Loading ...

Play interactive tourEdit tour

Analysis Report https://onedrive.live.com/?authkey=%21AJus7Q9wGzeb2uE&cid=ADC4BEEEA03E3F00&id=ADC4BEEEA03E3F00%21111&parId=root&o=OneUp

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:132301
Start date:15.05.2019
Start time:23:27:59
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 50s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://onedrive.live.com/?authkey=%21AJus7Q9wGzeb2uE&cid=ADC4BEEEA03E3F00&id=ADC4BEEEA03E3F00%21111&parId=root&o=OneUp
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean0.win@3/265@26/3
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Browsing link: https://onedrive.live.com/
  • Browsing link: https://onedrive.live.com/?authkey=!ajus7q9wgzeb2ue&cid=adc4beeea03e3f00&id=adc4beeea03e3f00!111&parid=root&o=oneup#
  • Browsing link: https://go.microsoft.com/fwlink/p/?linkid=822563
  • Browsing link: https://onedrive.uservoice.com/
  • Browsing link: https://g.live.com/8seskydrive/tou
  • Browsing link: https://go.microsoft.com/fwlink/?linkid=521839
  • Browsing link: https://g.live.com/8seskydrive/dev
  • Browsing link: https://go.microsoft.com/fwlink/?linkid=85433
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1557955739&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ajus7q9wgzeb2ue%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ajus7q9wgzeb2ue%26id%3droot
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1557955739&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ajus7q9wgzeb2ue%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ajus7q9wgzeb2ue%26id%3droot%26qt%3dmru
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1557955739&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ajus7q9wgzeb2ue%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521ajus7q9wgzeb2ue%26v%3dphotos%26id%3droot%26qt%3dallmyphotos
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, conhost.exe, CompatTelRunner.exe
  • Excluded IPs from analysis (whitelisted): 104.102.4.56, 13.107.42.13, 23.10.249.48, 23.10.249.9, 2.21.52.183, 88.221.224.183, 40.90.136.179, 52.114.88.29, 104.83.83.48, 152.199.19.160, 13.107.42.12, 13.107.42.11, 68.232.34.200, 13.107.3.128, 23.54.112.134, 65.55.163.90, 65.55.163.76, 65.55.163.91, 23.54.113.50, 23.10.249.11, 23.10.249.10, 23.54.112.217, 23.10.249.27, 92.122.35.76, 95.100.186.52, 152.199.19.161, 40.77.226.250, 92.122.32.78, 23.36.227.130, 13.107.4.50, 93.184.221.240
  • Excluded domains from analysis (whitelisted): odc-dm-files-geo.onedrive.akadns.net, e2178.b.akamaiedge.net, azureloginprod.trafficmanager.net, skypeecs-prod-edge-b.trafficmanager.net, uhf.microsoft.com.edgekey.net, vs.login.msa.akadns6.net, e11290.dspg.akamaiedge.net, odc-dm2305-files-geo.onedrive.akadns.net, odc-dm-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, www.microsoft.com-c-3.edgekey.net, l-0003.l-msedge.net, odc-common-emea-meta.onedrive.akadns.net, login.live.com, audownload.windowsupdate.nsatc.net, e1875.dscc.akamaiedge.net, hlb.apr-52dd2-0.edgecastdns.net, pipe.prd.skypedata.akadns.net, e458.wpc.azureedge.net, r.res.outlook.com.edgekey.net, outlook-live-com.l-0002.l-msedge.net, odc-dm-files-brs.onedrive.akadns.net, uhf.microsoft.com, s-0001.s-msedge.net, r3res.outlook.com.edgekey.net.globalredir.akadns.net, c1h-wildcard.cdn.office.net.edgekey.net, c-s.cms.ms.akadns.net, e55.dspb.akamaiedge.net, support.office.com.edgekey.net, au.au-msedge.net, e1875.c.akamaiedge.net, c1-wildcard.cdn.office.net.edgekey.net, cdn.account.microsoft.com.akadns.net, odc-routekey-meta-brs.onedrive.akadns.net, a1531.g2.akamai.net, spoprod-a.akamaihd.net.edgesuite.net, e11095.dspg.akamaiedge.net, c.s-microsoft.com-c.edgekey.net, login.msa.akadns6.net, browser.pipe.aria.microsoft.com, cs9.wpc.v0cdn.net, odc-web-brs.onedrive.akadns.net, cs10.wpc.v0cdn.net, wildcard.res.office365.com.edgekey.net, a1449.dscg2.akamai.net, wu.azureedge.net, odc-routekey-meta-geo.onedrive.akadns.net, l-0002.l-msedge.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, l-0004.l-msedge.net, iecvlist.microsoft.com, edge-skype-com.s-0001.s-msedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, go.microsoft.com, static2.sharepointonline.com.edgekey.net, odc-dm2305-files-brs.onedrive.akadns.net, cs11.wpc.v0cdn.net, e7204.dscg.akamaiedge.net, odc-common-us-meta.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, wu.wpc.apr-52dd2.edgecastdns.net, e9244.g.akamaiedge.net, pipe.cloudapp.aria.akadns.net, wildcard.res.office365.com.edgekey.net.globalredir.akadns.net, odc-web-geo.onedrive.akadns.net, cs22.wpc.v0cdn.net, mem.gfx.ms.edgekey.net, wu.ec.azureedge.net, geo.vortex.data.microsoft.com.akadns.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, odc-common-emea-meta-brs.onedrive.akadns.net, web.vortex.data.microsoft.com, c.s-microsoft.com, p.sfx.ms.edgekey.net, pipe.skype.com, go.microsoft.com.edgekey.net, odc-common-emea-meta-geo.onedrive.akadns.net, web.vortex.data.microsoft.com.akadns.net, a849.dscg2.akamai.net, e13678.dscg.akamaiedge.net, au.c-0001.c-msedge.net, odc-dm2305-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, db5.vortex.data.microsoft.com.akadns.net, www.microsoft.com, e13678.dspb.akamaiedge.net, e1780.g.akamaiedge.net, prd.col.aria.browser.skypedata.akadns.net
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold00 - 100falseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsExploitation for Client Execution1Winlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingFile and Directory Discovery1Application Deployment SoftwareData from Local SystemData Encrypted1Standard Cryptographic Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol2
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol2

Signature Overview

Click to jump to signature section


Software Vulnerabilities:

barindex
Allocates a big amount of memory (probably used for heap spraying)Show sources
Source: iexplore.exeMemory has grown: Private usage: 2MB later: 280MB

Networking:

barindex
Found strings which match to known social media urlsShow sources
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" href="https://www.facebook.com/sharer.php?u=https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30" ms.interactiontype="1" ms.ea_offer="SOC" equals www.facebook.com (Facebook)
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: <a id="ocLinkedInButton" class="ocShareButton" target="_blank" href="https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2farticle%2fonedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30&amp;title=OneDrive+help" ms.interactiontype="1" ms.ea_offer="SOC" equals www.linkedin.com (Linkedin)
Source: home.resx-6eab7b22[1].js.2.drString found in binary or memory: just send a link via email, text, iMessage, or Facebook.",sidekick2ImageAlt:"Computer and office documents on a desk",sidekick2Title:"Do more with OneDrive and Office 365",sidekick2Description:"Create polished documents, unlock insights, present with clarity, and collaborate in real-time using Office 365. You'll always have the latest Office applications, 1 TB of OneDrive storage, and premium OneDrive features.",sidekick2LearnMore:"Learn more",powerfulFeaturesTitle:"Powerful features for working smarter and safer",footerTitle:"Get started with OneDrive"}});define("onedrive-website-home/controls/videoPlayer/VideoPlayer.resx",["require","exports"],function(e,o){o.strings={close:"Close video"}});define("onedrive-website-home/controls/mobileButton/MobileButton.resx",["require","exports"],function(e,o){o.strings={MobileButtonIosButtonAltText:"App Store button",MobileButtonAndroidButtonAltText:"Google Play Store button",MobileButtonWindowsButtonAltText:"Windows App store button",MobileButtonDesktopText:"Download"}}
Source: fullExperience.min[1].js.2.drString found in binary or memory: * * Neither the name Facebook nor the names of its contributors may be used to equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.2.drString found in binary or memory: * Copyright (c) 2013-2015, Facebook, Inc. equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.2.drString found in binary or memory: * Copyright (c) 2013-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.2.drString found in binary or memory: * Copyright (c) Facebook equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xb8613e34,0x01d50bb0</date><accdate>0xb8613e34,0x01d50bb0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xb8613e34,0x01d50bb0</date><accdate>0xb866e39c,0x01d50bb0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xb89def2a,0x01d50bb0</date><accdate>0xb89def2a,0x01d50bb0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xb89def2a,0x01d50bb0</date><accdate>0xb8a06929,0x01d50bb0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xb8aa32b4,0x01d50bb0</date><accdate>0xb8aa32b4,0x01d50bb0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xb8aa32b4,0x01d50bb0</date><accdate>0xb8aacf0a,0x01d50bb0</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: onedrive.live.com
Urls found in memory or binary dataShow sources
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://aefxx.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://dojofoundation.org/
Source: wac_s_office-b047675c[1].js.2.drString found in binary or memory: http://engelschall.com
Source: shelleoticons_4be22dac[1].eot.2.drString found in binary or memory: http://fontello.com
Source: shelleoticons_4be22dac[1].eot.2.drString found in binary or memory: http://fontello.comCopyright
Source: onedrive[1].htm.2.drString found in binary or memory: http://github.com/aFarkas/lazysizes
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://github.com/jrburke/almond
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://github.com/kriskowal/q/raw/master/LICENSE
Source: 18-d72213[1].js.2.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: onedrive[1].htm.2.drString found in binary or memory: http://github.com/requirejs/domReady
Source: onedrive[1].htm.2.drString found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: wac_s_office-b047675c[1].js.2.drString found in binary or memory: http://github.com/rse/thenable
Source: 3f-c7ce76[1].css.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: onedrive[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dCNN
Source: onedrive[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dKBu
Source: 8269159376[1].js.2.drString found in binary or memory: http://jquery.com/
Source: 8269159376[1].js.2.dr, fullExperience.min[1].js.2.drString found in binary or memory: http://jquery.org/license
Source: fullExperience.min[1].js.2.dr, knockout-bd642a42[1].js.2.drString found in binary or memory: http://knockoutjs.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://matanich.com)
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://nicj.net
Source: wac_s_office-b047675c[1].js.2.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: en-us[1].htm.2.drString found in binary or memory: http://schema.org/Brand
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: http://schema.org/Organization
Source: wac_s_test-aec201a8[1].js.2.drString found in binary or memory: http://signalr.net/
Source: 8269159376[1].js.2.dr, fullExperience.min[1].js.2.drString found in binary or memory: http://sizzlejs.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://spin.js.org/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://underscorejs.org/LICENSE
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: fullExperience.min[1].js.2.dr, knockout-bd642a42[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: datFE9C.tmp.2.drString found in binary or memory: http://www.ascenderfonts.com/info/webfont-eula.aspx
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://www.dynaforms.com
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/MIT.
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://www.radpdf.com
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://www.radpdf.com)/Creator(RAD
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://www.ringcentral.com/email/transp.gif)/K
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://www.ringcentral.com/legal/eulatos.html)
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://www.ringcentral.com/legal/eulatos.html)/F
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: introducing-files-on-demand[1].dat.2.drString found in binary or memory: http://www.videolan.org/x264.html
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: Voice_Message[1].pdf1.2.drString found in binary or memory: http://x.co/6no08)
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://a.lw.skype.com/Login/silent/MsaCallback?site_name=lw.skype.com&response_type=postmessage&cli
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://a3698060313.cdn.optimizely.com/client_storage/a3698060313.html
Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://account.live.com/username/recover?wreply=https://login.live.com/login.srf%3flc%3d1033%26mkt%
Source: wac_s_office-b047675c[1].js.2.drString found in binary or memory: https://adodson.com/hello.js/
Source: wac_s_office-b047675c[1].js.2.drString found in binary or memory: https://adodson.com/hello.js/LICENSE
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: en-us[1].htm.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.2.4.min.js
Source: home-304d129f[1].js.2.drString found in binary or memory: https://app.adjust.com/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.2.9.js
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://c3web.trafficmanager.net/topic/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://cdn.optimizely.com/js/8269159376.js
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://channel9.msdn.com/
Source: onedrive[1].htm.2.drString found in binary or memory: https://concernapi.trafficmanager.net
Source: onedrive[1].htm.2.drString found in binary or memory: https://concernapi.trafficmanager.net/Scripts/packages/preloadEmpty.js
Source: onedrive[1].htm.2.drString found in binary or memory: https://concernapi.trafficmanager.net/api/resource/2/loaderRTFetch
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://g.live.com/8se
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://g.live.com/8seskydrive/dev
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://g.live.com/8seskydrive/devystatement
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://g.live.com/8seskydrive/devystatementloginsdk_1557988153613&_accept=1.0&_nc=1557988153613&par
Source: ~DF49EBF586F5A4AEA7.TMP.1.dr, {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://g.live.com/8seskydrive/tou
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://g.live.com/8seskydrive/touicle/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30?ui=en-US&r
Source: wac_s_test-aec201a8[1].js.2.drString found in binary or memory: https://github.com/SignalR/SignalR/blob/master/LICENSE.md
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://github.com/ded/reqwest
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://github.com/nicjansma/usertiming.js
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, home-304d129f[1].js.2.dr, en-us[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://insider.office.com
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2fartic
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://lodash.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://lodash.com/license
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://login.live.com
Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://login.live.com/GetSessionState.srf?wa=wsignin1.0&rpsnv=13&ct=1557955739&rver=7.1.6819.0&wp=m
Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://login.live.com/Me.htm?v=1&uaid=82ecff3296bd4672a5b96b112f95d32e
Source: imagestore.dat.2.drString found in binary or memory: https://login.live.com/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://login.live.com/favicon.ico~
Source: imagestore.dat.2.drString found in binary or memory: https://login.live.com/favicon.ico~(
Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://login.live.com/gls.srf?urlID=MSNPrivacyStatement&mkt=EN-US&vv=1600&uaid=82ecff3296bd4672a5b9
Source: XBIJBS0P.htm.2.drString found in binary or memory: https://login.live.com/login.srf&#63;wa&#61;wsignin1.0&#38;rpsnv&#61;13&#38;checkda&#61;1&#38;ct&#61
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0
Source: ~DF49EBF586F5A4AEA7.TMP.1.dr, {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1557955739&rver=7.1.6819.0&wp=mbi_ssl_sha
Source: en-us[1].htm.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1557955765&rver=7.1.6819.0&wp=MBI_SSL_SHA
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.live.com/logout.srf?ct=1557955779
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&wreply=https%3A%2F%2Fsupport.office.com&uaid=82ecff32-96
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post&amp;response_type=
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post&response_type=id_t
Source: en-us[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OneDrive&market=en-us&uhf=1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=officesupport&market=en-us&uhf=1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://mix.office.com/oembed/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://mix.office.com/watch/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://office.com/start
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.Root
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/?authkey=
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/?id=root
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/?id=rootajus7q9wgzeb2ue&cid=adc4beeea03e3f00&id=adc4beeea03e3f00
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/af-za/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/am-et/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ar-145/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ar-ploc-sa/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ar-sa/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/as-in/
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/auth/
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/auth/us7Q9wGzeb2uE&cid=ADC4BEEEA03E3F00&id=ADC4BEEEA03E3F00
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/az-latn-az/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/be-by/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bg-bg/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bn-bd/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bn-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bs-latn-ba/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ca-es-valencia/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ca-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/chr-cher-us/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/cs-cz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/cy-gb/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/da-dk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-at/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-ch/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-de/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/el-gr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-001/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-145/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-US/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-au/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-ca/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-gb/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-hk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-id/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-ie/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-il/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-my/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-nz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-ph/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-pk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-sg/
Source: ~DF49EBF586F5A4AEA7.TMP.1.dr, onedrive[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros.com/en-us/article/onedrive-helphome-release-prod_ship-
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros/login.srf?wa=wsignin1.0&rpsnv=1
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$MicrosRoot
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/?authkey=
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/?id=rootRoot
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/about/en-us/Root
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/en-us/concern/onedriveRoot
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/uthkey=
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsoft
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsoice.com//article/onedrive-helphome-release-prod_ship-2
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsskydrive/devystatementRoot
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsskydrive/touRoot
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsst
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/e.com/about/en-us/
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/n
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-za/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-001/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-419/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-ar/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-cl/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-mx/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-us/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-ve/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/et-ee/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/eu-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fa-ir/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fi-fi/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fil-ph/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-145/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-be/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-ca/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-ch/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-fr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ga-ie/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/gd-gb/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/gl-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/gu-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ha-latn-ng/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/he-il/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hi-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hr-hr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hu-hu/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hy-am/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/id-id/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/is-is/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/it-it/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ja-jp/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ja-ploc-jp/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ka-ge/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/kk-kz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/km-kh/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/kn-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ko-kr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/kok-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ky-kg/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lb-lu/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lo/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lt-lt/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lv-lv/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mi-nz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mk-mk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ml-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mn-mn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mr-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ms-my/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mt-mt/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nb-no/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ne-np/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nl-be/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nl-nl/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nn-no/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/or-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pa-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pl-pl/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/prs-af/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pt-br/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pt-pt/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/quz-pe/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ro-ro/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ru-ru/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sd-arab-pk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/si-lk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sk-sk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sl-si/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sq-al/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sr-cyrl-ba/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sr-cyrl-rs/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sr-latn-rs/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sv-se/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sw-ke/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ta-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/te-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/th-th/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/tk-tm/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/tr-tr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/tt-ru/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ug-cn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/uk-ua/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ur-pk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/uz-latn-uz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/vi-vn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/zh-cn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/zh-hk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/zh-tw/
Source: login[1].htm.2.dr, login[1].htm0.2.drString found in binary or memory: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.live.com/uthkey=
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.userv
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.uservoice.com/
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://onedrive.uservoice.com//article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30?ui=en-US&
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net/en-us/media/4eb69814-817c-481d-91b7-4783615312ed
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://outlook.live.com/owa/
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://outlook.live.com/owa/?nlp=1
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://outlook.live.com/owa/SuiteServiceProxy.aspx?suiteServiceReturnUrl=https%3A%2F%2Fonedrive.liv
Source: en-us[1].htm.2.drString found in binary or memory: https://p.sfx.ms/OneDriveLogoTile.png
Source: imagestore.dat.2.dr, ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://p.sfx.ms/images/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://p.sfx.ms/images/favicon.ico~
Source: en-us[1].htm.2.drString found in binary or memory: https://portal.office.com/onedrive?msafed=0
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://privacy.micros
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/academic/compare-office-365-education-plans
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-firstline-workers
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-productivity-tools
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/office
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/small-business-solutions
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&amp;activetab=tab%3aprimary
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/excel
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/explore-office-for-home
Source: onedrive[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/home
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/microsoft-office-for-home-and-school-faq
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/microsoft-teams/group-chat-software
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/onedrive-for-business/online-cloud-storage
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/onenote/digital-note-taking-app
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/outlook/email-and-calendar-software-microsoft-outlook
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/powerpoint
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/products
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/sharepoint/collaboration
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/student/office-in-education
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/word
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r1.res.office365.com/owalanding/v2.14/images/
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r1.res.office365.com/owalanding/v2.14/landing.js
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3026.5.2692567/resources/styles/fonts/segoeui-light.eot?#ie
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3026.5.2692567/resources/styles/fonts/segoeui-regular.eot?#
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3026.5.2692567/resources/styles/fonts/segoeui-semibold.eot?
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3026.5.2692567/resources/styles/fonts/segoeui-semilight.eot
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: 8269159376[1].js.2.dr, floodgate-51713374[1].js.2.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: en-us[1].htm.2.drString found in binary or memory: https://signup.live.com/signup.aspx?id=250206&wreply=https%3a%2f%2fonedrive.live.com%2f%3fgologin%3d
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://skyapi.onedrive.live.com/xmlproxy.htm?domain=live.com
Source: EL22B655.htm.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-next-prod_2019-04-26_20190508.001/
Source: en-us[1].htm.2.dr, ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2019-04-26_20190514.002
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://statics-uhf-wus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://statics-uhf-wus.akamaized.net/statics/override.css?c=7
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://statics-uhf-wus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_we
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://store.office.com/en-us/appshome.aspx?
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://store.office.com/worldwide.aspx?rs=en-us&amp;cmapid=1
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://support.oRoot
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://support.office
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2016
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30
Source: ~DF49EBF586F5A4AEA7.TMP.1.drString found in binary or memory: https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30?ui=en-US
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/office-training-center?ms.officeurl=training
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://support.ouservoice.com/
Source: onedrive[1].htm.2.drString found in binary or memory: https://swiftkey.com/images/misc/stores/app/en.png
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://templates.office.com/
Source: onedrive[1].htm.2.drString found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: 8269159376[1].js.2.drString found in binary or memory: https://www.got-it.ai/partners/excelchat
Source: {E1538F34-77A3-11E9-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.microsoft.
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayEditProfilePage/tab.profile
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://www.office.com/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://www.office.com/login?ru=%2f%3fauth%3d1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.onenote.com/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.skype.com/en/
Source: onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/games/xbox-one?xr=shellnav
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-s?xr=shellnav
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-x
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean0.win@3/265@26/3
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF4E51A8C144BC9290.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2960 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2960 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 132301 URL: https://onedrive.live.com/?authkey=%21AJus7Q9wGzeb2uE&cid... Startdate: 15/05/2019 Architecture: WINDOWS Score: 0 5 iexplore.exe 10 87 2->5         started        process3 7 iexplore.exe 5 305 5->7         started        dnsIp4 10 azureloginprodeu.cloudapp.net 13.77.92.139, 443, 49828, 49829 unknown United States 7->10 12 cdn.optimizely.com 23.54.112.111, 443, 49863, 49864 unknown United States 7->12 14 32 other IPs or domains 7->14

Simulations

Behavior and APIs

No simulations

Antivirus and Machine Learning Detection

Initial Sample

SourceDetectionScannerLabelLink
https://onedrive.live.com/?authkey=%21AJus7Q9wGzeb2uE&cid=ADC4BEEEA03E3F00&id=ADC4BEEEA03E3F00%21111&parId=root&o=OneUp1%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.