Loading ...

Analysis Report https://go.microsoft.com/fwlink/p/?LinkId=615127

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:102812
Start date:11.01.2019
Start time:19:56:52
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 39s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://go.microsoft.com/fwlink/p/?LinkId=615127
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean2.win@3/289@67/37
Cookbook Comments:
  • Adjust boot time
  • Browsing link: https://www.microsoft.com/
  • Browsing link: https://www.office.com/
  • Browsing link: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimaryr1
  • Browsing link: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing network information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtSetValueKey calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold20 - 100Report FP / FNfalseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold30 - 5true
ConfidenceConfidence


Classification

Analysis Advice

All HTTP servers contacted by the sample do not resolve. Likely the sample is an old dropper which does no longer work
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Service DiscoveryApplication Deployment SoftwareData from Local SystemData Encrypted1Standard Non-Application Layer Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol2

Signature Overview

Click to jump to signature section


Phishing:

barindex
Form action URLs do not match main URLShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: Form action: https://products.office.com/en-us/site-search microsoft office
Invalid T&C link foundShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: Invalid link: Most helpful
META author tag missingShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: https://www.microsoft.com/en-us/p/office-365-home/cfq7ttc0k5dm?activetab=pivot%3aoverviewtabHTTP Parser: No <meta name="copyright".. found

Networking:

barindex
Connects to many different domainsShow sources
Source: unknownNetwork traffic detected: DNS query count 65
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)Show sources
Source: global trafficTCP traffic: 192.168.2.5:49795 -> 23.10.249.49:443
Source: global trafficTCP traffic: 192.168.2.5:49799 -> 23.10.249.27:443
Source: global trafficTCP traffic: 192.168.2.5:49819 -> 104.46.0.93:443
Source: global trafficTCP traffic: 192.168.2.5:49834 -> 23.54.112.111:443
Source: global trafficTCP traffic: 192.168.2.5:49836 -> 52.239.140.10:443
Source: global trafficTCP traffic: 192.168.2.5:49840 -> 52.2.14.13:443
Source: global trafficTCP traffic: 192.168.2.5:49841 -> 34.194.168.70:443
Source: global trafficTCP traffic: 192.168.2.5:49867 -> 13.32.176.135:443
Source: global trafficTCP traffic: 192.168.2.5:49868 -> 31.13.86.4:443
Source: global trafficTCP traffic: 192.168.2.5:49874 -> 31.13.75.12:443
Source: global trafficTCP traffic: 192.168.2.5:49876 -> 54.77.130.155:443
Source: global trafficTCP traffic: 192.168.2.5:49884 -> 13.32.176.38:443
Source: global trafficTCP traffic: 192.168.2.5:49886 -> 216.58.215.226:443
Source: global trafficTCP traffic: 192.168.2.5:49888 -> 31.13.86.36:443
Source: global trafficTCP traffic: 192.168.2.5:49890 -> 13.32.176.47:443
Source: global trafficTCP traffic: 192.168.2.5:49892 -> 185.63.145.5:443
Source: global trafficTCP traffic: 192.168.2.5:49898 -> 35.190.27.37:443
Source: global trafficTCP traffic: 192.168.2.5:49900 -> 54.81.103.120:443
Source: global trafficTCP traffic: 192.168.2.5:49903 -> 52.48.207.156:443
Source: global trafficTCP traffic: 192.168.2.5:49912 -> 108.174.10.10:443
Source: global trafficTCP traffic: 192.168.2.5:49916 -> 52.207.55.4:443
Source: global trafficTCP traffic: 192.168.2.5:49918 -> 74.125.143.156:443
Source: global trafficTCP traffic: 192.168.2.5:49922 -> 13.32.176.84:443
Source: global trafficTCP traffic: 192.168.2.5:49925 -> 108.177.119.156:443
Source: global trafficTCP traffic: 192.168.2.5:49928 -> 216.58.205.67:443
Source: global trafficTCP traffic: 192.168.2.5:49932 -> 52.214.151.124:443
Source: global trafficTCP traffic: 192.168.2.5:49948 -> 208.89.12.87:443
Source: global trafficTCP traffic: 192.168.2.5:49950 -> 13.32.176.2:443
Source: global trafficTCP traffic: 192.168.2.5:49952 -> 52.20.73.160:443
Source: global trafficTCP traffic: 192.168.2.5:49954 -> 185.29.135.233:443
Source: global trafficTCP traffic: 192.168.2.5:49956 -> 185.33.223.206:443
Source: global trafficTCP traffic: 192.168.2.5:49958 -> 34.192.19.184:443
Source: global trafficTCP traffic: 192.168.2.5:49975 -> 23.10.249.9:443
Found strings which match to known social media urlsShow sources
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" href="https://www.facebook.com/sharer.php?u=https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658" ms.interactiontype="1" ms.ea_offer="SOC" equals www.facebook.com (Facebook)
Source: fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" href="https://www.facebook.com/sharer.php?u=https://support.office.com/en-us/article/fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284" ms.interactiontype="1" ms.ea_offer="SOC" equals www.facebook.com (Facebook)
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" href="https://www.facebook.com/sharer.php?u=https://support.office.com/en-us/article/install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3" ms.interactiontype="1" ms.ea_offer="SOC" equals www.facebook.com (Facebook)
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: <a id="ocLinkedInButton" class="ocShareButton" target="_blank" href="https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2farticle%2fdownload-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658&amp;title=Download+and+install+or+reinstall+Office+365+or+Office+2019+on+a+PC+or+Mac" ms.interactiontype="1" ms.ea_offer="SOC" equals www.linkedin.com (Linkedin)
Source: fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: <a id="ocLinkedInButton" class="ocShareButton" target="_blank" href="https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2farticle%2ffix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284&amp;title=Fix+email+delivery+issues+for+error+code+5.7.133+in+Office+365" ms.interactiontype="1" ms.ea_offer="SOC" equals www.linkedin.com (Linkedin)
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: <a id="ocLinkedInButton" class="ocShareButton" target="_blank" href="https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2farticle%2finstall-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3&amp;title=Install+or+reinstall+Office+through+Microsoft+HUP" ms.interactiontype="1" ms.ea_offer="SOC" equals www.linkedin.com (Linkedin)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <img class="social-media__link--image" data-src="//weuofficehome.msocdn.com/s/9321b9bd/Content/images/twitter.svg" aria-hidden="true" alt="" /> equals www.twitter.com (Twitter)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <img class="social-media__link--image" data-src="//weuofficehome.msocdn.com/s/a81acccc/Content/images/linkedin.svg" aria-hidden="true" alt="" /> equals www.linkedin.com (Linkedin)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <img class="social-media__link--image" data-src="//weuofficehome.msocdn.com/s/b3340616/Content/images/facebook.svg" aria-hidden="true" alt="" /> equals www.facebook.com (Facebook)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <source type="image/svg+xml" data-srcset="//weuofficehome.msocdn.com/s/9321b9bd/Content/images/twitter.svg" /> equals www.twitter.com (Twitter)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <source type="image/svg+xml" data-srcset="//weuofficehome.msocdn.com/s/a81acccc/Content/images/linkedin.svg" /> equals www.linkedin.com (Linkedin)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <source type="image/svg+xml" data-srcset="//weuofficehome.msocdn.com/s/b3340616/Content/images/facebook.svg" /> equals www.facebook.com (Facebook)
Source: YWFK3EVD.htm.3.drString found in binary or memory: <a id="social-media-linkedin" class="social-media__link" href="https://www.linkedin.com/company/3509299" aria-label="Linkedin"> equals www.linkedin.com (Linkedin)
Source: sdk[1].js.3.drString found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {new Image().src="https:\/\/www.facebook.com\/" + 'common/scribe_endpoint.php?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script)+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"4678942","namespace":"FB","message":"'+e.message+'"}}');} equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: * As with any software that integrates with the Facebook platform, your use of equals www.facebook.com (Facebook)
Source: react.min[1].js.3.drString found in binary or memory: * Copyright (c) 2013-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: * Copyright (c) 2017-present, Facebook, Inc. All rights reserved. equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: * [http://developers.facebook.com/policy/]. This copyright notice shall be equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: * in connection with the web services and APIs provided by Facebook. equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: * this software is subject to the Facebook Platform Policy equals www.facebook.com (Facebook)
Source: react-dom.min[1].js.3.drString found in binary or memory: 'use strict';(function(na,l){"object"===typeof exports&&"undefined"!==typeof module?module.exports=l(require("react")):"function"===typeof define&&define.amd?define("react-dom", ["react"],l):na.ReactDOM=l(na.React)})(this,function(na){function l(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,d=0;d<b;d++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[d+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."); equals www.facebook.com (Facebook)
Source: react.min[1].js.3.drString found in binary or memory: 'use strict';(function(q,k){"object"===typeof exports&&"undefined"!==typeof module?module.exports=k():"function"===typeof define&&define.amd?define('react', k):q.React=k()})(this,function(){function q(a){for(var b=arguments.length-1,c="Minified React error #"+a+"; visit http://facebook.github.io/react/docs/error-decoder.html?invariant\x3d"+a,d=0;d<b;d++)c+="\x26args[]\x3d"+encodeURIComponent(arguments[d+1]);b=Error(c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."); equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x12d83dda,0x01d4aa2b</date><accdate>0x12d83dda,0x01d4aa2b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x12d83dda,0x01d4aa2b</date><accdate>0x12da019c,0x01d4aa2b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x130e882e,0x01d4aa2b</date><accdate>0x130e882e,0x01d4aa2b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x130e882e,0x01d4aa2b</date><accdate>0x131237b6,0x01d4aa2b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x131efd65,0x01d4aa2b</date><accdate>0x131efd65,0x01d4aa2b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x131efd65,0x01d4aa2b</date><accdate>0x13226131,0x01d4aa2b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: <div id="fb-root"></div><script>/*<![CDATA[*/(function(n,t,i){var r,u=n.getElementsByTagName(t)[0];n.getElementById(i)||(r=n.createElement(t),r.id=i,r.src="//connect.facebook.net/en_IN/sdk.js#xfbml=1&version=v2.3".replace("amp;",""),u.parentNode.insertBefore(r,u))})(document,"script","facebook-jssdk")/*]]>*/</script><section id="pmgFooterSocial" class="social-footer pmg-mv-0003" role="region"><div class="ms-grid pmg-pv-0202"><div id="pmgSocialMediaContainer" class="ms-row pmg-social-mh l-pmg-pv-1500 pmg-outline-black pmg-outline-3" tabindex="0" aria-label="Office social media links"> equals www.facebook.com (Facebook)
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: Lhttps://staticxx.facebook.com/connect/xd_arbiter/r/j-GHT1gpo6-.js?version=43 equals www.facebook.com (Facebook)
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: LinkedIn equals www.linkedin.com (Linkedin)
Source: www-widgetapi[1].js.3.drString found in binary or memory: Wa.prototype.g=function(a){if(a.origin==V(this,"host")||a.origin==V(this,"host").replace(/^http:/,"https:")){try{var b=JSON.parse(a.data)}catch(c){return}this.c=!0;this.a||0!=a.origin.indexOf("https:")||(this.a=!0);if(a=U[b.id])a.A=!0,a.A&&(y(a.s,a.B,a),a.s.length=0),a.H(b)}};function W(a,b,c){this.h=this.a=this.b=null;this.g=this[r]||(this[r]=++t);this.c=0;this.A=!1;this.s=[];this.f=null;this.l=c;this.m={};c=document;if(a=l(a)?c.getElementById(a):a)if(c="iframe"==a.tagName.toLowerCase(),b.host||(b.host=c?Ba(a.src):"https://www.youtube.com"),this.b=new Wa(b),c||(b=Ya(this,a),this.h=a,(c=a.parentNode)&&c.replaceChild(b,a),a=b),this.a=a,this.a.id||(a=b=this.a,a=a[r]||(a[r]=++t),b.id="widget"+a),R[this.a.id]=this,window.postMessage){this.f=new M;Za(this);b=V(this.b,"events"); equals www.youtube.com (Youtube)
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: Your Microsoft account is the combination of an email address and password that you use to sign in to services like Hotmail, OneDrive, Windows Phone, Xbox LIVE, and Outlook.com. If you use any of these services, you already have a Microsoft account that you can use, or you can create a new account. <a href="https://go.microsoft.com/fwlink/p/?LinkID=403717" style="" class="c-hyperlink">Learn more about a Microsoft account</a>. As part of signing up for a trial or purchasing Office, you will be prompted to sign in with a Microsoft account. You must be signed in with this account to install and manage your Office software, or to use some subscription benefits, including OneDrive storage and Skype minutes. equals www.hotmail.com (Hotmail)
Source: sdk[1].js.3.drString found in binary or memory: __d("FBPixelEndpoint",["FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g,h){"use strict";__p&&__p();var i="https://www.facebook.com/tr/",j=location.href,k=window.top!==window,l=document.referrer;function m(a,b,c,d){__p&&__p();d=d||{};var e=new g();e.append("id",a);e.append("ev",b);e.append("dl",j);e.append("rl",l);e.append("if",k);e.append("ts",new Date().valueOf());e.append("cd",c);e.append("sw",window.screen.width);e.append("sh",window.screen.height);for(var f in d)e.append(f,d[f]);return e}function a(a,b,c,d){a=m(a,b,c,d);b=a.toQueryString();2048>(i+"?"+b).length?n(i,b):o(i,a)}function n(a,b){var c=new Image();c.src=a+"?"+b}function o(a,b){__p&&__p();var c="fb"+Math.random().toString().replace(".",""),d=document.createElement("form");d.method="post";d.action=a;d.target=c;d.acceptCharset="utf-8";d.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+c+'">':"iframe";var e=document.createElement(a);e.src="javascript:false";e.id=c;e.name=c;d.appendChild(e);h.li
Source: j-GHT1gpo6-[1].htm.3.drString found in binary or memory: __d("initXdArbiter",["QueryString","resolveWindow","Log","XDM"],(function(a,b,c,d,e,f){__p&&__p();(function(){__p&&__p();var a=b("QueryString"),c=b("resolveWindow"),d=b("Log"),e=b("XDM");function f(a){return a?a.replace(/[\"\'<>\(\)\\@]/g,""):a}function g(){return!window.chrome||!location.ancestorOrigins?!1:!/\.facebook\.com$/.test(location.ancestorOrigins[1])}function h(a,b){if(g())return"";if(window!=parent&&window.parent!=window.parent.parent)try{var c=parent.parent;return c.XdArbiter.register(window,a,b)}catch(a){d.error("Could not register with XdArbiter in parent.parent")}return""}function i(a,b,e){__p&&__p();if(!a&&g()){d.error("Can not use parent.parent to reach facebook.com");return}var f=a?c(a):parent.parent;if(f==null)d.error("Could not reach facebook.com using %s",a);else try{f=f;f.XdArbiter.handleMessage(b,e,window)}catch(b){d.error("Could not reach facebook.com using %s",a)}}function j(a,b){var c=50;b=function(){--c||window.clearInterval(d);try{a(),window.clearInterval(d)}catch(a){}};var d=window
Source: sdk[1].js.3.drString found in binary or memory: __d("invariant",["Env","TAAL","ex","sprintf"],(function(a,b,c,d,e,f,g,h,i,j){"use strict";__p&&__p();var k=i;function a(a,b){__p&&__p();if(!a){var c=b;for(var d=arguments.length,e=new Array(d>2?d-2:0),f=2;f<d;f++)e[f-2]=arguments[f];if(typeof c==="number"){var g=l(c,e),i=g.message,j=g.decoderLink;c=i;e.unshift(j)}else if(c===void 0){c="Invariant: ";for(var m=0;m<e.length;m++)c+="%s,"}c=h.blameToPreviousFrame(c);var n=new Error(k.apply(void 0,[c].concat(e)));n.name="Invariant Violation";n.messageWithParams=[c].concat(e);throw n}}function l(a,b){var c="Minified invariant #"+a+"; %s";b.length>0&&(c+=" Params: "+ES(b,"map",!0,function(a){return"%s"}).join(", "));a=g.show_invariant_decoder===!0?"visit "+m(a,b)+" to see the full message.":"";return{message:c,decoderLink:a}}function m(a,b){a="https://our.intern.facebook.com/intern/invariant/"+a+"/";b.length>0&&(a+="?"+ES(b,"map",!0,function(a,b){return"args["+b+"]="+encodeURIComponent(String(a))}).join("&"));return a}e.exports=a}),null); equals www.facebook.com (Face
Source: j-GHT1gpo6-[1].htm.3.drString found in binary or memory: __d("invariant",["Env","TAAL","ex","sprintf"],(function(a,b,c,d,e,f,g,h,i,j){"use strict";__p&&__p();var k=i;function a(a,b){__p&&__p();if(!a){var c=b;for(var d=arguments.length,e=new Array(d>2?d-2:0),f=2;f<d;f++)e[f-2]=arguments[f];if(typeof c==="number"){var g=l(c,e),i=g.message,j=g.decoderLink;c=i;e.unshift(j)}else if(c===void 0){c="Invariant: ";for(var m=0;m<e.length;m++)c+="%s,"}c=h.blameToPreviousFrame(c);var n=new Error(k.apply(void 0,[c].concat(e)));n.name="Invariant Violation";n.messageWithParams=[c].concat(e);throw n}}function l(a,b){var c="Minified invariant #"+a+"; %s";b.length>0&&(c+=" Params: "+b.map(function(a){return"%s"}).join(", "));a=g.show_invariant_decoder===!0?"visit "+m(a,b)+" to see the full message.":"";return{message:c,decoderLink:a}}function m(a,b){a="https://our.intern.facebook.com/intern/invariant/"+a+"/";b.length>0&&(a+="?"+b.map(function(a,b){return"args["+b+"]="+encodeURIComponent(String(a))}).join("&"));return a}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.Native",["Log","sdk.UA"],(function(a,b,c,d,e,f,g,h){__p&&__p();var i="fbNativeReady";a={onready:function(a){__p&&__p();if(!h.nativeApp()){g.error("FB.Native.onready only works when the page is rendered in a WebView of the native Facebook app. Test if this is the case calling FB.UA.nativeApp()");return}window.__fbNative&&!this.nativeReady&&ES("Object","assign",!1,this,window.__fbNative);if(this.nativeReady)a();else{var b=function b(c){window.removeEventListener(i,b),this.onready(a)};window.addEventListener(i,b,!1)}}};e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.NativeExtensions",["Log","sdk.DOMEventListener","sdk.UA"],(function(a,b,c,d,e,f,g,h,i){__p&&__p();var j="fbNativeExtensionsReady";function k(){return window._FBSdkExtensions&&window._FBSdkExtensions.jsonRPC&&window._FBSdkExtensions.initializeCallbackHandler&&window._FBSdkExtensions.supportsDialog?window._FBSdkExtensions:null}a={onReady:function(a){__p&&__p();if(!i.facebookInAppBrowser()){g.error("FB.NativeExtensions.onReady only works when the page is rendered in a WebView of the native Facebook app.");return}var b=k();if(b){a(b);return}var c=!1;b=function b(){var d=k();if(c||!d)return;c=!0;a(d);h.remove(window,j,b)};h.add(window,j,b)}};e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.XD",["JSSDKXDConfig","Log","QueryString","Queue","UrlMap","XDM","guid","isFacebookURI","sdk.Content","sdk.createIframe","sdk.Event","sdk.feature","sdk.RPC","sdk.Runtime","sdk.Scribe","sdk.URI"],(function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v){__p&&__p();var w=new j(),x=new j(),y=m(),z="https";a=g.useCdn?"cdn":"www";b=r("use_bundle",!1)?g.XdBundleUrl:g.XdUrl;var A=k.resolve(a)+b;c=function(){if("origin"in location)if(location.origin&&location.origin!="null")return location.origin;else if(window!==window.parent)try{var a=parent.location.origin;if(a&&a!="null")return a}catch(a){}return location.protocol+"//"+location.host};var B=m(),C=c(),D,E,F=!1,G="Facebook Cross Domain Communication Frame",H={},I=new j();s.setInQueue(I);function J(a){h.info("Remote XD can talk to facebook.com (%s)",a),t.setEnvironment(a==="canvas"?t.ENVIRONMENTS.CANVAS:t.ENVIRONMENTS.PAGETAB)}function K(a,b){__p&&__p();if(!b){h.error("No senderOrigin");throw new Error()}switch(a.xd_action){case"proxy_ready":var c,d;c=x;d=E;t.set
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.XFBML.CustomerChatWarning",["Log"],(function(a,b,c,d,e,f,g){"use strict";function a(a,b,c,d){g.error("##########################\n# The CustomerChat plugin is no longer part of the main Facebook SDK.\n# To continue using it please use the correct SDK URL,\n# meaning replace sdk.js with sdk/xfbml.customerchat.js.\n# For more details see https://developers.facebook.com/docs/messenger-platform/discovery/customer-chat-plugin/sdk\n##########################");return{subscribe:function(){},process:function(){}}}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.XFBML.LoginButton",["IframePlugin","Log","safeEval","sdk.ErrorHandling","sdk.feature","sdk.Runtime","sdk.Scribe","sdk.ui","sdk.XD"],(function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o){__p&&__p();var p=k("https_only_enforce_starting",!1),q=k("https_only_learn_more","");function r(a,b,c){a&&(typeof a==="string"?j.unguard(i)(a,c):a.apply&&j.unguard(a).apply(b,c||[]))}a=g.extend({constructor:function(a,b,c,d){__p&&__p();if(location.protocol!=="https:"&&p){var e="The Login Button plugin will soon stop working on http pages. Please update your site to use https for Facebook Login. %s";h.log("error",-1,e,q);k("https_only_scribe_logging",!0)&&m.log("jssdk_error",{appId:l.getClientID(),error:"HttpsOnly",extra:{message:"LoginButton"}})}this.parent(a,b,c,d);var f=g.getVal(d,"on_login"),i=null,j=this._iframeOptions.name;f&&(i=function(a){if(a.error_code){h.debug("Plugin Return Error (%s): %s",a.error_code,a.error_message||a.error_description);return}r(f,null,[a])},this.subscribe("login.status",i));this.subscribe("xd.login_b
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.openMessenger",["sdk.UA"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();var h="https://itunes.apple.com/us/app/messenger/id454638411",i="https://play.google.com/store/apps/details?id=com.facebook.orca",j=3e3;function a(a){var b,c,d=a.link;a=a.app_id;g.android()?(b="intent://share/#Intent;package=com.facebook.orca;scheme=fb-messenger;S.android.intent.extra.TEXT="+encodeURIComponent(d)+";S.trigger=send_plugin;",a&&(b+="S.platform_app_id="+encodeURIComponent(a)+";"),b+="end",c=i):(b="fb-messenger://share?link="+encodeURIComponent(d),a&&(b+="&app_id="+encodeURIComponent(a)),c=h);setTimeout(function(){window.location.href=c},j);window.location.href=b}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: sdk[1].js.3.drString found in binary or memory: __d("sdk.unsecureDisallowed",["Log","sdk.feature","sdk.Runtime","sdk.Scribe"],(function(a,b,c,d,e,f,g,h,i,j){"use strict";__p&&__p();var k=h("https_only_enforce_starting",!1),l=h("https_only_learn_more",""),m={};function a(a){if(window.location.protocol!=="https:"&&k&&k-ES("Date","now",!1)<=0){g.log("error",-1,"The method FB.%s can no longer be called from http pages. %s",a,l);return!0}window.location.protocol!=="https:"&&k&&(g.log("error",-1,"The method FB.%s will soon stop working when called from http pages. Please update your site to use https for Facebook Login. %s",a,l),h("https_only_scribe_logging",!0)&&!Object.prototype.hasOwnProperty.call(m,a)&&(j.log("jssdk_error",{appId:i.getClientID(),error:"HttpsOnly",extra:{message:a}}),m[a]=!0));return!1}e.exports=a}),null); equals www.facebook.com (Facebook)
Source: www-widgetapi[1].js.3.drString found in binary or memory: h.B=function(a){a.id=this.g;a.channel="widget";a=xa(a);var b=this.b;var c=Ba(this.a.src);b=0==c.indexOf("https:")?[c]:b.a?[c.replace("http:","https:")]:b.c?[c]:[c,c.replace("http:","https:")];if(!this.a.contentWindow)throw Error("The YouTube player is not attached to the DOM.");for(c=0;c<b.length;c++)try{this.a.contentWindow.postMessage(a,b[c])}catch(d){if(d.name&&"SyntaxError"==d.name)Ha(d,"WARNING");else throw d;}};function bb(a){return(0==a.search("cue")||0==a.search("load"))&&"loadModule"!=a} equals www.youtube.com (Youtube)
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://staticxx.facebook.com/connect/xd_arbiter/r/j-GHT1gpo6-.js?version=43#channel=f153b0e31c71508&origin=https%3A%2F%2Fproducts.office.com equals www.facebook.com (Facebook)
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://staticxx.facebook.com/connect/xd_arbiter/r/j-GHT1gpo6-.js?version=43#channel=f2020c8c657e9a6&origin=https%3A%2F%2Fproducts.office.com equals www.facebook.com (Facebook)
Source: iframe_api[1].js0.3.drString found in binary or memory: if (!window['YT']) {var YT = {loading: 0,loaded: 0};}if (!window['YTConfig']) {var YTConfig = {'host': 'http://www.youtube.com'};}if (!YT.loading) {YT.loading = 1;(function(){var l = [];YT.ready = function(f) {if (YT.loaded) {f();} else {l.push(f);}};window.onYTReady = function() {YT.loaded = 1;for (var i = 0; i < l.length; i++) {try {l[i]();} catch (e) {}}};YT.setConfig = function(c) {for (var k in c) {if (c.hasOwnProperty(k)) {YTConfig[k] = c[k];}}};var a = document.createElement('script');a.type = 'text/javascript';a.id = 'www-widgetapi-script';a.src = 'https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkA4wlR/www-widgetapi.js';a.async = true;var c = document.currentScript;if (c) {var n = c.nonce || c.getAttribute('nonce');if (n) {a.setAttribute('nonce', n);}}var b = document.getElementsByTagName('script')[0];b.parentNode.insertBefore(a, b);})();} equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: support.office.com
Urls found in memory or binary dataShow sources
Source: RC29818b6c0e7d4f449ef0ce8310622ea1-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC29818b6c0e7d4f449ef0ce8310622ea1-sou
Source: RC4ce14374f6374cdfa53aae777989e937-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC4ce14374f6374cdfa53aae777989e937-sou
Source: RC609c6a62e6764307915e122757d5274b-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC609c6a62e6764307915e122757d5274b-sou
Source: RC82effd02bfe54725bb102410c4c220b2-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC82effd02bfe54725bb102410c4c220b2-sou
Source: RC8b82706e00134f9fbf3682461d3a8046-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC8b82706e00134f9fbf3682461d3a8046-sou
Source: RC91184f17deae42d88f588497f76d1bbe-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RC91184f17deae42d88f588497f76d1bbe-sou
Source: RCdc4f61b42f804b8ba5fd9572d2edb2fc-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RCdc4f61b42f804b8ba5fd9572d2edb2fc-sou
Source: RCe273b42c34d5427cb02b2d6cd022cac2-source.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/BL40ae29a264ef4dac97e1bf1a734b0227/RCe273b42c34d5427cb02b2d6cd022cac2-sou
Source: launch-ENc0cbffaf0f8248c3a934a56818d7737e.min[1].js.3.drString found in binary or memory: http://assets.adobedtm.com/launch-ENc0cbffaf0f8248c3a934a56818d7737e.js
Source: react.min[1].js.3.dr, react-dom.min[1].js.3.drString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://github.com/aFarkas/lazysizes
Source: 18-d72213[1].js.3.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://github.com/requirejs/domReady
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: hammer-2.0.8[1].js.3.drString found in binary or memory: http://hammerjs.github.io/
Source: 89-535ed3[1].css.3.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mx7d?ver=0b96
Source: 27-934839[1].js.3.drString found in binary or memory: http://jedwatson.github.io/classnames
Source: 6203590383[1].js.3.drString found in binary or memory: http://jquery.com/
Source: 6203590383[1].js.3.drString found in binary or memory: http://jquery.org/license
Source: 27-934839[1].js.3.drString found in binary or memory: http://knockoutjs.com/
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://office.com/systemrequirements
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://schema.org/AggregateRating
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: http://schema.org/ItemList
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: http://schema.org/ListItem
Source: cfq7ttc0k5dm[1].htm.3.dr, 27-934839[1].js.3.drString found in binary or memory: http://schema.org/Offer
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: http://schema.org/Organization
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://schema.org/Rating
Source: 6203590383[1].js.3.drString found in binary or memory: http://sizzlejs.com/
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: http://support.xbox.com/contact-us/
Source: msapplication.xml.2.drString found in binary or memory: http://www.amazon.com/
Source: structuredlist[1].js.3.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: msapplication.xml1.2.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.2.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.2.drString found in binary or memory: http://www.nytimes.com/
Source: 27-934839[1].js.3.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: msapplication.xml4.2.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.2.drString found in binary or memory: http://www.twitter.com/
Source: 4f36c7c4-6ea2-4292-bc40-15f20cfd_864x576_499[1].dat.3.dr, 1bd49677-600e-41d9-b548-1f493619_864x576_303[1].dat.3.drString found in binary or memory: http://www.videolan.org/x264.html
Source: msapplication.xml6.2.drString found in binary or memory: http://www.wikipedia.com/
Source: iframe_api[1].js0.3.drString found in binary or memory: http://www.youtube.com
Source: msapplication.xml7.2.drString found in binary or memory: http://www.youtube.com/
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://a3698060313.cdn.optimizely.com/client_storage/a3698060313.html
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://aka.ms/office-install
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://aka.ms/onenote-office365-faq
Source: 6203590383[1].js.3.drString found in binary or memory: https://api.demandbase.com/api/v2/ip.json?key=3b7cbaac15b8971532d99eabf57d4637
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://assets.onestore.ms
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.2.9.js
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://blogs.office.com/
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.dr, download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: https://c3web.trafficmanager.net/topic/
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://cdn.optimizely.com/js/8269159376.js
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://cdnssl.clicktale.net/www/tc/crossdomainInclCEC.html?cookie=WRUIDCD03072018
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://channel9.msdn.com/
Source: ChangeMonitor-latest[1].js.3.drString found in binary or memory: https://code.google.com/p/mutation-summary/
Source: d0ab222a-1420-48cc-9bbd-6bdae7be01fc[1].js1.3.dr, monitor-latest[1].js.3.drString found in binary or memory: https://conductor.clicktale.net/monitor
Source: products.office[1].xml.3.drString found in binary or memory: https://conductor.clicktale.net/monitor?t=end&amp;p=162&amp;2=3294558062021826&amp;v=1.5.3&quot;
Source: munchkin[1].js.3.drString found in binary or memory: https://developers.marketo.com/MunchkinLicense.pdf
Source: 8269159376[1].js.3.drString found in binary or memory: https://developers.optimizely.com/x/solutions/javascript/topics/dynamic-websites/index.html#polling
Source: 27-934839[1].js.3.drString found in binary or memory: https://github.com/js-cookie/js-cookie
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1ZcW0?ver=1ba7&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1ZfTA?ver=692c&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE280eS?ver=1255&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE280eY?ver=684e&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE280fW?ver=5657&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE282Rr?ver=9f57&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE282Ru?ver=e9b6&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE285rr?ver=a821&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2883D?ver=15bf&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2883r?ver=710d&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2883x?ver=cea4&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2884u?ver=ff83&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28diI?ver=7a3c&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fQS?ver=7f1e&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fR3?ver=3957&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fRa?ver=1b57&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE28fUF?ver=ad04&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mx7d?ver=0b96
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mx7d?ver=0b96&amp;q=
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2uN0g?ver=002b&amp;q=
Source: fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: https://insider.office.com
Source: sdk[1].js.3.drString found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.dr, download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2fartic
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.dr, download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://login.live.com/logout.srf
Source: fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: https://login.live.com/logout.srf?ct=1547233067
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://login.live.com/logout.srf?ct=1547233088
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://login.live.com/logout.srf?ct=1547233093
Source: YWFK3EVD.htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fproducts.office.com&uaid=e638b226-0
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fsupport.office.com&uaid=9befbbdc-73
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=4b233688-031c-404b-9a80-a4f3f235
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.dr, download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, fix-email-delivery-issues-for-error-code-5-7-133-in-office-365-991abc19-7756-438f-abcb-39f69b80f284[1].htm.3.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post&amp;response_type=
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://login.microsoftonline.com/forgetuser?sessionid=
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://lpcdn.lpsnmedia.net/le_secure_storage/3.7.0.0-release_439/storage.secure.min.html?loc=https%
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://mem.gfx.ms
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OfficeProducts&amp;market=en-us&amp;uhf=1
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=office&market=en-us&uhf=1
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=officesupport&market=en-us&uhf=1
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://mix.office.com/oembed/
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://mix.office.com/watch/
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=0
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fproducts.office.com%2Fen-us%2Fcompare-all
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=undefined
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=undefined#https%3A%2F%2Fproducts.office.com%2Fen-us%2Fcom
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://office.com/setup
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://office.com/start
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://office.live.com/start/MyAccount.aspx
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-us/
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net/en-us/media/4a9bfdaf-ca3e-4c5f-9e29-1f3cc1be7433
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://outlook.live.com/owa/
Source: sdk[1].js.3.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://portal.office.de/OLS/MySoftware.aspx
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://portal.partner.microsoftonline.cn/OLS/MySoftware.aspx
Source: {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://products.offic
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/academic/compare-office-365-education-plans
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/enterprise-firstline-workers
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/enterprise-productivity-tools
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/explore-office-365-for-business
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/business/microsoft-office-365-frequently-asked-questions
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/business/mobile-productivity&quot;
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/office
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/office-365-customer-stories-office-testimonials
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/office-365-trust-center-welcome
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/business/office-for-it-pros
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/buy-office-365-home
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/choose-valid-billing-market
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/compare-all-microsoft-office-products
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/compare-all-microsoft-office-products?tab=1
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/compare-all-microsoft-office-products?tab=2
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/download-back-up-restore-microsoft-office-products
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/download-office-2007
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/en-US/student/office-in-education
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/academic/compare-office-365-education-plans
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/compare-more-office-365-for-business-plans
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-firstline-workers
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-productivity-tools
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/explore-office-365-for-business
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/international-availability
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/office
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/business/small-business-solutions
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/buy-office-365-home
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/buy/compare-microsoft-office-products-for-mac
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/choose-valid-billing-market-try-office365
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1%3aprimaryr1
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1%3aprimaryr1F
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=1pCompare
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimaryr1
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&activetab=tab%3aprimaryr167
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&amp;activetab=tab%3aprimary
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/excel
Source: compare-all-microsoft-office-products[1].htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/explore-office-for-home
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/get-started-with-office-2019#compare_table
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/home
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/microsoft-office-for-home-and-school-faq
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/microsoft-teams/group-chat-software
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/onedrive-for-business/online-cloud-storage
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/onenote/digital-note-taking-app
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/outlook/email-and-calendar-software-microsoft-outlook
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/powerpoint
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/products
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/sharepoint/collaboration
Source: ~DF014B607F556C431C.TMP.2.dr, authorize[1].htm1.3.dr, authorize[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/silentauth
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/site-search
Source: compare-all-microsoft-office-products[1].htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/student/office-in-education
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/try
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/word
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/excel
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/explore-office-for-home
Source: imagestore.dat.3.drString found in binary or memory: https://products.office.com/favicon.ico
Source: imagestore.dat.3.drString found in binary or memory: https://products.office.com/favicon.ico~
Source: imagestore.dat.3.drString found in binary or memory: https://products.office.com/favicon.ico~(
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/home
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/microsoft-office-2013
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/microsoft-office-for-home-and-school-faq
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/microsoft-teams/group-chat-software
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/mobile/office-android-phone
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/mobile/office-android-tablet
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/mobile/office-ipad
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/mobile/office-iphone
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/office-2010
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/office-365-home
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/office-365-personal
Source: YWFK3EVD.htm.3.dr, download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://products.office.com/office-online/documents-spreadsheets-presentations-office-online
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/office-resources
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://products.office.com/office-system-requirements
Source: compare-all-microsoft-office-products[1].htm.3.drString found in binary or memory: https://products.office.com/office-system-requirements&quot;
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/onedrive-for-business/online-cloud-storage
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/onenote
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/outlook/email-and-calendar-software-microsoft-outlook
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/powerpoint
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/products
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/sharepoint/collaboration
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/student/office-for-students
Source: YWFK3EVD.htm.3.dr, download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://products.office.com/student/office-in-education
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/student/office-in-education?wt.mc_id=StudentandEducators_cat_banner1_off
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://products.office.com/try
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://products.office.com/word
Source: 6203590383[1].js.3.dr, 27-934839[1].js.3.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: iframe_api[1].js0.3.drString found in binary or memory: https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkA4wlR/www-widgetapi.js
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://statics-eas.onestore.ms
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://statics-eus.onestore.ms
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://statics-neu.onestore.ms
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1
Source: YWFK3EVD.htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/statics/override.css?c=5
Source: YWFK3EVD.htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_we
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://statics-wcus.onestore.ms
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://store.office.com/en-us/appshome.aspx?
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://store.office.com/worldwide.aspx?rs=en-us&amp;cmapid=1
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://store.office.com/worldwide.aspx?rs=en-us&amp;returnURL=https%3a%2f%2fwww.office.com%2f&amp;c
Source: {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://support.office
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/(?:
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/(en-US
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/(en-us
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/?(?:en-US/?)?$
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/?(?:en-us/?)?$
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/0f09f357-3fef-42a6-b8aa-cef4c6c44bdf?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/35ff2def-e0b2-4dac-9784-4cf212c1f6c2?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/36081d8d-b3fa-4948-8c34-e217bba825e1?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/7059249b-d9fe-4d61-ab96-5c5bf435f281?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/7dabb6cb-0046-40b6-81fe-767e0b1f014f?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/98821981-6818-4cd2-aacc-cfcc8345ad4d?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/997596B5-4173-4627-B915-36ABAC6786DC?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/EDC2F78A-E6B7-4041-917B-8136AFB0A654?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/Install-Visio-f98f21e3-aa02-4827-9167-ddab5b025710?wt.mc_id=SCL_I
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/Install-and-use-different-versions-of-Office-on-the-same-PC-6EBB4
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/What-happens-to-my-data-and-access-when-my-Office-365-for-busines
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/b389b9ce-3ae3-4a82-9017-39d79972fcba?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/eba0b4a2-c0ae-472c-99f6-bc63ee2425a8?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/ed447ebf-6060-46f9-9e90-a239bd27eb96?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/f0a85fe7-118f-41cb-a791-d59cef96ad1c?wt.mc_id=SCL_InstallOffice_N
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/article/f8ab5e25-bf3f-4a47-b264-174b1ee925fd?wt.mc_id=SCL_InstallOffice_N
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/renew-office-365-for-home-58f3d0f8-15c4-4ad8-8c5f-16d682e8b545
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/share-your-office-365-home-subscription-with-up-to-four-people-b3
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/switch-from-office-365-home-80a7f3cd-e42c-4014-b27a-3c87adb20e9e
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/switch-from-office-365-personal-4e1fb01b-fecb-4f60-bbb6-d45bf6ee2
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/article/switch-from-office-365-university-e973988e-bb38-4dcc-baf2-a63b377
Source: authorize[1].htm0.3.drString found in binary or memory: https://support.office.com/auth/signin
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/en-US/Excel
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/en-US/excel
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/en-us
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/en-us/(f1
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/en-us/Excel
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/article/Get-help-with-Outlook-com-40676AD0-C831-45AC-A023-5BE633BE7
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/article/OneDrive-Help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2016
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2019
Source: {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://support.office.com/en-us/article/fix-email-delivery-issues-for-error-code-5-7-133-in-office-
Source: {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://support.office.com/en-us/article/install-or-reinstall-office-thrRoot
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/article/install-or-reinstall-office-through-microsoft-hup-d99c6e4a-
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.office.com/en-us/excel
Source: authorize[1].htm0.3.dr, authorize[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/home/backgroundauth?provider=AAD&amp;end=False
Source: cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://support.office.com/en-us/office-training-center?ms.officeurl=training
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.office.com/office-training-center
Source: products.office[1].xml.3.drString found in binary or memory: https://support.office.com_oeu1547265488068r0.2622475563006934$$a3698060313$$event_queue
Source: products.office[1].xml.3.drString found in binary or memory: https://support.office.com_oeu1547265488068r0.2622475563006934$$a3698060313$$layer_map
Source: products.office[1].xml.3.drString found in binary or memory: https://support.office.com_oeu1547265488068r0.2622475563006934$$a3698060313$$variation_map
Source: products.office[1].xml.3.drString found in binary or memory: https://support.office.com_oeu1547265488068r0.2622475563006934$$a3698060313$$visitor_profile
Source: products.office[1].xml.3.drString found in binary or memory: https://support.office.com_pending_events
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.officeppe.com/(?:
Source: 8269159376[1].js.3.drString found in binary or memory: https://support.officeppe.com/?(?:en-us/?)?$
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://support.skype.com/skype/windows-desktop/
Source: YWFK3EVD.htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://templates.office.com/
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://templates.office.com/en-us/
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: imagestore.dat.3.drString found in binary or memory: https://weuofficehome.msocdn.com/s/7047452e/Content/images/favicon_metro.ico
Source: imagestore.dat.3.drString found in binary or memory: https://weuofficehome.msocdn.com/s/7047452e/Content/images/favicon_metro.ico~
Source: f[1].txt0.3.drString found in binary or memory: https://www.google.ch/pagead/1p-user-list/862646735/?random
Source: f[1].txt0.3.drString found in binary or memory: https://www.google.com/pagead/1p-user-list/862646735/?random
Source: 8269159376[1].js.3.drString found in binary or memory: https://www.got-it.ai/partners/excelchat
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://www.linkedin.com/company/3509299
Source: {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://www.microsoft.
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.microsofthup.com/
Source: download-and-install-or-reinstall-office-365-or-office-2019-on-a-pc-or-mac-4414eaaf-0478-48be-9c42-23adc4716658[1].htm.3.dr, {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://www.office.com
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.office.com/
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://www.office.com/?auth=1
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://www.office.com/?auth=2
Source: ~DF014B607F556C431C.TMP.2.dr, {3555A961-161E-11E9-AAD9-C25F135D3C65}.dat.2.drString found in binary or memory: https://www.office.com/FOffice
Source: YWFK3EVD.htm.3.drString found in binary or memory: https://www.office.com/login?es=Click&amp;ru=%2F
Source: install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.office.com/login?ru=%2f%3fauth%3d1
Source: ~DF014B607F556C431C.TMP.2.drString found in binary or memory: https://www.office.com/om/en-us/article/install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.onenote.com/
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.skype.com/en/
Source: cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://www.skype.com/en/offers/office365/
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.xbox.com/
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.dr, install-or-reinstall-office-through-microsoft-hup-d99c6e4a-6756-4ece-99a0-b1df654ec7d3[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-us/games/xbox-one?xr=shellnav
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-s?xr=shellnav
Source: YWFK3EVD.htm.3.dr, cfq7ttc0k5dm[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-x
Source: www-widgetapi[1].js.3.drString found in binary or memory: https://www.youtube.com
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean2.win@3/289@67/37
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFE52BA24485929297.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3912 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3912 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 process2 2 Behavior Graph ID: 102812 URL: https://go.microsoft.com/fwlink/p/?LinkId=615127 Startdate: 11/01/2019 Architecture: WINDOWS Score: 2 5 iexplore.exe 6 85 2->5         started        dnsIp3 11 statics-wcus.onestore.ms 5->11 13 statics-neu.onestore.ms 5->13 15 6 other IPs or domains 5->15 8 iexplore.exe 8 331 5->8         started        process4 dnsIp5 17 dgps-eus2.cloudapp.net 104.46.0.93, 443, 49819, 49820 MICROSOFT-CORP-MSN-AS-BLOCK-MicrosoftCorporationUS United States 8->17 19 blob.am5prdstr14a.store.core.windows.net 52.239.140.10, 443, 49836, 49837 MICROSOFT-CORP-MSN-AS-BLOCK-MicrosoftCorporationUS United States 8->19 21 92 other IPs or domains 8->21

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
https://go.microsoft.com/fwlink/p/?LinkId=6151270%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
dgps-eus2.cloudapp.net0%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://support.office.com_oeu1547265488068r0.2622475563006934$$a3698060313$$visitor_profile0%Avira URL Cloudsafe
https://support.office.com_oeu1547265488068r0.2622475563006934$$a3698060313$$event_queue0%Avira URL Cloudsafe
https://weuofficehome.msocdn.com/s/7047452e/Content/images/favicon_metro.ico~0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.