if(g())return"";if(window!=parent&&window.parent!=window.parent.parent)try{var c=parent.parent;return c.XdArbiter.register(window,a,b)}catch(a){d.error("Could not register with XdArbiter in parent.parent")}return""}function i(a,b,e){__p&&__p();if(!a&&g()){d.error("Can not use parent.parent to reach facebook.com");return}var f=a?c(a):parent.parent;if(f==null)d.error("Could not reach facebook.com using %s",a);else try{f=f;f.XdArbiter.handleMessage(b,e,window)}catch(b){d.error("Could not reach facebook.com using %s",a)}}function j(a,b){var c=50;b=function(){--c||window.clearInterval(d);try{a(),window.clearInterval(d)}catch(a){}};var d=window
Source: sdk[1].js.2.drString found in binary or memory: __d("invariant",["Env","TAAL","ex","sprintf"],(function(a,b,c,d,e,f,g,h,i,j){"use strict";__p&&__p();var k=i;function a(a,b){__p&&__p();if(!a){var c=b;for(var d=arguments.length,e=new Array(d>2?d-2:0),f=2;f<d;f++)e[f-2]=arguments[f];if(typeof c==="number"){var g=l(c,e),i=g.message,j=g.decoderLink;c=i;e.unshift(j)}else if(c===void 0){c="Invariant: ";for(var m=0;m<e.length;m++)c+="%s,"}c=h.blameToPreviousFrame(c);var n=new Error(k.apply(void 0,[c].concat(e)));n.name="Invariant Violation";n.messageWithParams=[c].concat(e);throw n}}function l(a,b){var c="Minified invariant #"+a+"; %s";b.length>0&&(c+=" Params: "+ES(b,"map",!0,function(a){return"%s"}).join(", "));a=g.show_invariant_decoder===!0?"visit "+m(a,b)+" to see the full message.":"";return{message:c,decoderLink:a}}function m(a,b){a="https://our.intern.facebook.com/intern/invariant/"+a+"/";b.length>0&&(a+="?"+ES(b,"map",!0,function(a,b){return"args["+b+"]="+encodeURIComponent(String(a))}).join("&"));return a}e.exports=a}),null); equals www.facebook.com (Face
Source: j-GHT1gpo6-[1].htm.2.drString found in binary or memory: __d("invariant",["Env","TAAL","ex","sprintf"],(function(a,b,c,d,e,f,g,h,i,j){"use strict";__p&&__p();var k=i;function a(a,b){__p&&__p();if(!a){var c=b;for(var d=arguments.length,e=new Array(d>2?d-2:0),f=2;f<d;f++)e[f-2]=arguments[f];if(typeof c==="number"){var g=l(c,e),i=g.message,j=g.decoderLink;c=i;e.unshift(j)}else if(c===void 0){c="Invariant: ";for(var m=0;m<e.length;m++)c+="%s,"}c=h.blameToPreviousFrame(c);var n=new Error(k.apply(void 0,[c].concat(e)));n.name="Invariant Violation";n.messageWithParams=[c].concat(e);throw n}}function l(a,b){var c="Minified invariant #"+a+"; %s";b.length>0&&(c+=" Params: "+b.map(function(a){return"%s"}).join(", "));a=g.show_invariant_decoder===!0?"visit "+m(a,b)+" to see the full message.":"";return{message:c,decoderLink:a}}function m(a,b){a="https://our.intern.facebook.com/intern/invariant/"+a+"/";b.length>0&&(a+="?"+b.map(function(a,b){return"args["+b+"]="+encodeURIComponent(String(a))}).join("&"));return a}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.Native",["Log","sdk.UA"],(function(a,b,c,d,e,f,g,h){__p&&__p();var i="fbNativeReady";a={onready:function(a){__p&&__p();if(!h.nativeApp()){g.error("FB.Native.onready only works when the page is rendered in a WebView of the native Facebook app. Test if this is the case calling FB.UA.nativeApp()");return}window.__fbNative&&!this.nativeReady&&ES("Object","assign",!1,this,window.__fbNative);if(this.nativeReady)a();else{var b=function b(c){window.removeEventListener(i,b),this.onready(a)};window.addEventListener(i,b,!1)}}};e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.NativeExtensions",["Log","sdk.DOMEventListener","sdk.UA"],(function(a,b,c,d,e,f,g,h,i){__p&&__p();var j="fbNativeExtensionsReady";function k(){return window._FBSdkExtensions&&window._FBSdkExtensions.jsonRPC&&window._FBSdkExtensions.initializeCallbackHandler&&window._FBSdkExtensions.supportsDialog?window._FBSdkExtensions:null}a={onReady:function(a){__p&&__p();if(!i.facebookInAppBrowser()){g.error("FB.NativeExtensions.onReady only works when the page is rendered in a WebView of the native Facebook app.");return}var b=k();if(b){a(b);return}var c=!1;b=function b(){var d=k();if(c||!d)return;c=!0;a(d);h.remove(window,j,b)};h.add(window,j,b)}};e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.XD",["JSSDKXDConfig","Log","QueryString","Queue","UrlMap","XDM","guid","isFacebookURI","sdk.Content","sdk.createIframe","sdk.Event","sdk.feature","sdk.RPC","sdk.Runtime","sdk.Scribe","sdk.URI"],(function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v){__p&&__p();var w=new j(),x=new j(),y=m(),z="https";a=g.useCdn?"cdn":"www";b=r("use_bundle",!1)?g.XdBundleUrl:g.XdUrl;var A=k.resolve(a)+b;c=function(){if("origin"in location)if(location.origin&&location.origin!="null")return location.origin;else if(window!==window.parent)try{var a=parent.location.origin;if(a&&a!="null")return a}catch(a){}return location.protocol+"//"+location.host};var B=m(),C=c(),D,E,F=!1,G="Facebook Cross Domain Communication Frame",H={},I=new j();s.setInQueue(I);function J(a){h.info("Remote XD can talk to facebook.com (%s)",a),t.setEnvironment(a==="canvas"?t.ENVIRONMENTS.CANVAS:t.ENVIRONMENTS.PAGETAB)}function K(a,b){__p&&__p();if(!b){h.error("No senderOrigin");throw new Error()}switch(a.xd_action){case"proxy_ready":var c,d;c=x;d=E;t.set
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.XFBML.CustomerChatWarning",["Log"],(function(a,b,c,d,e,f,g){"use strict";function a(a,b,c,d){g.error("##########################\n# The CustomerChat plugin is no longer part of the main Facebook SDK.\n# To continue using it please use the correct SDK URL,\n# meaning replace sdk.js with sdk/xfbml.customerchat.js.\n# For more details see https://developers.facebook.com/docs/messenger-platform/discovery/customer-chat-plugin/sdk\n##########################");return{subscribe:function(){},process:function(){}}}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.XFBML.LoginButton",["IframePlugin","Log","safeEval","sdk.ErrorHandling","sdk.feature","sdk.Runtime","sdk.Scribe","sdk.ui","sdk.XD"],(function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o){__p&&__p();var p=k("https_only_enforce_starting",!1),q=k("https_only_learn_more","");function r(a,b,c){a&&(typeof a==="string"?j.unguard(i)(a,c):a.apply&&j.unguard(a).apply(b,c||[]))}a=g.extend({constructor:function(a,b,c,d){__p&&__p();if(location.protocol!=="https:"&&p){var e="The Login Button plugin will soon stop working on http pages. Please update your site to use https for Facebook Login. %s";h.log("error",-1,e,q);k("https_only_scribe_logging",!0)&&m.log("jssdk_error",{appId:l.getClientID(),error:"HttpsOnly",extra:{message:"LoginButton"}})}this.parent(a,b,c,d);var f=g.getVal(d,"on_login"),i=null,j=this._iframeOptions.name;f&&(i=function(a){if(a.error_code){h.debug("Plugin Return Error (%s): %s",a.error_code,a.error_message||a.error_description);return}r(f,null,[a])},this.subscribe("login.status",i));this.subscribe("xd.login_b
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.openMessenger",["sdk.UA"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();var h="https://itunes.apple.com/us/app/messenger/id454638411",i="https://play.google.com/store/apps/details?id=com.facebook.orca",j=3e3;function a(a){var b,c,d=a.link;a=a.app_id;g.android()?(b="intent://share/#Intent;package=com.facebook.orca;scheme=fb-messenger;S.android.intent.extra.TEXT="+encodeURIComponent(d)+";S.trigger=send_plugin;",a&&(b+="S.platform_app_id="+encodeURIComponent(a)+";"),b+="end",c=i):(b="fb-messenger://share?link="+encodeURIComponent(d),a&&(b+="&app_id="+encodeURIComponent(a)),c=h);setTimeout(function(){window.location.href=c},j);window.location.href=b}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.2.drString found in binary or memory: __d("sdk.unsecureDisallowed",["Log","sdk.feature","sdk.Runtime","sdk.Scribe"],(function(a,b,c,d,e,f,g,h,i,j){"use strict";__p&&__p();var k=h("https_only_enforce_starting",!1),l=h("https_only_learn_more",""),m={};function a(a){if(window.location.protocol!=="https:"&&k&&k-ES("Date","now",!1)<=0){g.log("error",-1,"The method FB.%s can no longer be called from http pages. %s",a,l);return!0}window.location.protocol!=="https:"&&k&&(g.log("error",-1,"The method FB.%s will soon stop working when called from http pages. Please update your site to use https for Facebook Login. %s",a,l),h("https_only_scribe_logging",!0)&&!Object.prototype.hasOwnProperty.call(m,a)&&(j.log("jssdk_error",{appId:i.getClientID(),error:"HttpsOnly",extra:{message:a}}),m[a]=!0));return!1}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: www-widgetapi[1].js.2.drString found in binary or memory: h.B=function(a){a.id=this.g;a.channel="widget";a=xa(a);var b=this.b;var c=Ba(this.a.src);b=0==c.indexOf("https:")?[c]:b.a?[c.replace("http:","https:")]:b.c?[c]:[c,c.replace("http:","https:")];if(!this.a.contentWindow)throw Error("The YouTube player is not attached to the DOM.");for(c=0;c<b.length;c++)try{this.a.contentWindow.postMessage(a,b[c])}catch(d){if(d.name&&"SyntaxError"==d.name)Ha(d,"WARNING");else throw d;}};function bb(a){return(0==a.search("cue")||0==a.search("load"))&&"loadModule"!=a} equals www.youtube.com (Youtube)
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://staticxx.facebook.com/connect/xd_arbiter/r/j-GHT1gpo6-.js?version=43#channel=f16d8dc2cf3a1bd&origin=https%3A%2F%2Fproducts.office.com equals www.facebook.com (Facebook)
Source: iframe_api[1].js.2.drString found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkA4wlR/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce || c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: support.office.com
Urls found in memory or binary dataShow sources
Source: RC29818b6c0e7d4f449ef0ce8310622ea1-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC29818b6c0e7d4f449ef0ce8310622ea1-sou
Source: RC4ce14374f6374cdfa53aae777989e937-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC4ce14374f6374cdfa53aae777989e937-sou
Source: RC609c6a62e6764307915e122757d5274b-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC609c6a62e6764307915e122757d5274b-sou
Source: RC82effd02bfe54725bb102410c4c220b2-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC82effd02bfe54725bb102410c4c220b2-sou
Source: RC8b82706e00134f9fbf3682461d3a8046-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC8b82706e00134f9fbf3682461d3a8046-sou
Source: RC91184f17deae42d88f588497f76d1bbe-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC91184f17deae42d88f588497f76d1bbe-sou
Source: RCdc4f61b42f804b8ba5fd9572d2edb2fc-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RCdc4f61b42f804b8ba5fd9572d2edb2fc-sou
Source: RCe273b42c34d5427cb02b2d6cd022cac2-source.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RCe273b42c34d5427cb02b2d6cd022cac2-sou
Source: launch-ENc0cbffaf0f8248c3a934a56818d7737e.min[1].js.2.drString found in binary or memory: http://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.js
Source: react.min[1].js.2.dr, react-dom.min[1].js.2.drString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant
Source: de-ch[1].htm.2.drString found in binary or memory: http://github.com/aFarkas/lazysizes
Source: 18-d72213[1].js.2.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: de-ch[1].htm.2.drString found in binary or memory: http://github.com/requirejs/domReady
Source: de-ch[1].htm.2.drString found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: hammer-2.0.8[1].js.2.drString found in binary or memory: http://hammerjs.github.io/
Source: 89-535ed3[1].css.2.dr, 88-279f40[1].css.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: de-ch[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dCNN
Source: de-ch[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dKBu
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mx7d?ver=0b96
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2oiB3?ver=c4b6
Source: 27-934839[1].js.2.drString found in binary or memory: http://jedwatson.github.io/classnames
Source: 6203590383[1].js.2.drString found in binary or memory: http://jquery.com/
Source: 6203590383[1].js.2.drString found in binary or memory: http://jquery.org/license
Source: 27-934839[1].js.2.drString found in binary or memory: http://knockoutjs.com/
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: http://office.com/systemrequirements
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: http://schema.org/AggregateRating
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: http://schema.org/ItemList
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: http://schema.org/Offer
Source: de-ch[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: http://schema.org/Organization
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: http://schema.org/Rating
Source: 6203590383[1].js.2.drString found in binary or memory: http://sizzlejs.com/
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: http://support.xbox.com/contact-us/
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: social[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: 27-934839[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: 4f36c7c4-6ea2-4292-bc40-15f20cfd_864x576_499[1].dat.2.dr, 1bd49677-600e-41d9-b548-1f493619_864x576_303[1].dat.2.drString found in binary or memory: http://www.videolan.org/x264.html
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: iframe_api[1].js.2.drString found in binary or memory: http://www.youtube.com
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://a3698060313.cdn.optimizely.com/client_storage/a3698060313.html
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://aka.ms/onenote-office365-faq
Source: 6203590383[1].js.2.drString found in binary or memory: https://api.demandbase.com/api/v2/ip.json?key=3b7cbaac15b8971532d99eabf57d4637
Source: de-ch[1].htm.2.drString found in binary or memory: https://assets.onestore.ms
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.2.9.js
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://blogs.office.com/
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://c3web.trafficmanager.net/topic/
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://cdnssl.clicktale.net/www/tc/crossdomainInclCEC.html?cookie=WRUIDCD03072018
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, de-ch[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://channel9.msdn.com/
Source: ChangeMonitor-latest[1].js.2.drString found in binary or memory: https://code.google.com/p/mutation-summary/
Source: d0ab222a-1420-48cc-9bbd-6bdae7be01fc[1].js.2.drString found in binary or memory: https://conductor.clicktale.net/monitor
Source: de-ch[1].htm.2.drString found in binary or memory: https://dev.windows.com/de-de/
Source: munchkin[2].js.2.drString found in binary or memory: https://developers.marketo.com/MunchkinLicense.pdf
Source: 27-934839[1].js.2.drString found in binary or memory: https://github.com/js-cookie/js-cookie
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1CmIw?ver=e555&amp;q=
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Z7WK?ver=d3ea&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1ZcW0?ver=1ba7&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1ZfTA?ver=692c&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1ynyJ?ver=d6b1&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE280eS?ver=1255&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE280eY?ver=684e&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE280fW?ver=5657&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE282Rr?ver=9f57&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE282Ru?ver=e9b6&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE285rr?ver=a821&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2883D?ver=15bf&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2883r?ver=710d&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2883x?ver=cea4&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2884u?ver=ff83&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28diI?ver=7a3c&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fQS?ver=7f1e&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fR3?ver=3957&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fRa?ver=1b57&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fUF?ver=ad04&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2CaDD?ver=8ec0&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2McOE?ver=ccee&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2bz6C?ver=25bb&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2bzgO?ver=aeb9&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2ceF9?ver=2d1b&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2lEVR?ver=5f16&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mheW?ver=527a&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mupw?ver=8a53&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mx7d?ver=0b96
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mx7d?ver=0b96&amp;q=
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2oiB3?ver=c4b6
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2oiB3?ver=c4b6&amp;q=
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2uN0g?ver=002b&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2yBZv?ver=1984&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2yHAZ?ver=1453&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2yHyv?ver=5fd9&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2yuek?ver=40d5&amp;q=
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2yzns?ver=274b&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/REOLLm?ver=02d3&amp;q=9
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW54P2?ver=3520&amp;q=9
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW9wPJ?ver=211f&amp;q=9
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWfbJT?ver=8259&amp;q=9
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RWlux6?ver=f052&amp;q=9
Source: sdk[1].js.2.drString found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2fartic
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://login.live.com/logout.srf
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://login.live.com/logout.srf?ct=1547232859
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, SLSVJK5K.htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fproducts.office.com&uaid=a3f64b05-c
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4b233688-031c-404b-9a80-a4f3f235
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post&amp;response_type=
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://login.microsoftonline.com/forgetuser?sessionid=
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://lpcdn.lpsnmedia.net/le_secure_storage/3.7.0.0-release_439/storage.secure.min.html?loc=https%
Source: de-ch[1].htm.2.drString found in binary or memory: https://mem.gfx.ms
Source: meversion[1].js0.2.drString found in binary or memory: https://mem.gfx.ms/me
Source: de-ch[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=MSHomePage&amp;market=de-ch&amp;uhf=1
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&amp;market=en-us&amp;uhf=1
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=office&market=en-us&uhf=1
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=officesupport&market=en-us&uhf=1
Source: de-ch[1].htm.2.drString found in binary or memory: https://microsoftwindows.112.2o7.net
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://mix.office.com/oembed/
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://mix.office.com/watch/
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=0
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fproducts.office.com%2Fen-us%2Fcompare-all
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=undefined
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=undefined#https%3A%2F%2Fproducts.office.com%2Fen-us%2Fcom
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://office.com/start
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://office.live.com/start/MyAccount.aspx
Source: de-ch[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-ch/
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, de-ch[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://outlook.live.com/owa/
Source: sdk[1].js.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: {B6CBE96F-161D-11E9-AADE-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://products.offic
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/academic/compare-office-365-education-plans
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/enterprise-firstline-workers
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/enterprise-productivity-tools
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/explore-office-365-for-business
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/business/microsoft-office-365-frequently-asked-questions
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/business/mobile-productivity&quot;
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/office
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/office-365-customer-stories-office-testimonials
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/office-365-trust-center-welcome
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/business/office-for-it-pros
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/buy-office-365-home
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/choose-valid-billing-market
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/compare-all-microsoft-office-products
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/compare-all-microsoft-office-products?tab=1
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/compare-all-microsoft-office-products?tab=2
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/academic/compare-office-365-education-plans
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/compare-all-microsoft-office-products?tab=1&amp;OCID=AID679471_OO_
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/compare-all-microsoft-office-products?tab=2&amp;OCID=AID679471_OO_
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/home
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/download-back-up-restore-microsoft-office-products
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/download-office-2007
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/en-US/student/office-in-education
Source: cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/academic/compare-office-365-education-plans
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/compare-more-office-365-for-business-plans
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-firstline-workers
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-productivity-tools
Source: compare-all-microsoft-office-products[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/explore-office-365-for-business
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/international-availability
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/office
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/small-business-solutions
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/buy-office-365-home
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/buy/compare-microsoft-office-products-for-mac
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/choose-valid-billing-market-try-office365
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1%3aprimaryr1
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1%3aprimaryr1e2-b
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1%3aprimaryr1i9
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1pCompare
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimaryr1
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimaryr1e2
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&amp;activetab=tab%3aprimary
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?tab=1
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/excel
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/explore-office-for-home
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/explore-office-for-homePOffice
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://products.office.com/en-us/explore-office-for-homettc0k5bf?activetab=pivot%3aoverviewtabe
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/get-started-with-office-2019#compare_table
Source: cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/en-us/home
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/microsoft-office-for-home-and-school-faq
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/microsoft-teams/group-chat-software
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/mobile/Office-iPad
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/mobile/office-android-phone
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/mobile/office-android-tablet
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/mobile/office-iphone
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/mobile/office-windows-phone
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/mobile/office-windows-tablet
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/office-resources
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/office-system-requirements
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/onedrive-for-business/online-cloud-storage
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/onenote/digital-note-taking-app
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/outlook/email-and-calendar-software-microsoft-outlook
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/powerpoint
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/products
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/sharepoint/collaboration
Source: ~DF93759C6D60590CB7.TMP.1.dr, authorize[1].htm0.2.drString found in binary or memory: https://products.office.com/en-us/silentauth
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/site-search
Source: compare-all-microsoft-office-products[1].htm.2.dr, feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/student/office-in-education
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/try
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/word
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/excel
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/explore-office-for-home
Source: imagestore.dat.2.drString found in binary or memory: https://products.office.com/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://products.office.com/favicon.ico~
Source: imagestore.dat.2.drString found in binary or memory: https://products.office.com/favicon.ico~(
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/home
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/microsoft-office-2013
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/microsoft-office-for-home-and-school-faq
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/microsoft-teams/group-chat-software
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/mobile/office-android-phone
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/mobile/office-android-tablet
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/mobile/office-ipad
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/mobile/office-iphone
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/office-2010
Source: cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/office-365-home
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/office-365-personal
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/office-online/documents-spreadsheets-presentations-office-online
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/office-resources
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/office-system-requirements
Source: compare-all-microsoft-office-products[1].htm.2.drString found in binary or memory: https://products.office.com/office-system-requirements&quot;
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/officeproducts/onerf/signin?EEL=True
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://products.office.com/officeproducts/onerf/signout?pcexp=True
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/onedrive-for-business/online-cloud-storage
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/onenote
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/outlook/email-and-calendar-software-microsoft-outlook
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/powerpoint
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/products
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/sharepoint/collaboration
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/student/office-for-students
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/student/office-in-education
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/student/office-in-education?wt.mc_id=StudentandEducators_cat_banner1_off
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://products.office.com/try
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://products.office.com/word
Source: 27-934839[1].js.2.dr, 6203590383[1].js.2.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: iframe_api[1].js.2.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkA4wlR/www-widgetapi.js
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://schema.org/Organization
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://statics-eas.onestore.ms
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://statics-eus.onestore.ms
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://statics-neu.onestore.ms
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/statics/override.css?c=5
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_we
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://statics-wcus.onestore.ms
Source: de-ch[1].htm.2.drString found in binary or memory: https://store.office.com/de-ch/appshome.aspx?
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://store.office.com/en-us/appshome.aspx?
Source: explore-office-for-home[1].htm.2.drString found in binary or memory: https://store.office.com/worldwide.aspx?cmapid=6&amp;returnURL=https%3a%2f%2fproducts.office.com%2f&
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://store.office.com/worldwide.aspx?rs=en-us&amp;cmapid=1
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://store.office.com/worldwide.aspx?rs=en-us&amp;returnURL=https%3a%2f%2fwww.office.com%2f&amp;c
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/article/Install-and-use-different-versions-of-Office-on-the-same-PC-6EBB4
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/article/What-happens-to-my-data-and-access-when-my-Office-365-for-busines
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/article/renew-office-365-for-home-58f3d0f8-15c4-4ad8-8c5f-16d682e8b545
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/article/share-your-office-365-home-subscription-with-up-to-four-people-b3
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/article/switch-from-office-365-home-80a7f3cd-e42c-4014-b27a-3c87adb20e9e
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/article/switch-from-office-365-personal-4e1fb01b-fecb-4f60-bbb6-d45bf6ee2
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/article/switch-from-office-365-university-e973988e-bb38-4dcc-baf2-a63b377
Source: authorize[1].htm.2.drString found in binary or memory: https://support.office.com/auth/signin
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/en-us
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/A-subscription-notice-appears-when-I-open-an-Office-365-app
Source: cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/Fixes-or-workarounds-for-recent-issues-in-Word-for-Windows-
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/Get-help-with-Outlook-com-40676AD0-C831-45AC-A023-5BE633BE7
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/OneDrive-Help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2016
Source: {B6CBE96F-161D-11E9-AADE-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://support.office.com/en-us/article/feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44
Source: authorize[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/home/backgroundauth?provider=AAD&amp;end=False
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/office-training-center?ms.officeurl=training
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://support.office.com/office-training-center
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://support.skype.com/skype/windows-desktop/
Source: de-ch[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://swiftkey.com/images/misc/stores/app/en.png
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://templates.office.com/
Source: cfq7ttc0k5dm[1].htm.2.drString found in binary or memory: https://templates.office.com/en-us/
Source: de-ch[1].htm.2.drString found in binary or memory: https://twitter.com/microsoft_ch
Source: de-ch[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: imagestore.dat.2.drString found in binary or memory: https://weuofficehome.msocdn.com/s/7047452e/Content/images/favicon_metro.ico
Source: imagestore.dat.2.drString found in binary or memory: https://weuofficehome.msocdn.com/s/7047452e/Content/images/favicon_metro.ico~
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.instagram.com/microsoftch/
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.linkedin.com/company/1035
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://www.linkedin.com/company/3509299
Source: {B6CBE96F-161D-11E9-AADE-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://www.microsoft.
Source: {B6CBE96F-161D-11E9-AADE-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://www.microsoft..com/en-us/article/feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44
Source: {B6CBE96F-161D-11E9-AADE-9CC1A2A860C6}.dat.1.drString found in binary or memory: https://www.office.com
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://www.office.com/
Source: cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://www.office.com/?auth=1
Source: cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://www.office.com/?auth=2
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://www.office.com/FOffice
Source: SLSVJK5K.htm.2.drString found in binary or memory: https://www.office.com/login?es=Click&amp;ru=%2F
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.drString found in binary or memory: https://www.office.com/login?ru=%2f%3fauth%3d1
Source: ~DF93759C6D60590CB7.TMP.1.drString found in binary or memory: https://www.office.com/m/de-ch/rticle/feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://www.onenote.com/
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.onenote.com/?omkt=de-CH
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.skype.com/de/
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://www.skype.com/en/
Source: cfq7ttc0k5dm[1].htm.2.dr, cfq7ttc0k5bf[1].htm.2.drString found in binary or memory: https://www.skype.com/en/offers/office365/
Source: de-ch[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://www.xbox.com/
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/games/xbox-one?xr=shellnav
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/xbox-one-s?xr=shellnav
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/xbox-one-x
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, SLSVJK5K.htm.2.drString found in binary or memory: https://www.xbox.com/en-us/games/xbox-one?xr=shellnav
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-s?xr=shellnav
Source: feedback-about-non-delivery-report-5-7-133-3cd30091-6a8c-44e2-b909-c8a46fc8457a[1].htm.2.dr, cfq7ttc0k5dm[1].htm.2.dr, explore-office-for-home[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-x
Source: www-widgetapi[1].js.2.drString found in binary or memory: https://www.youtube.com
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.youtube.com/user/MicrosoftCH
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean2.win@4/275@95/47
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\CRAIGH~1\AppData\Local\Temp\~DF3A4288E57B76D9BA.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1728 CREDAT:17410 /prefetch:2
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1728 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Queries a list of all running processesShow sources
Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 process2 2 Behavior Graph ID: 102811 URL: https://go.microsoft.com/fwlink/?LinkId=615007 Startdate: 11/01/2019 Architecture: WINDOWS Score: 2 5 iexplore.exe 3 84 2->5         started        8 svchost.exe 4 2->8         started        dnsIp3 13 statics-wcus.onestore.ms 5->13 15 statics-neu.onestore.ms 5->15 17 7 other IPs or domains 5->17 10 iexplore.exe 8 310 5->10         started        process4 dnsIp5 19 spcms-global.pbp.gysm.yahoodns.net 188.125.66.34, 443, 49983, 49984 YAHOO-IRDGB United Kingdom 10->19 21 s.twitter.com 199.16.156.73, 443, 49968, 49969 TWITTER-TwitterIncUS United States 10->21 23 120 other IPs or domains 10->23

Simulations

Behavior and APIs

TimeTypeDescription
19:54:30API Interceptor1x Sleep call for process: svchost.exe modified

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
https://go.microsoft.com/fwlink/?LinkId=6150070%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
dgps-eus2.cloudapp.net0%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://weuofficehome.msocdn.com/s/7047452e/Content/images/favicon_metro.ico~0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.