Loading ...

Analysis Report https://1drv.ms/b/s!Aus2y-t8rEGoiRovEnj2eTWQ3fK-

Overview

General Information

Joe Sandbox Version:25.0.0 Tiger's Eye
Analysis ID:123502
Start date:15.04.2019
Start time:21:14:55
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 8s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://1drv.ms/b/s!Aus2y-t8rEGoiRovEnj2eTWQ3fK-
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • EGA enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean2.win@3/582@51/16
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Browsing link: https://onedrive.live.com/
  • Browsing link: https://onedrive.live.com/?authkey=%21ac8sepz5nzdd8r4&cid=a841ac7cebcb36eb&id=a841ac7cebcb36eb%211178&parid=root&o=oneup#
  • Browsing link: https://go.microsoft.com/fwlink/p/?linkid=822563
  • Browsing link: https://onedrive.uservoice.com/
  • Browsing link: https://g.live.com/8seskydrive/tou
  • Browsing link: https://go.microsoft.com/fwlink/?linkid=521839
  • Browsing link: https://g.live.com/8seskydrive/dev
  • Browsing link: https://go.microsoft.com/fwlink/?linkid=85433
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmru
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotos
Warnings:
Show All
  • Exclude process from analysis (whitelisted): ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exe, svchost.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtReadFile calls found.
  • Report size getting too big, too many NtWriteFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold20 - 100falseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Service DiscoveryApplication Deployment SoftwareData from Local SystemData Encrypted1Standard Non-Application Layer Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol2

Signature Overview

Click to jump to signature section


Phishing:

barindex
Found iframesShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3drootHTTP Parser: Iframe src: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: Iframe src: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmruHTTP Parser: Iframe src: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
HTML title does not match URLShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3drootHTTP Parser: Title: OneDrive does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: Title: OneDrive does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmruHTTP Parser: Title: OneDrive does not match URL
META author tag missingShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3drootHTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: No <meta name="author".. found
Source: https://onedrive.uservoice.com/HTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmruHTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3drootHTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: No <meta name="copyright".. found
Source: https://onedrive.uservoice.com/HTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ac8sepz5nzdd8r4%26id%3droot%26qt%3dmruHTTP Parser: No <meta name="copyright".. found

Software Vulnerabilities:

barindex
Allocates a big amount of memory (probably used for heap spraying)Show sources
Source: iexplore.exeMemory has grown: Private usage: 2MB later: 271MB

Networking:

barindex
Connects to many different domainsShow sources
Source: unknownNetwork traffic detected: DNS query count 50
Found strings which match to known social media urlsShow sources
Source: servicesagreement[1].htm.3.drString found in binary or memory: record is used. Microsoft does not support non-Microsoft credentials (such as Facebook and OpenID), so HealthVault customer equals www.facebook.com (Facebook)
Source: 7J7IWN8I.htm.3.drString found in binary or memory: url="https://graph.facebook.com/oauth/authorize?client_id=1951193478523856&amp;redirect_uri=https%3A%2F%2Fauth.uservoice.com%2Ffacebook&amp;scope=email&amp;display=popup&amp;state=224915" equals www.facebook.com (Facebook)
Source: privacystatement[1].htm.3.drString found in binary or memory: SwiftKey Account holders have the option to use the SwiftKey personalization service, which more quickly establishes and improves personalized predictions by allowing SwiftKey to access content on your device, including content you send through SMS, and certain apps such as Outlook.com, Gmail, Facebook and Twitter when you choose to connect them to the service. equals www.facebook.com (Facebook)
Source: privacystatement[1].htm.3.drString found in binary or memory: SwiftKey Account holders have the option to use the SwiftKey personalization service, which more quickly establishes and improves personalized predictions by allowing SwiftKey to access content on your device, including content you send through SMS, and certain apps such as Outlook.com, Gmail, Facebook and Twitter when you choose to connect them to the service. equals www.twitter.com (Twitter)
Source: privacystatement[1].htm.3.drString found in binary or memory: When you share content to a social network like Facebook from a device that you have synced with your OneDrive account, your content is either uploaded to that social network, or a link to that content is posted to that social network. Doing this makes the content accessible to anyone on that social network. To delete the content, you need to delete it from the social network (if it was uploaded there, rather than a link to it) and from OneDrive. equals www.facebook.com (Facebook)
Source: privacystatement[1].htm.3.drString found in binary or memory: means. Microsoft is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). </p></span></div><div class="divModuleDescription"><span id="Header">Our retention of personal data</span><span id="navigationHeader">Our retention of personal data</span><span id="moduleName">mainOurretentionofpersonaldatamodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription"><p>Microsoft retains personal data for as long as necessary to provide the products and fulfill the transactions you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types, the context of our interactions with you or your use of products, actual retention periods can vary significantly.</p><p>Other criteria used to determine the retention periods include:</p><ul><li><strong>Do customers provide, create, or main
Source: partnerEscalation[2].json.3.drString found in binary or memory: "yourYahooEmail": "Your Yahoo email address" equals www.yahoo.com (Yahoo)
Source: bootstrap.min[1].css.3.drString found in binary or memory: * Copyright 2011-2016 Twitter, Inc. equals www.twitter.com (Twitter)
Source: odcstorageinfo.resx-00e3db72[1].js.3.drString found in binary or memory: one place for your work and life. Store and share documents, photos, and more in the cloud.",referralLinkText:"For each friend who signs into OneDrive as a new customer, both you and your friend will receive an extra 0.5 GB of free storage (max {0}).",invitesSent:"Invites were sent",sendingInvites:"Sending invites",mailWarning:"Note that the invitation to OneDrive is not available to people living in the European Union member states, Australia and New Zealand. You can still invite them by posting to Facebook, Twitter or LinkedIn."}});define("odsp-next/models/sharing/SharingNetwork.resx",["require","exports"],function(e,o){o.strings={facebook:"Facebook",twitter:"Twitter",linkedin:"LinkedIn",weibo:"Sina Weibo"}});define("odsp-next/controls/autoFillPopup/AutoFill.resx",["require","exports"],function(e,o){o.strings={NoResults:"No results",ResultsCapped:"Showing top results",SuggestedPeopleMenu:"Suggested people"}});define("odsp-next/controls/persona/Persona.resx",["require","exports"],function(e,o){o.strings={Vi
Source: odcstorageinfo.resx-00e3db72[1].js.3.drString found in binary or memory: one place for your work and life. Store and share documents, photos, and more in the cloud.",referralLinkText:"For each friend who signs into OneDrive as a new customer, both you and your friend will receive an extra 0.5 GB of free storage (max {0}).",invitesSent:"Invites were sent",sendingInvites:"Sending invites",mailWarning:"Note that the invitation to OneDrive is not available to people living in the European Union member states, Australia and New Zealand. You can still invite them by posting to Facebook, Twitter or LinkedIn."}});define("odsp-next/models/sharing/SharingNetwork.resx",["require","exports"],function(e,o){o.strings={facebook:"Facebook",twitter:"Twitter",linkedin:"LinkedIn",weibo:"Sina Weibo"}});define("odsp-next/controls/autoFillPopup/AutoFill.resx",["require","exports"],function(e,o){o.strings={NoResults:"No results",ResultsCapped:"Showing top results",SuggestedPeopleMenu:"Suggested people"}});define("odsp-next/controls/persona/Persona.resx",["require","exports"],function(e,o){o.strings={Vi
Source: odcstorageinfo.resx-00e3db72[1].js.3.drString found in binary or memory: one place for your work and life. Store and share documents, photos, and more in the cloud.",referralLinkText:"For each friend who signs into OneDrive as a new customer, both you and your friend will receive an extra 0.5 GB of free storage (max {0}).",invitesSent:"Invites were sent",sendingInvites:"Sending invites",mailWarning:"Note that the invitation to OneDrive is not available to people living in the European Union member states, Australia and New Zealand. You can still invite them by posting to Facebook, Twitter or LinkedIn."}});define("odsp-next/models/sharing/SharingNetwork.resx",["require","exports"],function(e,o){o.strings={facebook:"Facebook",twitter:"Twitter",linkedin:"LinkedIn",weibo:"Sina Weibo"}});define("odsp-next/controls/autoFillPopup/AutoFill.resx",["require","exports"],function(e,o){o.strings={NoResults:"No results",ResultsCapped:"Showing top results",SuggestedPeopleMenu:"Suggested people"}});define("odsp-next/controls/persona/Persona.resx",["require","exports"],function(e,o){o.strings={Vi
Source: fullExperience.min[1].js.3.drString found in binary or memory: * * Neither the name Facebook nor the names of its contributors may be used to equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.3.drString found in binary or memory: * Copyright (c) 2013-2015, Facebook, Inc. equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.3.drString found in binary or memory: * Copyright (c) 2013-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.3.drString found in binary or memory: * Copyright (c) Facebook equals www.facebook.com (Facebook)
Source: privacystatement[1].htm.3.drString found in binary or memory: </p></span></div><div class="divModuleDescription"><span id="Header">LinkedIn</span><span id="navigationHeader">LinkedIn</span><span id="moduleName">mainlinkedinmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>To learn about the data LinkedIn collects and how it is used and shared, please see LinkedIn equals www.linkedin.com (Linkedin)
Source: privacystatement[1].htm.3.drString found in binary or memory: </p></span></div><div class="divModuleDescription"><span id="Header">Outlook</span><span id="navigationHeader">Outlook</span><span id="moduleName">mainoutlookmodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>Outlook products are designed to improve your productivity through improved communications and include Outlook.com, Outlook applications, and related services.</p><p><strong>Outlook.com</strong>. Outlook.com is the primary consumer email service from Microsoft and includes email accounts with addresses that end in outlook.com, live.com, hotmail.com, and msn.com. Outlook.com provides features that let you connect with your friends on social networks. You will need to create a Microsoft account to use Outlook.com.</p><p>When you delete an email or item from a mailbox in Outlook.com, the item generally goes into your Deleted Items folder where it remains for approximately 7 days unless you move it back to your i
Source: privacystatement[1].htm.3.drString found in binary or memory: </p><p><strong>People app</strong>. The People app lets you see and interact with all your contacts in one place. When you add an account to the People app, your contacts from your account will be automatically added to the People app. You can add other accounts to the People app, including your social networks (such as Facebook and Twitter) and email accounts. When you add an account, we tell you what data the People app can import or sync with the particular service and let you choose what you want to add. Other apps you install may also sync data to the People app, including providing additional details to existing contacts. When you view a contact in the People app, information about your recent interactions with the contact (such as emails and calendar events, including from apps that the People app syncs data from) will be retrieved and displayed to you. You can remove an account from the People app at any time.</p><p><strong>Mail and Calendar app</strong>. The Mail and Calendar app allows you to connect
Source: privacystatement[1].htm.3.drString found in binary or memory: </p><ul><li>If you choose to connect Cortana to your work or school account, Cortana can access data stored in Office 365 to help you stay up to date, manage your email and calendar, and get insights about your meetings and relationships. </li><li>Choosing to sign in to LinkedIn within Cortana allows Microsoft to access your LinkedIn data so Cortana can give you more personalized information and recommendations. Please note that Cortana enables LinkedIn to access the name, email address, job title, and company name of people are you are meeting with, so she can retrieve relevant information about those contacts.</li><li>Cortana allows you to connect to third-party services to enable her to do more and provide additional personalized experiences based upon data from the third-party service. Not all Skills require your authentication. With your permission, <strong>Cortana can also send information about you along with your request to certain third-parties</strong>. For instance, when you ask Cortana to request y
Source: privacystatement[1].htm.3.drString found in binary or memory: <a target="_blank" class="mscom-link" href="https://aim.yahoo.com/aim/us/en/optout/">Flurry Analytics</a>, equals www.yahoo.com (Yahoo)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x24e08d9b,0x01d4f40b</date><accdate>0x24e08d9b,0x01d4f40b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x24e08d9b,0x01d4f40b</date><accdate>0x24e3aee0,0x01d4f40b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: Converged_v21033[1].css.3.drString found in binary or memory: Copyright (c) 2013 Twitter, Inc equals www.twitter.com (Twitter)
Source: privacystatement[1].htm.3.drString found in binary or memory: s <a target="_blank" class="mscom-link" href="https://www.linkedin.com/legal/privacy-policy">Privacy Policy</a>.</p></span></div><div class="divModuleDescription"><span id="Header">Search and artificial intelligence</span><span id="navigationHeader">Search and artificial intelligence</span><span id="moduleName">mainsearchaimodule</span><div class="printsummary" style="display: block;">Summary</div><span class="Description" id="ShortDescription" aria-expanded="false"><p>Search and artificial intelligence products connect you with information and intelligently sense, process, and act on information equals www.linkedin.com (Linkedin)
Source: privacystatement[1].htm.3.drString found in binary or memory: s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also target ads based on custom, non-sensitive health-related interest categories as requested by advertisers.</li><li><strong>Children and advertising</strong>. We do not deliver interest-based advertising to children whose birthdate in their Microsoft account identifies them as under 16 years of age.</li><li><strong>Data retention</strong>. For interest-based advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.</li><li><strong>Data sharing</strong>. In some cases, we share with advertisers reports about the data we have collected on their sites or ads. </li></ul><p><strong>Data collected by other advertising companies</strong>. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Microsoft partners with third-par
Source: privacystatement[1].htm.3.drString found in binary or memory: s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also target ads based on custom, non-sensitive health-related interest categories as requested by advertisers.</li><li><strong>Children and advertising</strong>. We do not deliver interest-based advertising to children whose birthdate in their Microsoft account identifies them as under 16 years of age.</li><li><strong>Data retention</strong>. For interest-based advertising, we retain data for no more than 13 months, unless we obtain your consent to retain the data longer.</li><li><strong>Data sharing</strong>. In some cases, we share with advertisers reports about the data we have collected on their sites or ads. </li></ul><p><strong>Data collected by other advertising companies</strong>. Advertisers sometimes include their own web beacons (or those of their other advertising partners) within their advertisements that we display, enabling them to set and read their own cookie. Additionally, Microsoft partners with third-par
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: 1drv.ms
Urls found in memory or binary dataShow sources
Source: Client[1].js.3.drString found in binary or memory: http://NSwag.org)
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://aefxx.com/
Source: privacystatement[1].htm.3.drString found in binary or memory: http://aka.ms/kr4ndl
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://dojofoundation.org/
Source: 7J7IWN8I.htm.3.drString found in binary or memory: http://example.org
Source: icons[1].eot.3.drString found in binary or memory: http://fontello.com
Source: icons[1].eot.3.drString found in binary or memory: http://fontello.comiconsRegulariconsiconsVersion
Source: bootstrap.min[1].css.3.drString found in binary or memory: http://getbootstrap.com)
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://github.com/jrburke/almond
Source: require.min[1].js.3.drString found in binary or memory: http://github.com/jrburke/requirejs
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://github.com/kriskowal/q/raw/master/LICENSE
Source: 1d-8122f6[1].css.3.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://jquery.org/license
Source: ConvergedLogin_PCore[1].js.3.dr, knockout-58619ac6[1].js.3.dr, knockout-3.3.0[1].js.3.drString found in binary or memory: http://knockoutjs.com/
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://matanich.com)
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://nicj.net
Source: HipController[1].js.3.drString found in binary or memory: http://p.client.hip.live.com/GetHIP/GetWLSPHIP0/
Source: require.min[1].js.3.drString found in binary or memory: http://requirejs.org/docs/errors.html#
Source: en-us[1].htm.3.drString found in binary or memory: http://schema.org/Brand
Source: en-us[1].htm.3.drString found in binary or memory: http://schema.org/Organization
Source: jquery.signalR2.1.1.min[1].js0.3.drString found in binary or memory: http://signalr.net/
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://sizzlejs.com/
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://spin.js.org/
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: http://stenciljs.com
Source: privacystatement[1].htm.3.drString found in binary or memory: http://tools.google.com/dlpage/gaoptout
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://underscorejs.org/LICENSE
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.a9.com/
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.appnexus.com/
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.asp.net/ajaxlibrary/CDN.ashx.
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.clicktale.net/disable.html
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.criteo.com/
Source: Dsign[1].pdf1.3.drString found in binary or memory: http://www.dynaforms.com
Source: knockout-3.3.0[1].js.3.drString found in binary or memory: http://www.json.org/json2.js
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
Source: OneNote[1].js.3.drString found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: servicesagreement[1].htm.3.drString found in binary or memory: http://www.mpegla.com
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.networkadvertising.org/
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.nielsen-online.com/corp.jsp?section=leg_prs&amp;nav=1#Optoutchoices
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://www.opensource.org/licenses/MIT.
Source: fullExperience.min[1].js.3.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: ConvergedLogin_PCore[1].js.3.dr, knockout-58619ac6[1].js.3.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Dsign[1].pdf1.3.drString found in binary or memory: http://www.radpdf.com
Source: Dsign[1].pdf1.3.drString found in binary or memory: http://www.radpdf.com)/Creator(RAD
Source: msapplication.xml5.2.drString found in binary or memory: http://www.twitter.com/
Source: 7J7IWN8I.htm.3.drString found in binary or memory: http://www.uservoice.com/powered-by/?uv_company_name=Microsoft&uv_experience=portal&uv_contact_url=o
Source: msapplication.xml6.2.drString found in binary or memory: http://www.wikipedia.com/
Source: privacystatement[1].htm.3.drString found in binary or memory: http://www.xbox.com/
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://OneDrive.uservoice.com/forums/601165-suggestion-archive
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://a.lw.skype.com/Login/silent/MsaCallback?site_name=lw.skype.com&response_type=postmessage&cli
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://a3698060313.cdn.optimizely.com/client_storage/a3698060313.html
Source: login[1].htm.3.dr, login[1].htm0.3.drString found in binary or memory: https://account.live.com/query.aspx?uaid=44a27511a4994732820503e363cbe15b&mkt=EN-US&lc=1033&id=25020
Source: login[1].htm.3.dr, login[1].htm0.3.drString found in binary or memory: https://account.live.com/username/recover?wreply=https://login.live.com/login.srf%3flc%3d1033%26mkt%
Source: privacystatement[1].htm.3.drString found in binary or memory: https://aim.yahoo.com/aim/us/en/optout/
Source: en-us[1].htm.3.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.2.4.min.js
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://aka.ms/redeemrewards
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://aka.ms/taxservice
Source: home-1d6400a6[1].js.3.drString found in binary or memory: https://app.adjust.com/
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/ie-6f6256efa8fcab0da2c5c83d6ccddaabe16fdd607b4f9e01ad9efe
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/index-4bc05bf4b4755f73f618dc9a538d9a2488f63ef5f8597a77a3b
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/index-cea7a5007afbd304c9c9b9901a0ec6eac6638c2d5d2e351e691
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/lt_IE_9-5d621b8b38991dde7ef0c335fc7cc90426c625e325949517b
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://assets.uvcdn.com/pkg/shared/favicons/password-096f5f50e7047f5a71ef5aaed4b7c326f41bad2fa74209
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://auth.uservoice.com/google/224915
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474836617/Product_42949674936/Asset_1de07245-8dcf
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474836617/Product_42949675690/Asset_f77102bd-2587
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474836634/Product_42949675672/Asset_2bee3c23-4f84
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474836786/Product_42949674581/Asset_524b1481-bc6f
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474838893/Product_42949674599/Asset_8dae2c3d-ba6e
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474839925/Product_42949675087/Asset_1dc109b5-d3b5
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/Partner_21474840190/Product_42949675314/Asset_1ac6ebd4-b25c
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/product/42949673251/12bc03df-7566-4ac8-8274-41d17613a2ab/ef
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/product/42949673777/dcaed2d8-f265-444e-9c4b-33eb46239a0a/ch
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/product/42949673851/a8feb4f0-e27f-4f84-a77c-c18ec2610187/Wo
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/product/42949674199/17c67318-d9e1-4d5f-8476-89e50e3d618d/wo
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://az158878.vo.msecnd.net/marketing/product/42949674255/d91cf13f-11ae-41da-9584-27056708979b/IE
Source: en-us[1].htm.3.drString found in binary or memory: https://channel9.msdn.com/
Source: en-us[1].htm0.3.drString found in binary or memory: https://concernapi.trafficmanager.net/Resources/images/ajax-loader.gif
Source: en-us[1].htm0.3.drString found in binary or memory: https://concernapi.trafficmanager.net/Resources/images/appbar.warning.png
Source: en-us[1].htm0.3.drString found in binary or memory: https://concernapi.trafficmanager.net/Resources/images/glyphicons-602-chevron-down.png
Source: en-us[1].htm0.3.drString found in binary or memory: https://concernapi.trafficmanager.net/Resources/images/validation_success.png
Source: OneNote[1].js.3.drString found in binary or memory: https://contentstorage.osi.office.net/images/2f4febe2cca96f7f.gif
Source: OneNote[1].js.3.drString found in binary or memory: https://contentstorage.osi.office.net/images/eb14b3fe6a1e1671.png
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://developer.micr
Source: privacystatement[1].htm.3.drString found in binary or memory: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protectio
Source: OneNote.box4.dll1[1].js.3.drString found in binary or memory: https://edog.onenote.com
Source: OneNote[1].js.3.drString found in binary or memory: https://excel.uservoice.com/forums/274580-excel-online
Source: OneNote[1].js.3.drString found in binary or memory: https://excel.uservoice.com/tos
Source: OneNote[1].js.3.drString found in binary or memory: https://excel.uservoice.com/tos#privacy-policy
Source: OneDriveFormModel[1].js.3.drString found in binary or memory: https://g.live.com/8seskydrive/tou
Source: jquery.signalR2.1.1.min[1].js0.3.drString found in binary or memory: https://github.com/SignalR/SignalR/blob/master/LICENSE.md
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: https://github.com/WebReflection/document-register-element
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: https://github.com/WebReflection/es6-collections
Source: fullExperience.min[1].js.3.drString found in binary or memory: https://github.com/ded/reqwest
Source: ConvergedLogin_PCore[1].js.3.drString found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: https://github.com/github/fetch
Source: app[1].css.3.drString found in binary or memory: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: https://github.com/jonathantneal/closest
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: https://github.com/lifaon74/url-polyfill
Source: fullExperience.min[1].js.3.drString found in binary or memory: https://github.com/nicjansma/usertiming.js
Source: mwf-auto-init-main.var.min[1].js.3.drString found in binary or memory: https://github.com/scottjehl/picturefill/blob/master/Authors.txt;
Source: bootstrap.min[1].css.3.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: home-1d6400a6[1].js.3.dr, en-us[1].htm.3.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: privacystatement[1].htm.3.drString found in binary or memory: https://kissmetrics.com/user-privacy
Source: Dsign[1].pdf1.3.drString found in binary or memory: https://livecanmore.com/1drive/)
Source: fullExperience.min[1].js.3.drString found in binary or memory: https://lodash.com/
Source: fullExperience.min[1].js.3.drString found in binary or memory: https://lodash.com/license
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://login.live.com
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355747&rver=6.7.6643.0&wp=mbi_ssl_sha
Source: en-us[1].htm.3.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1555355771&rver=6.7.6643.0&wp=MBI_SSL_SHA
Source: en-us[1].htm.3.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fsupport.office.com&uaid=44a27511-a4
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post&response_type=id_t
Source: privacystatement[1].htm.3.drString found in binary or memory: https://login.skype.com/login
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Source: en-us[1].htm.3.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OneDrive&market=en-us&uhf=1
Source: dmca[1].json.3.drString found in binary or memory: https://minecraft.net
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://mixer.com/about/tos
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://mixer.com/contact
Source: privacystatement[1].htm.3.drString found in binary or memory: https://mixpanel.com/optout
Source: mwf-auto-init-main.var.min[1].js.3.drString found in binary or memory: https://modernizr.com/download/?-eventlistener-picture-printshiv-setclasses
Source: imagestore.dat.3.drString found in binary or memory: https://msagfx.live.com/16.000.28156.5/images/favicon.ico
Source: imagestore.dat.3.drString found in binary or memory: https://msagfx.live.com/16.000.28156.5/images/favicon.ico~
Source: imagestore.dat.3.drString found in binary or memory: https://msagfx.live.com/16.000.28156.5/images/favicon.ico~(
Source: WordEditor.box4.dll1[1].js.3.drString found in binary or memory: https://office.com
Source: WordEditor.box4.dll1[1].js.3.drString found in binary or memory: https://office.com/webapps
Source: privacystatement[1].htm.3.drString found in binary or memory: https://ondemand.webtrends.com/support/optout.asp
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.V
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.dr, en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/?authkey=%21AC8SePZ5NZDd8r4&cid=A841AC7CEBCB36EB&id=A841AC7CEBCB36EB%21117
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/?authkey=%21ac8sepz5nzdd8r4&cid=a841ac7cebcb36eb&id=a841ac7cebcb36eb%21117
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/?cid=a841ac7cebcb36eb&id=A841AC7CEBCB36EB%211178&auRoot
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/?cid=a841ac7cebcb36eb&id=A841AC7CEBCB36EB%211178&authkey=%21AC8SePZ5NZDd8r
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/?cid=a841ac7cebcb36eb&id=A841AC7CEBCB36EB%211178&ithint=file
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/?id=root
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.live.com/about/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/af-za/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/am-et/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ar-145/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ar-ploc-sa/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ar-sa/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/as-in/
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/auth/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/az-latn-az/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/be-by/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/bg-bg/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/bn-bd/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/bn-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/bs-latn-ba/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ca-es-valencia/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ca-es/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/chr-cher-us/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/cs-cz/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/cy-gb/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/da-dk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/de-at/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/de-ch/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/de-de/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/el-gr/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-001/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-145/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-US/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-au/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-ca/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-gb/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-hk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-id/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-ie/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-il/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-my/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-nz/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-ph/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-pk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-sg/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-us/
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros.com/en-us/article/onedrive-helpaihd.net/files/onedrive
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros/login.srf?wa=wsignin1.0&rpsnv=1
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$MicrosRoot
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/?authkey=%21ac8sepz5nzdd8r4&aihd.net/files/onedrive
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/?id=rootRoot
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/about/en-us/Root
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/en-us/concern/onedriveRoot
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/en-us/servicesagreement/Root
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/uthkey=%21ac8sepz5nzdd8r4&aihd.net/files/onedrive-w
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsoice.com//article/onedrive-helpaihd.net/files/onedrive-
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micrososoft.com/en-us/onedrivementRoot
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/en-za/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-001/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-419/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-ar/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-cl/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-es/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-mx/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-us/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/es-ve/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/et-ee/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/eu-es/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fa-ir/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fi-fi/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fil-ph/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fr-145/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fr-be/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fr-ca/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fr-ch/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/fr-fr/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ga-ie/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/gd-gb/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/gl-es/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/gu-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ha-latn-ng/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/he-il/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/hi-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/hr-hr/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/hu-hu/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/hy-am/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/id-id/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/is-is/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/it-it/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ja-jp/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ja-ploc-jp/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ka-ge/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/kk-kz/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/km-kh/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/kn-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ko-kr/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/kok-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ky-kg/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/lb-lu/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/lo/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/lt-lt/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/lv-lv/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/mi-nz/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/mk-mk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ml-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/mn-mn/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/mr-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ms-my/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/mt-mt/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/nb-no/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ne-np/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/nl-be/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/nl-nl/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/nn-no/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/or-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/pa-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/pl-pl/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/prs-af/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/pt-br/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/pt-pt/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/quz-pe/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ro-ro/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ru-ru/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sd-arab-pk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/si-lk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sk-sk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sl-si/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sq-al/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sr-cyrl-ba/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sr-cyrl-rs/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sr-latn-rs/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sv-se/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/sw-ke/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ta-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/te-in/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/th-th/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/tk-tm/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/tr-tr/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/tt-ru/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ug-cn/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/uk-ua/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/ur-pk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/uz-latn-uz/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/vi-vn/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/zh-cn/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/zh-hk/
Source: en-us[1].htm.3.drString found in binary or memory: https://onedrive.live.com/about/zh-tw/
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/oft
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/preload?manifest=wac
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.live.com/redir?resid=A841AC7CEBCB36EB
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.userv
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://onedrive.uservoice.com/
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/admin
Source: imagestore.dat.3.drString found in binary or memory: https://onedrive.uservoice.com/favicon.ico
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913516
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913519
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913522
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913525
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913528
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913531
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913534
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/forums/913708/
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/images/marketing/powered-by-uservoice-2x.png
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://onedrive.uservoice.com/tos
Source: OneNote[1].js.3.drString found in binary or memory: https://onenote.uservoice.com/forums/327183-onenote-online
Source: OneNote[1].js.3.drString found in binary or memory: https://onenote.uservoice.com/tos
Source: OneNote[1].js.3.drString found in binary or memory: https://onenote.uservoice.com/tos#privacy-policy
Source: en-us[1].htm.3.drString found in binary or memory: https://outlook.live.com/owa/
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://outlook.live.com/owa/?nlp=1
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://outlook.live.com/owa/SuiteServiceProxy.aspx?suiteServiceReturnUrl=https%3A%2F%2Fonedrive.liv
Source: en-us[1].htm.3.drString found in binary or memory: https://p.sfx.ms/OneDriveLogoTile.png
Source: imagestore.dat.3.drString found in binary or memory: https://p.sfx.ms/images/favicon.ico
Source: imagestore.dat.3.drString found in binary or memory: https://p.sfx.ms/images/favicon.ico~
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474840919/Product_42949675896/Asset_5
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474841964/Product_42949676621/Asset_9
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474842728/Product_42949677195/Asset_f
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/Partner_21474844966/Product_42949678237/Asset_6
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/product/42949674257/b074f0e2-eae8-4191-9b33-a72
Source: WordEditorIntl[1].js.3.drString found in binary or memory: https://pinpointprod.blob.core.windows.net/marketing/product/42949674437/b65aa6da-f4b1-4f8b-b04e-cf4
Source: en-us[1].htm.3.drString found in binary or memory: https://portal.office.com/onedrive?msafed=0
Source: OneNote[1].js.3.drString found in binary or memory: https://powerpoint.uservoice.com/forums/270149-powerpoint-online
Source: OneNote[1].js.3.drString found in binary or memory: https://powerpoint.uservoice.com/tos
Source: OneNote[1].js.3.drString found in binary or memory: https://powerpoint.uservoice.com/tos#privacy-policy
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://privacy.micros
Source: en-us[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/academic/compare-office-365-education-plans
Source: en-us[1].htm.3.drString found in binary or memory: https://products.office.com/en-us/home
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://r1.res.office365.com/owalanding/v2.14/images/
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://r1.res.office365.com/owalanding/v2.14/landing.js
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.2970.3.2685561/resources/styles/fonts/segoeui-light.eot?#ie
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.2970.3.2685561/resources/styles/fonts/segoeui-regular.eot?#
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.2970.3.2685561/resources/styles/fonts/segoeui-semibold.eot?
Source: SuiteServiceProxy[1].htm0.3.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.2970.3.2685561/resources/styles/fonts/segoeui-semilight.eot
Source: fullExperience.min[1].js.3.drString found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: u-components.lgkblaid[1].js.3.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: mwf-auto-init-main.var.min[1].js.3.drString found in binary or memory: https://scottjehl.github.io/picturefill/
Source: en-us[1].htm.3.drString found in binary or memory: https://signup.live.com/signup.aspx?id=250206&wreply=https%3a%2f%2fonedrive.live.com%2f%3fgologin%3d
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://skyapi.onedrive.live.com/xmlproxy.htm?domain=live.com
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://skype.com/go/myaccount
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2018-05-25_20180604.001
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.dr, en-us[1].htm.3.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2019-04-05_20190410.001
Source: en-us[1].htm.3.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1
Source: en-us[1].htm.3.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/statics/override.css?c=7
Source: en-us[1].htm.3.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_we
Source: en-us[1].htm.3.drString found in binary or memory: https://store.office.com/en-us/appshome.aspx?
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://support.office
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30?ui=en-US
Source: privacystatement[1].htm.3.drString found in binary or memory: https://support.skype.com/en/
Source: OneNote[1].js.3.drString found in binary or memory: https://visio.uservoice.com/forums/368199-visio-online
Source: OneNote[1].js.3.drString found in binary or memory: https://visio.uservoice.com/tos
Source: OneNote[1].js.3.drString found in binary or memory: https://visio.uservoice.com/tos#privacy-policy
Source: privacystatement[1].htm.3.drString found in binary or memory: https://watchbeam.zendesk.com/hc/en-us/articles/115000922623-Rules-of-User-Conduct
Source: OneNote[1].js.3.drString found in binary or memory: https://word.uservoice.com/forums/271331-word-online
Source: OneNote[1].js.3.drString found in binary or memory: https://word.uservoice.com/tos
Source: OneNote[1].js.3.drString found in binary or memory: https://word.uservoice.com/tos#privacy-policy
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.adr.org
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.appsflyer.com/optout
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.google.com/intl/en_ALL/help/terms_maps.html
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.here.com/)
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.linkedin.com/legal/privacy-policy
Source: {4D6A2AF5-5FFE-11E9-AADE-9CC1A2A860C6}.dat.2.drString found in binary or memory: https://www.microsoft.
Source: en-us[1].htm.3.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/
Source: en-us[1].htm.3.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayEditProfilePage/tab.profile
Source: en-us[1].htm.3.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO
Source: en-us[1].htm.3.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR
Source: en-us[1].htm.3.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload
Source: en-us[1].htm.3.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage
Source: OneNote.box4.dll1[1].js.3.drString found in binary or memory: https://www.onenote.com
Source: en-us[1].htm.3.drString found in binary or memory: https://www.onenote.com/
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.privacyshield.gov/
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.privacyshield.gov/welcome
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.skype.com
Source: en-us[1].htm.3.drString found in binary or memory: https://www.skype.com/en/
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.skype.com/go/allrates
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.skype.com/go/legal
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.skype.com/go/store.reactivate.credit
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.skype.com/go/ustax
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.skype.com/legal/broadcast
Source: 7J7IWN8I.htm.3.drString found in binary or memory: https://www.uservoice.com/tos/
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.visiblemeasures.com/viewer-settings-opt-out
Source: en-us[1].htm.3.drString found in binary or memory: https://www.xbox.com/
Source: privacystatement[1].htm.3.drString found in binary or memory: https://www.xbox.com/Legal/ThirdPartyDataSharing
Source: servicesagreement[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-US/Legal/CodeOfConduct
Source: en-us[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-us/games/xbox-one?xr=shellnav
Source: en-us[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-s?xr=shellnav
Source: en-us[1].htm.3.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-x
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900

System Summary:

barindex
Binary contains paths to development resourcesShow sources
Source: OneNote[1].js.3.drBinary or memory string: function wac_tMa(a,b){var c=a.lastIndexOf(".");if(0>c)return b.val="",!1;b.val=a.substring(c,a.length);a=b.val;if(!wac_LL){wac_LL=new (wac_Fa.$$(String))(wac_ua());b=".3gp .aa .aac .aax .act .aiff .amr .ape .au .awb .dct .dss .dvf .flac .gsm .iklax .ivs .m4a .m4b .m4p .mmf .mp3 .mpc .msv .ogg .oga .mogg .opus .ra .rm .raw .sln .tta .vox .wav .webm .wma .wv".split(" ");for(var c=b.length,d=0;d<c;++d)wac_LL.W(b[d])}return wac_LL.xd(a)}function wac_0y(a){return 32===a.Ea()}
Classification labelShow sources
Source: classification engineClassification label: clean2.win@3/582@51/16
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF3F50B8996E572F0A.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5036 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5036 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Accept
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior
Binary contains paths to debug symbolsShow sources
Source: Binary string: function wac_0Ka(a){a.sV=(new wac_Eb).Ph("WebServiceCall","Download FontService Config");wac_8Ka(a,a.Z8b,a.crc,{"Content-Type":"application/json"})}function wac_aLa(a){a.oed=!0;for(var b=a.pDb,c=b.length,d=0;d<c;++d)(0,b[d])();Array.clear(a.pDb)}function wac_1Ka(a,b){this.FK=a;this.Q5=b}wac_1Ka.prototype={FK:null,Q5:null}; source: OneNote[1].js.3.dr
Source: Binary string: !(wac_NQ()&&wac_t(wac_r.aa,"HelpTabContactSupportIsEnabled"));a.btnShowTraining=!(wac_NQ()&&wac_t(wac_r.aa,"HelpTabShowTrainingIsEnabled"));a.btnWhatsNew=!(wac_NQ()&&wac_t(wac_r.aa,"HelpTabWhatsNewIsEnabled"));wac_bg().sd()||(wac_LG(b,118)||(a.grpWordTestFeature=!0,a.fseaWordTestFeature=!0),a[window.Box4.App.es()?"btnInteractiveViewOnWeb":"btnEditOnWeb"]=!0,this.M4(a));wac_u()&&wac_bg().uBa()&&wac_t(wac_r.aa,"OptOutSupportForSimplifiedRibbonIsEnabled")&&wac_bg().Pdb()||(a.toggleBtnSimpleRibbon=!0, source: WordEditor.box4.dll1[1].js.3.dr
Source: Binary string: wac_1Ya.prototype={us:null,Pdb:null,qfb:function(a,b){wac_PS(wac_U(wac_TK(a)))?this.Pdb&&this.Pdb.appendChild(a):wac_wS.prototype.qfb.call(this,a,b)}};function wac_TS(a,b,c,d){this.Cr=Function.createDelegate(this,this.gu);this.Kg=Function.createDelegate(this,this.ak);this.dispose=this.O;wac_TS.initializeBase(this,[a,b]);this.ac=c;this.Vb=d;this.I_b();this.Koa=!1;this.xq=this.Kg;this.ac.ta("click",this.wG,this.xq);this.XO=this.Cr;this.Vb.ta("keyup",this.gK,this.XO)} source: OneNote[1].js.3.dr
Source: Binary string: c.sa().N("PreviousLCID",this.J0a.toString()),c.sa().N("ChangedLCID",a.toString()),c.sa().N("NoProof",d.toString()),b=this.rAb,d=this.J0a,b.QDb)){var e,f,g;if(g=b.WHa.Fg(a,f={val:e}),e=f.val,g)f=a!==d,b.Mga.xd(a)?(g=Array.indexOf(b.xP,e),0<=g&&(Array.removeAt(b.xP,g),b.xP.push(e)),f&&b.b6a++):(b.Mga.W(a),b.xP.push(e),b.xP.length>b.RDb&&(e=b.xP.shift(),b.Mga.Fc(e.ej)),f&&b.PDb++),wac_Fmb(b)}window.Box4.App.ea().Of(!0)}c.vd()}},VQc:"<div class='WACDialogRow' id='IntroBlock'> <label id='IntroLabel' class='WACDialogLabel' for='LanguageList' >{0}</label> </div> <div class='LanguagesListDiv' id='LanguageListDiv'> <select class='UIFont WACDialogList' id='LanguageList' size='11'> </select> <label id='SpellingLabel' class='WACDialogLabel' >{1}</label> </div> <div class='WACDialogCheckBoxDiv' id='DoNotCheckSpellingBlock'> <input type='checkbox' id='DoNotCheckSpelling' class='WACDialogCheckBox' title='{2}'></input> <label id='\"\"' class='WACDialogLabel' for='DoNotCheckSpelling' >{2}</label> </div>"}; source: OneNote.box4
Source: Binary string: wac_r.prototype.Pdb=wac_X(36,function(){return!1});wac_J.wa.prototype.Pdb=wac_X(35,function(){return wac_t(wac_r.aa,"WordSimplifiedUXOptOutInViewTabIsEnabled")});wac_r.prototype.Ndb=wac_X(34,function(){return!1});wac_J.wa.prototype.Ndb=wac_X(33,function(){return this.zI()?(wac_Qg("Microsoft.Office.Web.SessionSettings.IWacWordReactAddInTaskPaneSettings"),wac_t(wac_r.aa,"ReactAddInTaskPaneIsEnabled")):!1});wac_r.prototype.Mdb=wac_X(32,function(){return!1}); source: WordEditor.box4.dll1[1].js.3.dr
Source: Binary string: $Ma:wac_a(208),TD:function(a,b,c){this.sr&&this.sr.TD(a,b,c);this.Ul&&this.Ul.TD(a,b,c);this.GH&&this.GH.TD(a,b,c)},vRa:function(a){this.lV&&this.lV.insertBefore(a,this.lV.firstChild)},KNc:function(a){!this.Od&&this.DIa&&(this.Sp=a,this.Sp.Akd(this),this.Sp.Qs(this.lV),this.iUb.style.width=this.nNa()+"px",this.Sp.wNa()||this.Sp.Kxa(!(1280>wac_bd())),wac_KS(this)?wac_LS(this,!1):wac_MS(this),wac_6Ya(this))},MNc:function(a){this.Od||(this.ex=a,this.ex.$Q(this.eha),this.ex.ef(!1),this.ZDb.Pdb=this.ex.Sw, source: OneNote[1].js.3.dr
Source: Binary string: function wac_8lb(a,b){this.uAb=wac_Amb(wac_f9a());this.WHa=new (wac_Ha.$$(wac_6m));this.xP=[];this.Mga=new (wac_pb.$$(Number));this.QDb=a;this.RDb=0>=b?7:b;this.PDb=this.b6a=0;this.Gxb=!1;if(a){wac_Bmb(this);var c=this;wac_Ng(function(){var a=c.b6a+c.PDb;!c.Gxb&&0<a&&(wac_b(39662593,324,50,"Recently Used Languages Hit Rate: {0}%",100*c.b6a/a),c.Gxb=!0)})}} source: OneNote.box4.dll1[1].js.3.dr
Source: Binary string: function wac_6Ka(a,b){return(a=a.getElementsByTagName(b))&&a[0]&&a[0].firstChild?a[0].firstChild.nodeValue:null}function wac_9v(a,b,c){this.Qvc=Function.createDelegate(this,this.nXc);this.crc=Function.createDelegate(this,this.oPc);this.yJa=a;this.zfc=b;this.Z8b=c;this.pDb=[]}function wac_7Ka(a){for(var b=[],c=1;c<arguments.length;++c)b[c-1]=arguments[c];wac_b.apply(null,[20730705,324,10,a].concat(b))} source: OneNote[1].js.3.dr
Source: Binary string: function wac_rpb(a,b){a.sa.jb("OnTopRowControlsCreatedEvent",b)}function wac_lpb(a){wac_lpb.initializeBase(this);this.oEc=a}wac_lpb.prototype={oEc:!1};function wac_fpb(a){return a&&!!wac_u()&&wac_bg().uBa()&&wac_t(wac_r.aa,"OptOutSupportForSimplifiedRibbonIsEnabled")&&!wac_u().Fb.Pdb()}function wac_jpb(){return!wac_pg&&!wac_r.ata&&wac_t(wac_r.aa,"BasicChatIsEnabled")}function wac_spb(){} source: WordEditor.box4.dll1[1].js.3.dr

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 123502 URL: https://1drv.ms/b/s!Aus2y-t8rEGoiRovEnj2eTWQ3fK- Startdate: 15/04/2019 Architecture: WINDOWS Score: 2 11 p.sfx.ms 2->11 6 iexplore.exe 3 87 2->6         started        process3 process4 8 iexplore.exe 9 501 6->8         started        dnsIp5 13 assets.uvcdn.com 104.16.72.107, 443, 49920, 49921 unknown United States 8->13 15 by2.uservoice.com 104.17.29.92, 443, 49935, 49936 unknown United States 8->15 17 68 other IPs or domains 8->17

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
https://1drv.ms/b/s!Aus2y-t8rEGoiRovEnj2eTWQ3fK-0%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://onedrive.V0%Avira URL Cloudsafe
http://NSwag.org)0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.