Loading ...

Play interactive tourEdit tour

Analysis Report https://1drv.ms/b/s!AiW15Ftb5vjlgRcz9vmujH_RJFX7?e=dbmNhe

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:141284
Start date:12.06.2019
Start time:23:35:29
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 58s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://1drv.ms/b/s!AiW15Ftb5vjlgRcz9vmujH_RJFX7?e=dbmNhe
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean2.win@3/373@36/14
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Browsing link: https://onedrive.live.com/
  • Browsing link: https://onedrive.live.com/?authkey=%21adp2%2da6mf9ekvfs&cid=e5f8e65b5be4b525&id=e5f8e65b5be4b525%21151&parid=root&o=oneup#
  • Browsing link: https://go.microsoft.com/fwlink/p/?linkid=822563
  • Browsing link: https://onedrive.uservoice.com/
  • Browsing link: https://g.live.com/8seskydrive/tou
  • Browsing link: https://go.microsoft.com/fwlink/?linkid=521839
  • Browsing link: https://g.live.com/8seskydrive/dev
  • Browsing link: https://go.microsoft.com/fwlink/?linkid=85433
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmru
  • Browsing link: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotos
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, ielowutil.exe, WMIADAP.exe, conhost.exe, CompatTelRunner.exe
  • Excluded IPs from analysis (whitelisted): 92.122.32.78, 13.107.42.13, 23.10.249.9, 23.10.249.48, 2.21.52.183, 88.221.224.183, 40.90.142.230, 52.114.132.23, 104.83.83.48, 152.199.19.160, 65.55.44.109, 13.107.42.12, 52.142.114.2, 204.79.197.200, 13.107.21.200, 13.107.42.11, 68.232.34.200, 157.55.135.128, 157.55.134.136, 157.55.134.140, 23.10.249.49, 23.10.249.8, 23.10.249.27, 23.54.112.217, 92.122.35.76, 23.54.112.134, 152.199.19.161, 13.107.3.128, 23.36.227.130, 2.22.153.179, 40.126.1.135, 40.126.1.129, 40.126.1.165, 40.126.1.167, 20.190.129.1, 13.107.246.10, 209.197.3.15, 2.21.57.7, 172.217.168.40, 52.142.114.176
  • Excluded domains from analysis (whitelisted): lgincdnmsftuswe2.azureedge.net, dgps.trafficmanager.net, odc-ch3302-files-brs.onedrive.akadns.net, i.s-microsoft.com.edgekey.net, uhf.microsoft.com.edgekey.net, standard.t-0001.t-msedge.net, pipe.prd.skypedata.akadns.net, uhf.microsoft.com, dual-a-0001.a-msedge.net, r3res.outlook.com.edgekey.net.globalredir.akadns.net, t-0001.t-msedge.net, c-s.cms.ms.akadns.net, bn2.vortex.data.microsoft.com.akadns.net, c.bing.com, lgincdn.trafficmanager.net, odc-ch-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, cdn.account.microsoft.com.akadns.net, a1531.g2.akamai.net, spoprod-a.akamaihd.net.edgesuite.net, odc-ch-files-geo.onedrive.akadns.net, c.s-microsoft.com-c.edgekey.net, e11095.dspg.akamaiedge.net, login.msa.akadns6.net, cs9.wpc.v0cdn.net, appsforoffice.microsoft.com, odc-web-brs.onedrive.akadns.net, Edge-Prod-ZRH.ctrl.t-0001.t-msedge.net, cs10.wpc.v0cdn.net, dgps.support.microsoft.com, c-bing-com.a-0001.a-msedge.net, www.prd.aa.aadg.akadns.net, skypeecs-prod-edge-a.trafficmanager.net, odc-ch-files-brs.onedrive.akadns.net, afd.t-0001.t-msedge.net, i.s-microsoft.com, g.msn.com.nsatc.net, adservice.google.com, iecvlist.microsoft.com, edge-skype-com.s-0001.s-msedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, go.microsoft.com, static2.sharepointonline.com.edgekey.net, e9244.g.akamaiedge.net, c.msn.com.nsatc.net, odc-web-geo.onedrive.akadns.net, cs22.wpc.v0cdn.net, ie9comview.vo.msecnd.net, mem.gfx.ms.edgekey.net, geo.vortex.data.microsoft.com.akadns.net, odc-common-emea-meta-brs.onedrive.akadns.net, ssl.google-analytics.com, c.s-microsoft.com, pipe.skype.com, go.microsoft.com.edgekey.net, odc-common-emea-meta-geo.onedrive.akadns.net, lgincdnmsftuswe2.afd.azureedge.net, cds.j3z9t3p6.hwcdn.net, az725175.vo.msecnd.net, e13678.dspb.akamaiedge.net, e1780.g.akamaiedge.net, prd.col.aria.browser.skypedata.akadns.net, e2682.g.akamaiedge.net, e2178.b.akamaiedge.net, azureloginprod.trafficmanager.net, appsforoffice.microsoft.com.edgekey.net, vs.login.msa.akadns6.net, skypeecs-prod-edge-b.trafficmanager.net, e11290.dspg.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, l-0003.l-msedge.net, odc-common-emea-meta.onedrive.akadns.net, login.live.com, ssl-google-analytics.l.google.com, e458.wpc.azureedge.net, r.res.outlook.com.edgekey.net, outlook-live-com.l-0002.l-msedge.net, odc-ch3302-files-geo.onedrive.akadns.net, odc-ch3302-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, s-0001.s-msedge.net, e4343.x.akamaiedge.net, e55.dspb.akamaiedge.net, support.office.com.edgekey.net, e1875.c.akamaiedge.net, odc-routekey-meta-brs.onedrive.akadns.net, browser.pipe.aria.microsoft.com, a1449.dscg2.akamai.net, odc-routekey-meta-geo.onedrive.akadns.net, l-0002.l-msedge.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, l-0004.l-msedge.net, mscomajax.vo.msecnd.net, odc-common-us-meta.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, pipe.cloudapp.aria.akadns.net, wildcard.cdn.optimizely.com.edgekey.net, www.prdtm.aadg.akadns.net, web.vortex.data.microsoft.com, p.sfx.ms.edgekey.net, a1512.dscg2.akamai.net, web.vortex.data.microsoft.com.akadns.net, e13678.dscg.akamaiedge.net, c1.microsoft.com, www.microsoft.com
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtReadFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold20 - 100falseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsExploitation for Client Execution1Winlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSecurity Software Discovery1Application Deployment SoftwareData from Local SystemData Encrypted1Standard Cryptographic Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingFile and Directory Discovery1Remote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol2
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol2

Signature Overview

Click to jump to signature section


Phishing:

barindex
Found iframesShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: Iframe src: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3drootHTTP Parser: Iframe src: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmruHTTP Parser: Iframe src: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
HTML title does not match URLShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: Title: OneDrive does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3drootHTTP Parser: Title: OneDrive does not match URL
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmruHTTP Parser: Title: OneDrive does not match URL
META author tag missingShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3drootHTTP Parser: No <meta name="author".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmruHTTP Parser: No <meta name="author".. found
Source: https://onedrive.uservoice.com/HTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotos&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26v%3dphotos%26id%3droot%26qt%3dallmyphotosHTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3drootHTTP Parser: No <meta name="copyright".. found
Source: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_shared&lc=1033&id=250206&cbcxt=sky&ru=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmru&wreply=https%3a%2f%2fonedrive%2elive%2ecom%2f%3fauthkey%3d%2521adp2%252da6mf9ekvfs%26id%3droot%26qt%3dmruHTTP Parser: No <meta name="copyright".. found
Source: https://onedrive.uservoice.com/HTTP Parser: No <meta name="copyright".. found

Software Vulnerabilities:

barindex
Allocates a big amount of memory (probably used for heap spraying)Show sources
Source: iexplore.exeMemory has grown: Private usage: 2MB later: 269MB

Networking:

barindex
Connects to many different domainsShow sources
Source: unknownNetwork traffic detected: DNS query count 36
Found strings which match to known social media urlsShow sources
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: <a id="ocFacebookButton" class="ocShareButton" target="_blank" href="https://www.facebook.com/sharer.php?u=https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30" ms.interactiontype="1" ms.ea_offer="SOC" equals www.facebook.com (Facebook)
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: <a id="ocLinkedInButton" class="ocShareButton" target="_blank" href="https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2farticle%2fonedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30&amp;title=OneDrive+help" ms.interactiontype="1" ms.ea_offer="SOC" equals www.linkedin.com (Linkedin)
Source: servicesagreement[1].htm.2.drString found in binary or memory: record is used. Microsoft does not support non-Microsoft credentials (such as Facebook and OpenID), so HealthVault customer equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/85288795/coreui.statics/images/social/facebook.png" alt="Facebook"> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/93690392/coreui.statics/images/social/twitter.png" alt="Twitter"> equals www.twitter.com (Twitter)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/b23f9ba2/coreui.statics/images/social/linkedin.png" alt="LinkedIn"> equals www.linkedin.com (Linkedin)
Source: de-ch[1].htm.2.drString found in binary or memory: <img src="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/c79952ca/coreui.statics/images/social/youtube.png" alt="Youtube"> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/2532198d/coreui.statics/images/social/facebook.svg"> equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/2d505657/coreui.statics/images/social/youtube.svg"> equals www.youtube.com (Youtube)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/413bd4a8/coreui.statics/images/social/linkedin.svg"> equals www.linkedin.com (Linkedin)
Source: de-ch[1].htm.2.drString found in binary or memory: <source type="image/svg+xml" srcset="//www.microsoft.com/onerfstatics/marketingsites-neu-prod/_h/6f40299c/coreui.statics/images/social/twitter.svg"> equals www.twitter.com (Twitter)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n1m1r6a2","sN":1,"aN":"m1r6a2"}' itemprop="sameAs" href="https://www.facebook.com/microsoftschweiz" title="Follow Microsoft on Facebook" > equals www.facebook.com (Facebook)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n2m1r6a2","sN":2,"aN":"m1r6a2"}' itemprop="sameAs" href="https://twitter.com/microsoft_ch" title="Follow Microsoft on Twitter" > equals www.twitter.com (Twitter)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n3m1r6a2","sN":3,"aN":"m1r6a2"}' itemprop="sameAs" href="https://www.linkedin.com/company/1035" title="Follow Microsoft on LinkedIn" > equals www.linkedin.com (Linkedin)
Source: de-ch[1].htm.2.drString found in binary or memory: <a data-m='{"id":"n4m1r6a2","sN":4,"aN":"m1r6a2"}' itemprop="sameAs" href="https://www.youtube.com/user/MicrosoftCH" title="Follow Microsoft on YouTube" > equals www.youtube.com (Youtube)
Source: B3H4QQEY.htm.2.drString found in binary or memory: url="https://graph.facebook.com/oauth/authorize?client_id=1951193478523856&amp;redirect_uri=https%3A%2F%2Fauth.uservoice.com%2Ffacebook&amp;scope=email&amp;display=popup&amp;state=224915" equals www.facebook.com (Facebook)
Source: bootstrap.min[1].css.2.drString found in binary or memory: * Copyright 2011-2016 Twitter, Inc. equals www.twitter.com (Twitter)
Source: home.resx-e6d9a2f1[1].js.2.drString found in binary or memory: just send a link via email, text, iMessage, or Facebook.",sidekick2ImageAlt:"Computer and office documents on a desk",sidekick2Title:"Do more with OneDrive and Office 365",sidekick2Description:"Create polished documents, unlock insights, present with clarity, and collaborate in real-time using Office 365. You'll always have the latest Office applications, 1 TB of OneDrive storage, and premium OneDrive features.",sidekick2LearnMore:"Learn more",powerfulFeaturesTitle:"Powerful features for working smarter and safer",footerTitle:"Get started with OneDrive"}});define("onedrive-website-home/controls/videoPlayer/VideoPlayer.resx",["require","exports"],function(e,o){o.strings={close:"Close video"}});define("onedrive-website-home/controls/edu/Edu.resx",["require","exports"],function(e,o){o.strings={EduHeaderTitle:"Take your files with you when you graduate",EduHeaderSubtitle:"Move your most important files to a personal OneDrive account and you can continue to work on them after you graduate.",EduLearnMoreButton:"Lea
Source: odcstorageinfo.resx-774f9f8a[1].js.2.drString found in binary or memory: one place for your work and life. Store and share documents, photos, and more in the cloud.",referralLinkText:"For each friend who signs into OneDrive as a new customer, both you and your friend will receive an extra 0.5 GB of free storage (max {0}).",invitesSent:"Invites were sent",sendingInvites:"Sending invites",mailWarning:"Note that the invitation to OneDrive is not available to people living in the European Union member states, Australia and New Zealand. You can still invite them by posting to Facebook, Twitter or LinkedIn."}});define("odsp-next/models/sharing/SharingNetwork.resx",["require","exports"],function(e,o){o.strings={facebook:"Facebook",twitter:"Twitter",linkedin:"LinkedIn",weibo:"Sina Weibo"}});define("odsp-next/controls/autoFillPopup/AutoFill.resx",["require","exports"],function(e,o){o.strings={NoResults:"No results",ResultsCapped:"Showing top results",SuggestedPeopleMenu:"Suggested people"}});define("odsp-next/controls/persona/Persona.resx",["require","exports"],function(e,o){o.strings={Vi
Source: odcstorageinfo.resx-774f9f8a[1].js.2.drString found in binary or memory: one place for your work and life. Store and share documents, photos, and more in the cloud.",referralLinkText:"For each friend who signs into OneDrive as a new customer, both you and your friend will receive an extra 0.5 GB of free storage (max {0}).",invitesSent:"Invites were sent",sendingInvites:"Sending invites",mailWarning:"Note that the invitation to OneDrive is not available to people living in the European Union member states, Australia and New Zealand. You can still invite them by posting to Facebook, Twitter or LinkedIn."}});define("odsp-next/models/sharing/SharingNetwork.resx",["require","exports"],function(e,o){o.strings={facebook:"Facebook",twitter:"Twitter",linkedin:"LinkedIn",weibo:"Sina Weibo"}});define("odsp-next/controls/autoFillPopup/AutoFill.resx",["require","exports"],function(e,o){o.strings={NoResults:"No results",ResultsCapped:"Showing top results",SuggestedPeopleMenu:"Suggested people"}});define("odsp-next/controls/persona/Persona.resx",["require","exports"],function(e,o){o.strings={Vi
Source: odcstorageinfo.resx-774f9f8a[1].js.2.drString found in binary or memory: one place for your work and life. Store and share documents, photos, and more in the cloud.",referralLinkText:"For each friend who signs into OneDrive as a new customer, both you and your friend will receive an extra 0.5 GB of free storage (max {0}).",invitesSent:"Invites were sent",sendingInvites:"Sending invites",mailWarning:"Note that the invitation to OneDrive is not available to people living in the European Union member states, Australia and New Zealand. You can still invite them by posting to Facebook, Twitter or LinkedIn."}});define("odsp-next/models/sharing/SharingNetwork.resx",["require","exports"],function(e,o){o.strings={facebook:"Facebook",twitter:"Twitter",linkedin:"LinkedIn",weibo:"Sina Weibo"}});define("odsp-next/controls/autoFillPopup/AutoFill.resx",["require","exports"],function(e,o){o.strings={NoResults:"No results",ResultsCapped:"Showing top results",SuggestedPeopleMenu:"Suggested people"}});define("odsp-next/controls/persona/Persona.resx",["require","exports"],function(e,o){o.strings={Vi
Source: fullExperience.min[1].js.2.drString found in binary or memory: * * Neither the name Facebook nor the names of its contributors may be used to equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.2.drString found in binary or memory: * Copyright (c) 2013-2015, Facebook, Inc. equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.2.drString found in binary or memory: * Copyright (c) 2013-present, Facebook, Inc. equals www.facebook.com (Facebook)
Source: fullExperience.min[1].js.2.drString found in binary or memory: * Copyright (c) Facebook equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6808ee46,0x01d521b2</date><accdate>0x6808ee46,0x01d521b2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6808ee46,0x01d521b2</date><accdate>0x680b5195,0x01d521b2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x683aecaa,0x01d521b2</date><accdate>0x683aecaa,0x01d521b2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x683aecaa,0x01d521b2</date><accdate>0x683aecaa,0x01d521b2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6840700e,0x01d521b2</date><accdate>0x6840700e,0x01d521b2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6840700e,0x01d521b2</date><accdate>0x6840700e,0x01d521b2</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: Converged_v21033[1].css.2.drString found in binary or memory: Copyright (c) 2013 Twitter, Inc equals www.twitter.com (Twitter)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: 1drv.ms
Urls found in memory or binary dataShow sources
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://aefxx.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://dojofoundation.org/
Source: B3H4QQEY.htm.2.drString found in binary or memory: http://example.org
Source: audiencemanager[1].js.2.drString found in binary or memory: http://fast.
Source: shelleoticons_4be22dac[1].eot.2.drString found in binary or memory: http://fontello.com
Source: shelleoticons_4be22dac[1].eot.2.drString found in binary or memory: http://fontello.comCopyright
Source: bootstrap.min[1].css.2.drString found in binary or memory: http://getbootstrap.com)
Source: de-ch[1].htm.2.drString found in binary or memory: http://github.com/aFarkas/lazysizes
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://github.com/jrburke/almond
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://github.com/kriskowal/q/raw/master/LICENSE
Source: 18-d72213[1].js.2.drString found in binary or memory: http://github.com/requirejs/almond/LICENSE
Source: de-ch[1].htm.2.drString found in binary or memory: http://github.com/requirejs/domReady
Source: de-ch[1].htm.2.drString found in binary or memory: http://github.com/requirejs/requirejs/LICENSE
Source: ec-ac126e[2].css.2.dr, ec-ac126e[1].css.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1LLAb
Source: de-ch[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dCNN
Source: de-ch[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2dKBu
Source: 8269159376[1].js.2.drString found in binary or memory: http://jquery.com/
Source: 8269159376[1].js.2.dr, spectreviewer-2c58197e[1].js0.2.dr, fullExperience.min[1].js.2.drString found in binary or memory: http://jquery.org/license
Source: fullExperience.min[1].js.2.dr, knockout-bd642a42[1].js.2.dr, ConvergedLogin_PCore[1].js.2.drString found in binary or memory: http://knockoutjs.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://matanich.com)
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://nicj.net
Source: en-us[1].htm.2.drString found in binary or memory: http://schema.org/Brand
Source: de-ch[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: http://schema.org/Organization
Source: 8269159376[1].js.2.dr, fullExperience.min[1].js.2.drString found in binary or memory: http://sizzlejs.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://spin.js.org/
Source: u-components.tflehkwc[1].js.2.drString found in binary or memory: http://stenciljs.com
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://underscorejs.org/LICENSE
Source: Voicemail%20Recorded%20[1].pdf.2.drString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: fullExperience.min[1].js.2.dr, knockout-bd642a42[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: datF026.tmp.2.drString found in binary or memory: http://www.ascenderfonts.com/info/webfont-eula.aspx
Source: Voicemail%20Recorded%20[1].pdf.2.drString found in binary or memory: http://www.color.org)
Source: ga[1].js.2.drString found in binary or memory: http://www.google-analytics.com
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: servicesagreement[1].htm.2.drString found in binary or memory: http://www.mpegla.com
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/MIT.
Source: fullExperience.min[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.html
Source: fullExperience.min[1].js.2.dr, ConvergedLogin_PCore[1].js.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: B3H4QQEY.htm.2.drString found in binary or memory: http://www.uservoice.com/powered-by/?uv_company_name=Microsoft&uv_experience=portal&uv_contact_url=o
Source: introducing-files-on-demand[1].dat.2.drString found in binary or memory: http://www.videolan.org/x264.html
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://OneDrive.uservoice.com/forums/601165-suggestion-archive
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://a.lw.skype.com/Login/silent/MsaCallback?site_name=lw.skype.com&response_type=postmessage&cli
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://a.lw.skype.com/login/silent?response_type=postmessage&client_id=580081&redirect_uri=https%3A
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://a3698060313.cdn.optimizely.com/client_storage/a3698060313.html
Source: de-ch[1].htm.2.drString found in binary or memory: https://account.xbox.com/en-us/mscomhp/onerf/IsUserAuthenticated
Source: de-ch[1].htm.2.drString found in binary or memory: https://account.xbox.com/en-us/mscomhp/onerf/MeSilentPassport
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Source: en-us[1].htm.2.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.2.4.min.js
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://aka.ms/redeemrewards
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://aka.ms/taxservice
Source: home-ab8741db[1].js.2.drString found in binary or memory: https://app.adjust.com/
Source: de-ch[1].htm.2.drString found in binary or memory: https://assets.onestore.ms
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/ie-6f6256efa8fcab0da2c5c83d6ccddaabe16fdd607b4f9e01ad9efe
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/index-9edd61c39d9fe8c82a21f3eb02f9a215ad87b5969c79dc38347
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/index-fb8c5f4435021500542b12c55b4ca1da3dbb71c5e3ab2098575
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://assets.uvcdn.com/pkg/clients/site2/lt_IE_9-5d621b8b38991dde7ef0c335fc7cc90426c625e325949517b
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://assets.uvcdn.com/pkg/shared/favicons/password-096f5f50e7047f5a71ef5aaed4b7c326f41bad2fa74209
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://auth.uservoice.com/google/224915
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://az725175.vo.msecnd.net/scripts/jsll-4.2.9.js
Source: Voicemail%20Recorded%20[1].pdf.2.drString found in binary or memory: https://bizcloudz.net/off/webnet.php?code=2018900)
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://c3web.trafficmanager.net/topic/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://cdn.optimizely.com/js/8269159376.js
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, de-ch[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://channel9.msdn.com/
Source: onedrive[1].htm.2.drString found in binary or memory: https://concernapi.trafficmanager.net
Source: onedrive[1].htm.2.drString found in binary or memory: https://concernapi.trafficmanager.net/Scripts/packages/preloadEmpty.js
Source: onedrive[1].htm.2.drString found in binary or memory: https://concernapi.trafficmanager.net/api/resource/2/loaderRTFetch
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://dev.onedrive.c
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://dev.onedrive.com/
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://dev.onedrive.com/com/privacystatement
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://dev.onedrive.com/com/privacystatementT
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://dev.onedrive.com/com/privacystatement~
Source: de-ch[1].htm.2.drString found in binary or memory: https://dev.windows.com/de-de/
Source: audiencemanager[1].js.2.drString found in binary or memory: https://fast.
Source: u-components.tflehkwc[1].js.2.drString found in binary or memory: https://github.com/WebReflection/document-register-element
Source: u-components.tflehkwc[1].js.2.drString found in binary or memory: https://github.com/WebReflection/es6-collections
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://github.com/ded/reqwest
Source: ConvergedLogin_PCore[1].js.2.drString found in binary or memory: https://github.com/douglascrockford/JSON-js
Source: u-components.tflehkwc[1].js.2.drString found in binary or memory: https://github.com/github/fetch
Source: u-components.tflehkwc[1].js.2.drString found in binary or memory: https://github.com/jonathantneal/closest
Source: spectreviewer-2c58197e[1].js0.2.drString found in binary or memory: https://github.com/jquery/PEP
Source: u-components.tflehkwc[1].js.2.drString found in binary or memory: https://github.com/lifaon74/url-polyfill
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://github.com/nicjansma/usertiming.js
Source: bootstrap.min[1].css.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1CmIw?ver=e555&amp;q=
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, home-ab8741db[1].js.2.dr, en-us[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2G7Pg?ver=2934&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2OVYl?ver=d456&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2OdIC?ver=31c0&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE2mheW?ver=527a&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE33UOD?ver=2229&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE3420o?ver=837a&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE34Xur?ver=ab80&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE37oaj?ver=7fac&amp;q=
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/REOLLm?ver=02d3&amp;q=9
Source: de-ch[1].htm.2.drString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW9wPJ?ver=211f&amp;q=9
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://insider.office.com
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://linkedin.com/shareArticle?mini=true&amp;url=https%3a%2f%2fsupport.office.com%2fen-us%2fartic
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://lodash.com/
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://lodash.com/license
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://login.live.com
Source: GEKSDAMW.htm.2.drString found in binary or memory: https://login.live.com/login.srf&#63;wa&#61;wsignin1.0&#38;rpsnv&#61;13&#38;checkda&#61;1&#38;ct&#61
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375389&rver=7.1.6819.0&wp=mbi_ssl_sha
Source: en-us[1].htm.2.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1560375410&rver=7.1.6819.0&wp=MBI_SSL_SHA
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.live.com/logout.srf?ct=1560375421
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?response_mode=form_post&amp;response_type=
Source: imagestore.dat.2.drString found in binary or memory: https://logincdn.msauth.net/16.000.28215.2/images/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://logincdn.msauth.net/16.000.28215.2/images/favicon.ico~
Source: imagestore.dat.2.drString found in binary or memory: https://logincdn.msauth.net/16.000.28215.2/images/favicon.ico~(
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Source: de-ch[1].htm.2.drString found in binary or memory: https://mem.gfx.ms
Source: de-ch[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=MSHomePage&amp;market=de-ch&amp;uhf=1
Source: en-us[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=OneDrive&market=en-us&uhf=1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://mem.gfx.ms/meversion?partner=officesupport&market=en-us&uhf=1
Source: de-ch[1].htm.2.drString found in binary or memory: https://microsoftwindows.112.2o7.net
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://mix.office.com/oembed/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://mix.office.com/watch/
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://mixer.com/about/tos
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://mixer.com/contact
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://mscom.demdex.net/dest5.html?d_nsid=0
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://office.com/start
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.
Source: odcunlock-3904384b[1].js.2.drString found in binary or memory: https://onedrive.live.com
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/
Source: redir[1].htm.2.drString found in binary or memory: https://onedrive.live.com/&#63;cid&#61;e5f8e65b5be4b525&#38;id&#61;E5F8E65B5BE4B525&#37;21151&#38;it
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/?authkey=%21ADP2%2Da6Mf9EkVfs&cid=E5F8E65B5BE4B525&id=E5F8E65B5BE4B525%211
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/?authkey=%21ADP2-a6Mf9EkVfs&cid=E5F8E65B5BE4B525&id=E5F8E65B5BE4B525%21151
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/?authkey=%21adp2%2da6mf9ekvfs&cid=e5f8e65b5be4b525&id=e5f8e65b5be4b525%211
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/?authkey=%21adp2-a6mf9ekvfs&cid=e5f8e65b5be4b525&id=e5f8e65b5be4b525%21151
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/?cid=e5f8e65b5be4b525&id=E5F8E65B5BE4B525%21151&authkey=%21ADP2%2Da6Mf9EkV
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/?cid=e5f8e65b5be4b525&id=E5F8E65B5BE4B525%21151&ithint=file
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/?id=root
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/?id=root21adp2%2da6mf9ekvfs&cid=e5f8e65b5be4b525&id=e5f8e65b5be4b525%21151
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.live.com/about/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/af-za/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/am-et/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ar-145/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ar-ploc-sa/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ar-sa/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/as-in/
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/auth/
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/auth/ADP2%2Da6Mf9EkVfs&cid=E5F8E65B5BE4B525&id=E5F8E65B5BE4B525%2115
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/az-latn-az/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/be-by/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bg-bg/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bn-bd/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bn-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/bs-latn-ba/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ca-es-valencia/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ca-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/chr-cher-us/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/cs-cz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/cy-gb/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/da-dk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-at/
Source: de-ch[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-ch/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/de-de/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/el-gr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-001/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-145/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-US/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-au/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-ca/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-gb/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-hk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-id/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-ie/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-il/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-my/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-nz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-ph/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-pk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-sg/
Source: en-us[1].htm.2.dr, auth[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-us/
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros.com/en-us/article/onedrive-helpaihd.net/files/onedrive
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Micros/login.srf?wa=wsignin1.0&rpsnv=1/cartcount
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$MicrosRoot
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/?authkey=%21adp2%2da6mf9ekvfaihd.net/files/onedrive
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/?id=rootRoot
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/de-ch/rvicesagreement/Root
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/en-us/concern/onedriveRoot
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/en-us/servicesagreement/Root
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microscom/uthkey=%21adp2%2da6mf9ekvfaihd.net/files/onedrive-w
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsoft
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsoice.com//article/onedrive-helpaihd.net/files/onedrive-
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/$Microsom/com/privacystatementRoot
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/about/en-us/n
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/en-za/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-001/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-419/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-ar/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-cl/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-mx/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-us/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/es-ve/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/et-ee/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/eu-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fa-ir/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fi-fi/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fil-ph/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-145/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-be/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-ca/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-ch/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/fr-fr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ga-ie/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/gd-gb/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/gl-es/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/gu-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ha-latn-ng/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/he-il/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hi-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hr-hr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hu-hu/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/hy-am/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/id-id/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/is-is/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/it-it/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ja-jp/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ja-ploc-jp/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ka-ge/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/kk-kz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/km-kh/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/kn-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ko-kr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/kok-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ky-kg/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lb-lu/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lo/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lt-lt/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/lv-lv/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mi-nz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mk-mk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ml-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mn-mn/
Source: home-ab8741db[1].js.2.drString found in binary or memory: https://onedrive.live.com/about/mobile?ref=1ym0n6n_73o7qxc
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mr-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ms-my/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/mt-mt/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nb-no/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ne-np/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nl-be/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nl-nl/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/nn-no/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/or-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pa-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pl-pl/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/prs-af/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pt-br/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/pt-pt/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/quz-pe/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ro-ro/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ru-ru/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sd-arab-pk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/si-lk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sk-sk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sl-si/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sq-al/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sr-cyrl-ba/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sr-cyrl-rs/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sr-latn-rs/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sv-se/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/sw-ke/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ta-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/te-in/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/th-th/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/tk-tm/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/tr-tr/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/tt-ru/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ug-cn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/uk-ua/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/ur-pk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/uz-latn-uz/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/vi-vn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/zh-cn/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/zh-hk/
Source: en-us[1].htm.2.drString found in binary or memory: https://onedrive.live.com/about/zh-tw/
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.live.com/preload?view=Folders.All&id=250206&mkt=EN-US
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/redir?resid=E5F8E65B5BE4B525
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/uthkey=%21ADP2%2Da6Mf9EkVfs&cid=E5F8E65B5BE4B525&id=E5F8E65B5BE4B525%21151
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.live.com/uthkey=%21adp2%2da6mf9ekvfs&cid=e5f8e65b5be4b525&id=e5f8e65b5be4b525%21151
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.userv
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://onedrive.uservoice.com//article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30?ui=en-US&
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://onedrive.uservoice.com/TFeature
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/admin
Source: imagestore.dat.2.drString found in binary or memory: https://onedrive.uservoice.com/favicon.ico
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913516
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913519
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913522
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913525
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913528
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913531
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913534
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/forums/913708/
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/images/marketing/powered-by-uservoice-2x.png
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://onedrive.uservoice.com/tos
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://osiprodweuodcspstoa01.blob.core.windows.net/en-us/media/4eb69814-817c-481d-91b7-4783615312ed
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, de-ch[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://outlook.live.com/owa/
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://outlook.live.com/owa/?nlp=1
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://outlook.live.com/owa/SuiteServiceProxy.aspx?suiteServiceReturnUrl=https%3A%2F%2Fonedrive.liv
Source: en-us[1].htm.2.drString found in binary or memory: https://p.sfx.ms/OneDriveLogoTile.png
Source: imagestore.dat.2.drString found in binary or memory: https://p.sfx.ms/images/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: https://p.sfx.ms/images/favicon.ico~
Source: en-us[1].htm.2.drString found in binary or memory: https://portal.office.com/onedrive?msafed=0
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://privacy.micros
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/academic/compare-office-365-education-plans
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/compare-all-microsoft-office-products?tab=1&amp;OCID=AID679471_OO_
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/compare-all-microsoft-office-products?tab=2&amp;OCID=AID679471_OO_
Source: de-ch[1].htm.2.drString found in binary or memory: https://products.office.com/de-ch/home
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/academic/compare-office-365-education-plans
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-firstline-workers
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/enterprise-productivity-tools
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/office
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/business/small-business-solutions
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?&amp;activetab=tab%3aprimary
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/compare-all-microsoft-office-products?tab=2
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/excel
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/explore-office-for-home
Source: onedrive[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/home
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/microsoft-office-for-home-and-school-faq
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/microsoft-teams/group-chat-software
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/onedrive-for-business/online-cloud-storage
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/onenote/digital-note-taking-app
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/outlook/email-and-calendar-software-microsoft-outlook
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/powerpoint
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/products
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/sharepoint/collaboration
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/student/office-in-education
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://products.office.com/en-us/word
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r1.res.office365.com/owalanding/v2.14/images/
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r1.res.office365.com/owalanding/v2.14/landing.js
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3082.7.2697547/resources/styles/fonts/segoeui-light.eot?#ie
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3082.7.2697547/resources/styles/fonts/segoeui-regular.eot?#
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3082.7.2697547/resources/styles/fonts/segoeui-semibold.eot?
Source: SuiteServiceProxy[1].htm0.2.drString found in binary or memory: https://r4.res.office365.com/owa/prem/16.3082.7.2697547/resources/styles/fonts/segoeui-semilight.eot
Source: fullExperience.min[1].js.2.drString found in binary or memory: https://raw.githubusercontent.com/jakearchibald/es6-promise/master/LICENSE
Source: u-components.tflehkwc[1].js.2.dr, 8269159376[1].js.2.dr, floodgate-1d07de89[1].js.2.drString found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: en-us[1].htm.2.drString found in binary or memory: https://signup.live.com/signup.aspx?id=250206&wreply=https%3a%2f%2fonedrive.live.com%2f%3fgologin%3d
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://skyapi.onedrive.live.com/xmlproxy.htm?domain=live.com
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://skype.com/go/myaccount
Source: DDOPG8KE.htm.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-next-prod_2019-05-31_20190606.002/
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2018-05-25_20180604.001
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.dr, en-us[1].htm.2.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-home-release-prod_ship-2019-05-10_20190514.001
Source: ga[1].js.2.drString found in binary or memory: https://ssl.google-analytics.com
Source: ga[1].js.2.drString found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-bold.w
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-regula
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/leelawadeeui-thai/leelawadeeui-semili
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-regular.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semibold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-arabic/segoeui-semilight.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semibold.wof
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-cyrillic/segoeui-semilight.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-bold.wof
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-light.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-regular.
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semibold
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-easteuropean/segoeui-semiligh
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-regular.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semibold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-greek/segoeui-semilight.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-light.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-regular.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semibold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-hebrew/segoeui-semilight.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-bold.woff2
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-light.woff
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-regular.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semibold.w
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-vietnamese/segoeui-semilight.
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-bold.wof
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-light.wo
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-regular.
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semibold
Source: onedrive-font-face-definitions[1].css.2.drString found in binary or memory: https://static2.sharepointonline.com/files/fabric/assets/fonts/segoeui-westeuropean/segoeui-semiligh
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/statics/override.css?c=7
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.drString found in binary or memory: https://statics-uhf-eus.akamaized.net/west-european/shell/_scrf/css/themes=default.device=uplevel_we
Source: ga[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: de-ch[1].htm.2.drString found in binary or memory: https://store.office.com/de-ch/appshome.aspx?
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://store.office.com/en-us/appshome.aspx?
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://store.office.com/worldwide.aspx?rs=en-us&amp;cmapid=1
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://support.office
Source: authorize[1].htm.2.drString found in binary or memory: https://support.office.com/auth/signin
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/download-and-install-or-reinstall-office-365-or-office-2016
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30
Source: ~DF3297C15ECEE1D1CD.TMP.1.drString found in binary or memory: https://support.office.com/en-us/article/onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30?ui=en-US
Source: authorize[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/home/backgroundauth?provider=AAD&amp;end=False
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://support.office.com/en-us/office-training-center?ms.officeurl=training
Source: de-ch[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://swiftkey.com/images/misc/stores/app/en.png
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://templates.office.com/
Source: de-ch[1].htm.2.drString found in binary or memory: https://twitter.com/microsoft_ch
Source: de-ch[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://ussearchprod.trafficmanager.net/services/api/v1.0/store/categories
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.adr.org
Source: ga[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: ga[1].js.2.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.google.com/intl/en_ALL/help/terms_maps.html
Source: 8269159376[1].js.2.drString found in binary or memory: https://www.got-it.ai/partners/excelchat
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.instagram.com/microsoftch/
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.linkedin.com/company/1035
Source: {9141856B-8DA5-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://www.microsoft.
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayAddEditPaymentPage/
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayEditProfilePage/tab.profile
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountO
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayAccountR
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/DisplayFindYourOrderPage/nextAction.DisplayDownload
Source: en-us[1].htm.2.drString found in binary or memory: https://www.microsoftstore.com/store/msusa/en_US/wishlists?Wt.mc_id=wishlist_landingpage
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://www.office.com/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.drString found in binary or memory: https://www.office.com/login?ru=%2f%3fauth%3d1
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.onenote.com/
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.onenote.com/?omkt=de-CH
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.skype.com
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.skype.com/de/
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.skype.com/en/
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.skype.com/go/allrates
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.skype.com/go/legal
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.skype.com/go/store.reactivate.credit
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.skype.com/go/ustax
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.skype.com/legal/broadcast
Source: B3H4QQEY.htm.2.drString found in binary or memory: https://www.uservoice.com/tos/
Source: onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/games/xbox-one?xr=shellnav
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/xbox-game-pass
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/xbox-game-pass/pc-games
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/xbox-one-s?xr=shellnav
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.xbox.com/de-ch/xbox-one-x
Source: servicesagreement[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-US/Legal/CodeOfConduct
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, en-us[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/games/xbox-one?xr=shellnav
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-s?xr=shellnav
Source: onedrive-help-5943c2b9-fafc-4cb4-95c0-9cc73fcabb30[1].htm.2.dr, onedrive[1].htm.2.drString found in binary or memory: https://www.xbox.com/en-us/xbox-one-x
Source: de-ch[1].htm.2.drString found in binary or memory: https://www.youtube.com/user/MicrosoftCH
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean2.win@3/373@36/14
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF80C230113F9E46C0.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3628 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3628 CREDAT:17410 /prefetch:2Jump to behavior
Found GUI installer (many successful clicks)Show sources
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: Install
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Source: C:\Program Files\internet explorer\iexplore.exeAutomated click: agree
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Malware Analysis System Evasion:

barindex
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)Show sources
Source: odconedrive-97a00166[1].js.2.drBinary or memory string: ",ConnectVirtualMachine:"
Source: odconedrive-97a00166[1].js.2.drBinary or memory string: ",DisconnectVirtualMachine:"

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 141284 URL: https://1drv.ms/b/s!AiW15Ftb5vjlgRcz9vmujH_RJFX7?e=dbmNhe Startdate: 12/06/2019 Architecture: WINDOWS Score: 2 5 iexplore.exe 6 87 2->5         started        process3 7 iexplore.exe 7 407 5->7         started        dnsIp4 10 assets.uvcdn.com 104.16.72.107, 443, 49802, 49803 unknown United States 7->10 12 onedrive.uservoice.com 104.17.28.92, 443, 49800, 49801 unknown United States 7->12 14 53 other IPs or domains 7->14

Simulations

Behavior and APIs

No simulations

Antivirus and Machine Learning Detection

Initial Sample

SourceDetectionScannerLabelLink
https://1drv.ms/b/s!AiW15Ftb5vjlgRcz9vmujH_RJFX7?e=dbmNhe0%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://bizcloudz.net/off/webnet.php?code=2018900)0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.