Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://onedrive.live.com/redir?resid=7066DF4C1D0AB014%21730&authkey=%21AHfvfhIqJz7URpI&page=View&wd=target%28Quick%20Notes.one%7Ce4864d19-c30a-4c4a-b033-f0bd266d599b%2FUntitled%20Page%7Ca546cc8d-4a78-493f-a62b-5e5827c1282e%2F%29

Overview

General Information

Sample URL:https://onedrive.live.com/redir?resid=7066DF4C1D0AB014%21730&authkey=%21AHfvfhIqJz7URpI&page=View&wd=target%28Quick%20Notes.one%7Ce4864d19-c30a-4c4a-b033-f0bd266d599b%2FUntitled%20Page%7Ca546cc8d-4a78-493f-a62b-5e5827c1282e%2F%29
Analysis ID:483780
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on logo template match)
HTML body contains low number of good links
No HTML title found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5520 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://onedrive.live.com/redir?resid=7066DF4C1D0AB014%21730&authkey=%21AHfvfhIqJz7URpI&page=View&wd=target%28Quick%20Notes.one%7Ce4864d19-c30a-4c4a-b033-f0bd266d599b%2FUntitled%20Page%7Ca546cc8d-4a78-493f-a62b-5e5827c1282e%2F%29' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 5172 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,17180406757765110953,12677298960956058568,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1768 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://onedrive.live.com/redir?resid=7066DF4C1D0AB014%21730&authkey=%21AHfvfhIqJz7URpI&page=View&wd=target%28Quick%20Notes.one%7Ce4864d19-c30a-4c4a-b033-f0bd266d599b%2FUntitled%20Page%7Ca546cc8d-4a78-493f-a62b-5e5827c1282e%2F%29SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social usering
Antivirus detection for URL or domainShow sources
Source: https://axervices.com/ytxol/Avira URL Cloud: Label: phishing
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d5242Avira URL Cloud: Label: phishing
Source: https://axervices.com/ytxol/0fflink.phpAvira URL Cloud: Label: phishing
Source: https://axervices.com/ytxol/SignAvira URL Cloud: Label: phishing

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 81341.3.pages.csv, type: HTML
Phishing site detected (based on logo template match)Show sources
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7Matcher: Template: microsoft matched
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: Number of links: 0
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: Number of links: 0
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: HTML title missing
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: HTML title missing
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: No <meta name="author".. found
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: No <meta name="author".. found
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: No <meta name="copyright".. found
Source: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6c263cd4d524218156280b6d5504a1ae6jy0p3-21jmv-bktp7HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownDNS traffic detected: queries for: onedrive.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: unknownTCP traffic detected without corresponding DNS query: 92.122.145.220
Source: global trafficHTTP traffic detected: GET /settings/v2.0/wsd/muse?os=Windows&osVer=10.0.17134.1.amd64fre.rs4_release.180410-1804&deviceId=a2ab526a-d38d-4fc9-8ba0-e34b8d6354e8&sampleId=8875098&deviceClass=Windows.Desktop&sku=48&locale=en-US&ring=Retail&AttrDataVer=107&App=&AppVer=10.0&ubr=1 HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonIf-None-Match: 1700:2EA4AD209B1132B4::2F0891BC0CUser-Agent: cpprestsdk/2.8.0Host: settings-win.data.microsoft.com
Source: global trafficHTTP traffic detected: GET /image/apps.15445.9007199266246197.1102bb94-3d65-417b-bd4a-5e4abd0fc759.383d8ea0-4240-4554-8a60-3d075579c48e?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.16574.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.6a6f592e-efa9-4bb0-b008-7c3422ab3313?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.18858.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.1b03c26f-1753-4221-9ab1-4581f098723d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.2052.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.a0c3decd-308f-4f06-bcfb-2aa4f3afe248?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.18694.9007199266247846.b5c49955-e050-4553-b8e4-0e223ed6c5a1.4e8e78d2-c2c2-4c02-8d8c-46ac3b2419e7?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.23911.9007199266246197.1102bb94-3d65-417b-bd4a-5e4abd0fc759.1357e1bf-d617-4272-ae74-1ad5e64df828?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.31617.13655054093851568.f2bf9430-60d7-4569-a50d-0f21c9ade6b3.c563d383-997d-4da1-9def-d7200e3547f8?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.34216.13510798887304077.23063538-cc5b-48a6-877b-3b83e2722bce.566f2e1c-fa6a-4237-9db4-5b8d5b63a0eb?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.40093.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.e6964d6a-18a4-4746-9238-9f0acc233a65?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.37827.13753891519397067.09276afb-06f9-44a1-b0d9-b027aaf639b5.96a6ae2c-a3e2-4b3c-8de1-2a17df388872?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.37103.13510798887304077.23063538-cc5b-48a6-877b-3b83e2722bce.a75cd0a0-1e29-40e8-8a9c-4bdc75f7997c?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.49525.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.2f6b9bdf-a4fc-42d8-aea0-65c437755b78?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.49856.13753891519397067.09276afb-06f9-44a1-b0d9-b027aaf639b5.44e51362-f63c-4737-878e-9c83ae307c47?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.11554.13576748414566955.ddf411cf-737c-4c89-8b37-cb8d28921c17.e0987182-8d6c-458c-befd-5dda1218b08e?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.58298.9007199266285780.3d16d9fa-052b-42c5-ba7d-a5688e3dda24.55988ee1-bd9b-4322-980a-a610abdc7713?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.616.13510798887047136.8a1815b2-017c-48c8-80cc-ca4d1ae5c8cf.d81cfd95-c9fd-48e0-8fc3-36ff7b9e590a?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.64128.9007199266246227.c596c546-6fcb-4260-935c-19bc24b971ef.d58015ff-2fcf-4113-975b-e873039b6d86?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.15113.9007199266243449.5d3d0570-251e-497e-b523-b366edcab8b6.02e30049-83bd-4605-9702-38682a38e4c7?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.18124.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.afc6c372-c7a8-4eda-94fb-541bbb081d14?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.31377.13925855090824389.5d8469ac-bd06-459d-aeb3-ac562357124f.715204a1-f65d-4d02-859d-2a63864bf401?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.34227.9007199266243449.5d3d0570-251e-497e-b523-b366edcab8b6.81fe3b1b-a486-406c-812b-786fc2c2ed04?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.39016.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.bbea1229-a466-4a8c-b428-57cb58abf084?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.38957.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.dcc9368c-4c77-41a2-b867-8514435d8418?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.41671.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.86b1d82d-8b47-4bda-99fc-8a1db0a7ac9d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.43423.13510798883386282.9283c867-e87c-44e6-8b74-26c2744befb9.e2e1f371-e658-4ebc-afda-254d7c8f9a8e?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.5075.9007199266244427.c75d2ced-a383-40dc-babd-1ad2ceb13c86.f329a73d-1ae8-4445-aa4c-bf40f3c5d62d?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.47231.13510798883386282.03d5627f-a416-4073-8989-ce5891d3a285.f7f2ba18-f7d5-4307-85b3-dba28f22a8bb?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.54562.13634052595610511.c45457c9-b4af-46b0-8e61-8d7c0aec3f56.24af4abe-62f8-404b-b1a9-ee8fe4d32d94?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.52481.9007199266243744.36dde9d0-f21a-47d2-976e-f1ea3f5b031f.16c0a704-aef8-4bc4-af36-0c3b3ee0f6e2?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.55990.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.1c9f2174-7e18-48ba-af90-e569a2444a83?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.58878.9007199266246761.3059e916-5e99-4797-a868-366cc8761e37.21987aba-4948-4f44-bf2e-eba90517f1c5?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.59367.13510798885854323.dbec43fa-fcea-4036-9b1c-96de66922c18.da850a8e-5b3f-49fd-b3dc-6a8c0db400e4?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.5940.13925855090824389.5d8469ac-bd06-459d-aeb3-ac562357124f.4188e018-d924-474d-ad09-e02db690d34f?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.8341.13510798886747090.a0953092-5fc3-46f0-aefa-796cb3a9b90b.fc0c6be7-c064-44dc-a7df-81e7097e3c93?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.62687.13510798885854323.6a8c11ad-84e9-4247-9ba9-ab3742bdbb87.e61dfadd-3bdd-4f66-beb1-6bb763b60b02?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /image/apps.8607.13576748414566955.ddf411cf-737c-4c89-8b37-cb8d28921c17.c26d58e8-2d33-4e9a-bf78-e22de319ec46?format=source HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134Host: store-images.s-microsoft.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /api/proxy?v=3 HTTP/1.1Host: skyapi.onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=c18809ae-d3d3-48ae-9a78-bfdedeb096ca&&RD00155D74C660&303; wla42=; mkt=en-US; xidseq=3; E=P:weCr9jx42Yg=:cMlGmv1zyjXLZ0yWV0qCu0c/STm/xS5a7zrxXl1oLX4=:F
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ytxol/ HTTP/1.1Host: axervices.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ytxol/0fflink.php HTTP/1.1Host: axervices.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSELB=55A9A7010A1490DD9EDA2A076BB0F717DFD62BFEA8CC4D1F822A6BE4DE20C50AE0F05676032694EA95BF881055A7E33A890023A07A91EEB1E0724970845CD69CF50D7AAFD8; AWSELBCORS=55A9A7010A1490DD9EDA2A076BB0F717DFD62BFEA8CC4D1F822A6BE4DE20C50AE0F05676032694EA95BF881055A7E33A890023A07A91EEB1E0724970845CD69CF50D7AAFD8
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=Gnrs4E%2BU5Gu0P2a5%2B70C%2BGxyKcU9PyU2l%2BkTne88OKwSVvQGG63
Source: 03b6d0a4-71c8-48d7-9511-4a96725ed566.tmp.1.dr, manifest.json0.0.dr, 031c8e58-69c7-457d-adf8-5dd4bd7cf123.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: 93a3fa42e61c139b_0.0.drString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: f7dd50aa7b62010a_0.0.drString found in binary or memory: https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suites
Source: 03b6d0a4-71c8-48d7-9511-4a96725ed566.tmp.1.dr, manifest.json0.0.dr, 031c8e58-69c7-457d-adf8-5dd4bd7cf123.tmp.1.drString found in binary or memory: https://apis.google.com
Source: b4f273c849fd66a8_0.0.drString found in binary or memory: https://axervices.com/
Source: 9b751b01290223f0_0.0.drString found in binary or memory: https://axervices.com/e
Source: c3aaa4689d2da28d_0.0.drString found in binary or memory: https://axervices.com/jt
Source: Current Session.0.drString found in binary or memory: https://axervices.com/ytxol/
Source: History.0.drString found in binary or memory: https://axervices.com/ytxol/0fflink.php#authoriz3?cli3nt_k3y=typce-x1c9r-irmlm1631705773c263cd4d5242
Source: History.0.drString found in binary or memory: https://axervices.com/ytxol/Sign
Source: 90b75c1a333fbe5d_0.0.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161450541015_App_Scripts/Feedback/latest/Intl/en/officeb
Source: 3341dc8ccaa38e24_0.0.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161450541015_App_Scripts/Feedback/latest/officebrowserfe
Source: 74dda42491470d94_0.0.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161450541015_App_Scripts/wacairspaceanimationlibrary.js
Source: fa1d01002fa990ce_0.0.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h4DDC354F0F9CEFBE_App_Scripts/MicrosoftAjax.js
Source: 2f093249a8f8bca4_0.0.drString found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h86134E806FB32D83_App_Scripts/1033/CommonIntl.js
Source: Favicons.0.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico
Source: Favicons-journal.0.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.icoQ
Source: 281a196a87838cee_0.0.drString found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s