Loading ...

Play interactive tourEdit tour

Analysis Report Loyalty..docx

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:193298
Start date:03.12.2019
Start time:07:45:29
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 8m 4s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:Loyalty..docx
Cookbook file name:defaultwindowsofficecookbook.jbs
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Run name:Potential for more IOCs and behavior
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:SUS
Classification:sus22.expl.winDOCX@4/37@2/2
EGA Information:Failed
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 4
  • Number of non-executed functions: 1
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .docx
  • Found Word or Excel or PowerPoint or XPS Viewer
  • Attach to Office via COM
  • Browse link: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwj1lpbh-d3MAhXqDsAKHd0aCOgQjRwIBw&url=http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/&psig=AFQjCNGDwAdlWt5rFNsRhJG-NJvj4j0zmQ&ust=1463465974561514
  • Scroll down
  • Close Viewer
  • Browsing link: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/
  • Browsing link: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwj1lpbh-d3MAhXqDsAKHd0aCOgQjRwIBw&url=http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/&psig=AFQjCNGDwAdlWt5rFNsRhJG-NJvj4j0zmQ&ust=1463465974561514#
Warnings:
Show All
  • Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, MusNotifyIcon.exe, conhost.exe, CompatTelRunner.exe
  • Excluded IPs from analysis (whitelisted): 2.20.142.209, 2.20.142.210, 8.241.121.254, 8.253.95.249, 8.253.204.120, 8.241.123.126, 8.241.123.254, 67.27.235.126, 8.248.117.254, 67.26.83.254, 67.27.234.126, 8.241.122.254, 93.184.221.240, 13.107.3.128, 13.107.5.88, 52.109.32.27, 52.109.76.32, 67.26.81.254, 8.253.95.120, 8.248.131.254, 52.114.74.44, 104.103.90.39, 152.199.19.161, 8.248.115.254
  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, client-office365-tas.msedge.net, mobile.pipe.aria.microsoft.com, e-0009.e-msedge.net, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, prd.col.aria.mobile.skypedata.akadns.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, pipe.prd.skypedata.akadns.net, auto.au.download.windowsupdate.com.c.footprint.net, wu.wpc.apr-52dd2.edgecastdns.net, config.edge.skype.com, pipe.cloudapp.aria.akadns.net, afdo-tas-offload.trafficmanager.net, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, prod.configsvc1.live.com.akadns.net, s-0001.s-msedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, prod.nexusrules.live.com.akadns.net, pipe.skype.com, config.officeapps.live.com, go.microsoft.com.edgekey.net, nexusrules.officeapps.live.com, europe.configsvc1.live.com.akadns.net, cs9.wpc.v0cdn.net
  • Execution Graph export aborted for target WINWORD.EXE, PID 1216 because there are no executed function
  • Execution Graph export aborted for target iexplore.exe, PID 2736 because there are no executed function
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold220 - 100falsesuspicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold30 - 5true
ConfidenceConfidence


Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlImpact
Valid AccountsExploitation for Client Execution1Winlogon Helper DLLProcess Injection2Masquerading1Credential DumpingProcess Discovery1Remote File Copy1Data from Local SystemData Encrypted1Standard Cryptographic Protocol2Data Destruction
Replication Through Removable MediaGraphical User Interface1Port MonitorsExtra Window Memory Injection1Virtualization/Sandbox Evasion1Network SniffingSecurity Software Discovery1Remote ServicesData from Removable MediaExfiltration Over Other Network MediumRemote File Copy1Data Encrypted for Impact
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionProcess Injection2Input CaptureFile and Directory Discovery1Windows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Non-Application Layer Protocol3Disk Structure Wipe
Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingExtra Window Memory Injection1Credentials in FilesSystem Information Discovery1Logon ScriptsInput CaptureData EncryptedStandard Application Layer Protocol3Disk Content Wipe

Signature Overview

Click to jump to signature section


Software Vulnerabilities:

barindex
Potential document exploit detected (performs DNS queries with low reputation score)Show sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEDNS query: name: korkoladesign.com
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEDNS query: name: www.korkoladesign.com
Allocates a big amount of memory (probably used for heap spraying)Show sources
Source: winword.exeMemory has grown: Private usage: 1MB later: 71MB

Networking:

barindex
Domain name seen in connection with other malwareShow sources
Source: Joe Sandbox ViewDomain Name: korkoladesign.com korkoladesign.com
IP address seen in connection with other malwareShow sources
Source: Joe Sandbox ViewIP Address: 172.217.23.227 172.217.23.227
JA3 SSL client fingerprint seen in connection with other malwareShow sources
Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/11/olg.png HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: www.korkoladesign.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/11/olg.png HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: www.korkoladesign.comConnection: Keep-AliveCookie: CONCRETE5=unq27umeg8e3ifogk50gqnglm4
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/11/olg.png HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: www.korkoladesign.comConnection: Keep-AliveCookie: CONCRETE5=unq27umeg8e3ifogk50gqnglm4
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2015/11/olg.png HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office; MSOffice 16)Accept-Encoding: gzip, deflateHost: www.korkoladesign.comConnection: Keep-AliveCookie: CONCRETE5=unq27umeg8e3ifogk50gqnglm4
Found strings which match to known social media urlsShow sources
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: .hotmail.com1&0 equals www.hotmail.com (Hotmail)
Source: msapplication.xml0.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x055d3aaa,0x01d5a9f1</date><accdate>0x055d3aaa,0x01d5a9f1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x055d3aaa,0x01d5a9f1</date><accdate>0x055fb18d,0x01d5a9f1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x056e7043,0x01d5a9f1</date><accdate>0x056e7043,0x01d5a9f1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x056e7043,0x01d5a9f1</date><accdate>0x056e7043,0x01d5a9f1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x05736e79,0x01d5a9f1</date><accdate>0x05736e79,0x01d5a9f1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000007.00000002.2299860116.000002788A0D0000.00000004.00000040.sdmp, msapplication.xml7.7.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x05736e79,0x01d5a9f1</date><accdate>0x05736e79,0x01d5a9f1</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: iexplore.exe, 00000007.00000002.2297286114.0000027889650000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2319671303.0000000005450000.00000002.00000001.sdmpString found in binary or memory: Free Hotmail.url equals www.hotmail.com (Hotmail)
Source: WINWORD.EXE, 00000000.00000003.2010233922.000000000FC96000.00000004.00000001.sdmpString found in binary or memory: LinkedIn equals www.linkedin.com (Linkedin)
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube)
Source: WINWORD.EXE, 00000000.00000002.2274199782.000000000016A000.00000004.00000020.sdmpString found in binary or memory: api/v1/linkedin/associations equals www.linkedin.com (Linkedin)
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: hotmail.co.uk1 equals www.hotmail.com (Hotmail)
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: hotmail.com1 equals www.hotmail.com (Hotmail)
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000007.00000002.2308698674.000002788CB70000.00000004.00000001.sdmpString found in binary or memory: http://www.facebook.com/square70x70logo equals www.facebook.com (Facebook)
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.korkoladesign.com
Urls found in memory or binary dataShow sources
Source: iexplore.exe, 00000007.00000002.2297286114.0000027889650000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2319671303.0000000005450000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
Source: WINWORD.EXE, 00000000.00000003.2018697472.000000000FDF6000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297286114.0000027889650000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2319671303.0000000005450000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
Source: WINWORD.EXE, 00000000.00000003.2010090013.000000001498C000.00000004.00000001.sdmpString found in binary or memory: http://cert.int-x3.letsencrypt.org/0
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
Source: WINWORD.EXE, 00000000.00000003.2010090013.000000001498C000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
Source: WINWORD.EXE, 00000000.00000003.2018697472.000000000FDF6000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
Source: WINWORD.EXE, 00000000.00000003.2018697472.000000000FDF6000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
Source: iexplore.exe, 00000008.00000002.2325705597.000000000A55D000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/GTS1O1.crl0
Source: iexplore.exe, 00000008.00000002.2325705597.000000000A55D000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
Source: WINWORD.EXE, 00000000.00000003.2018697472.000000000FDF6000.00000004.00000001.sdmpString found in binary or memory: http://isrg.trustid.ocsp.identrust.com0;
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
Source: WINWORD.EXE, 00000000.00000003.2021040216.00000000027C5000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.2012990422.000000000FBE5000.00000004.00000001.sdmp, ~WRS{E9552E51-1A19-4DAE-9EEF-F989019CB74A}.tmp.0.drString found in binary or memory: http://modernolg.ca
Source: WINWORD.EXE, 00000000.00000003.2018697472.000000000FDF6000.00000004.00000001.sdmpString found in binary or memory: http://modernolg.ca/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: WINWORD.EXE, 00000000.00000003.2010090013.000000001498C000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.int-x3.letsencrypt.org0/
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
Source: iexplore.exe, 00000008.00000002.2325705597.000000000A55D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gsr202
Source: iexplore.exe, 00000008.00000002.2325705597.000000000A55D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.goog/gts1o10
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
Source: iexplore.exe, 00000008.00000002.2325705597.000000000A55D000.00000004.00000001.sdmpString found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2287850101.000000000C4EC000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/diagramng
Source: WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/drawingml/table
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
Source: WINWORD.EXE, 00000000.00000003.1891967663.0000000014C2C000.00000004.00000001.sdmpString found in binary or memory: http://scas.openformatrg/drawml/2006/main
Source: WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmpString found in binary or memory: http://schemas.m
Source: WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmpString found in binary or memory: http://schemas.ma
Source: WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmpString found in binary or memory: http://schemas.micro
Source: WINWORD.EXE, 00000000.00000002.2288771392.000000000C775000.00000004.00000001.sdmpString found in binary or memory: http://schemas.micro6
Source: WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microsoft
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microsoft.c
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microsoft.co
Source: WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmpString found in binary or memory: http://schemas.mu
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.op
Source: WINWORD.EXE, 00000000.00000003.1892158552.0000000014C8F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.open
Source: WINWORD.EXE, 00000000.00000003.1891861739.0000000014BFC000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/content-t
Source: WINWORD.EXE, 00000000.00000003.1892158552.0000000014C8F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.openformatrg/package/2006/r
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmp, iexplore.exe, 00000007.00000002.2299897250.000002788A100000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.1887339397.000000000532A000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
Source: iexplore.exe, 00000008.00000003.2139438925.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico()
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.icouR;
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297286114.0000027889650000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2319671303.0000000005450000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: http://weather.service.msn.com/data.aspx02tch
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
Source: iexplore.exe, 00000007.00000002.2297286114.0000027889650000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2319671303.0000000005450000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
Source: msapplication.xml.7.drString found in binary or memory: http://www.amazon.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2293362554.000000000EF72000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
Source: msapplication.xml1.7.drString found in binary or memory: http://www.google.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
Source: WINWORD.EXEString found in binary or memory: http://www.korkoladesign.co
Source: iexplore.exe, 00000008.00000003.2137810688.00000000059F2000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000002.2321316555.0000000005A7F000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.2137014492.000000000A515000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com
Source: iexplore.exe, 00000007.00000002.2299450436.0000027889DE9000.00000004.00000001.sdmp, iexplore.exe, 00000007.00000002.2299401069.0000027889DD2000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2299450436.0000027889DE9000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/favicon.ico%
Source: iexplore.exe, 00000008.00000003.1886359395.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page
Source: iexplore.exe, 00000008.00000002.2321107323.0000000005A40000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario
Source: iexplore.exe, 00000008.00000003.1886359395.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-l
Source: iexplore.exe, 00000008.00000003.2106574105.0000000005AB3000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery
Source: {2CF7092D-15E4-11EA-AADB-C25F135D3C65}.dat.7.drString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/
Source: iexplore.exe, 00000008.00000002.2324604472.000000000A391000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/#8
Source: iexplore.exe, 00000008.00000003.2139438925.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/$(
Source: iexplore.exe, 00000008.00000003.2137014492.000000000A515000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/&psig=AFQj
Source: {2CF7092D-15E4-11EA-AADB-C25F135D3C65}.dat.7.drString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/&psig=AFQjCNGDwAdlWt5rFNsRhJG
Source: iexplore.exe, 00000008.00000002.2321345857.0000000005A88000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/.
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/.$
Source: iexplore.exe, 00000008.00000003.2144299529.0000000005A40000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/.sty1
Source: iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/.xmle$U
Source: iexplore.exe, 00000008.00000002.2321316555.0000000005A7F000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/Da
Source: iexplore.exe, 00000008.00000003.2139438925.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/H(~
Source: iexplore.exe, 00000008.00000003.2139438925.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/L)z
Source: iexplore.exe, 00000008.00000002.2321345857.0000000005A88000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/X
Source: iexplore.exe, 00000008.00000003.2139438925.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/X)N
Source: iexplore.exe, 00000008.00000003.2137014492.000000000A515000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/co
Source: iexplore.exe, 00000008.00000003.2144299529.0000000005A40000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/ewHe
Source: iexplore.exe, 00000008.00000003.2131252949.0000000005A0C000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/https://www.google.co.za/url?
Source: iexplore.exe, 00000008.00000003.2137014492.000000000A515000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/loH
Source: iexplore.exe, 00000007.00000002.2300123414.000002788A19C000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/m
Source: iexplore.exe, 00000008.00000002.2324604472.000000000A391000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/o8
Source: iexplore.exe, 00000008.00000002.2321345857.0000000005A88000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/p
Source: iexplore.exe, 00000008.00000003.2141088891.000000000CBBD000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.2141631242.000000000CBBF000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/res://ieframe.dll/dnserror.ht
Source: ~DF11C1BB160A590842.TMP.7.drString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/rja&uact=8&ved=0ahUKEwj1lpbh-
Source: iexplore.exe, 00000008.00000002.2321345857.0000000005A88000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/v
Source: iexplore.exe, 00000008.00000003.2139570421.0000000005A40000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gaming/w.korkoladesign.com/portfolio
Source: iexplore.exe, 00000007.00000002.2295610648.0000027887959000.00000004.00000020.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gin
Source: iexplore.exe, 00000008.00000002.2321587516.0000000005AEF000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontario-lottery-and-gyy
Source: iexplore.exe, 00000008.00000002.2321408283.0000000005A9A000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/portfolio_page/ontariorc=s&-ourlotteryes&cd-&caandja&ua-t=8gaming/hUKEw
Source: WINWORD.EXE, WINWORD.EXE, 00000000.00000003.2019140381.000000000F923000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2289136674.000000000C7F6000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.2019303890.000000000F741000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.2013119376.000000000FC1C000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/wp-content/uploads/2015/11/olg.png
Source: WINWORD.EXE, 00000000.00000003.2009670996.000000000FD81000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/wp-content/uploads/2015/11/olg.pngell32.dll
Source: WINWORD.EXE, 00000000.00000003.2019303890.000000000F741000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.com/wp-content/uploads/2015/11/olg.pngg
Source: iexplore.exe, 00000008.00000003.2137810688.00000000059F2000.00000004.00000001.sdmpString found in binary or memory: http://www.korkoladesign.comSearch
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
Source: msapplication.xml2.7.drString found in binary or memory: http://www.live.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: http://www.microsoft.
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
Source: iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
Source: msapplication.xml3.7.drString found in binary or memory: http://www.nytimes.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
Source: msapplication.xml4.7.drString found in binary or memory: http://www.reddit.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
Source: iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
Source: msapplication.xml5.7.drString found in binary or memory: http://www.twitter.com/
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
Source: msapplication.xml6.7.drString found in binary or memory: http://www.wikipedia.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
Source: msapplication.xml7.7.drString found in binary or memory: http://www.youtube.com/
Source: WINWORD.EXE, 00000000.00000002.2291402093.000000000D666000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2323197553.0000000008E66000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
Source: iexplore.exe, 00000007.00000002.2297668512.0000027889743000.00000002.00000001.sdmp, iexplore.exe, 00000008.00000002.2320140335.0000000005543000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://analysis.windows.net/powerbi/api02
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://analysis.windows.net/powerbi/apiacheBUB
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://analysis.windows.net/powerbi/apiksmH?=
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.aadrm.com/
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://api.aadrm.com/Q
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://api.diagnostics.office.coms
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://api.microsoftstream.com/api/ds
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://api.microsoftstream.com/api/rStreamVideoBasehttps://web.microsoftstream.com/video/ePPTQuickS
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.onedrive.com
Source: WINWORD.EXE, 00000000.00000003.1761970347.000000000C6F1000.00000004.00000001.sdmpString found in binary or memory: https://api.onedrive.comMBI
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://api.onedrive.comp
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasetsBearer
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groupsBearer
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groupsLasso
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://api.powerbi.com/v1.0/myorg/importsFTF9J
Source: WINWORD.EXE, 00000000.00000002.2274199782.000000000016A000.00000004.00000020.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://apis.live.net/v5.0/nep
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/OneNoteBulletinshttps://
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://augloop.office.com
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.comaLinkRequestApiPageTitleRetrievalhttps://uci.
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://augloop.office.comp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlbled
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://cdn.entity.
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.pngroOutlookConnectorManifesthttp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsellUsersr
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: WINWORD.EXE, 00000000.00000003.1761970347.000000000C6F1000.00000004.00000001.sdmpString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsellteLiveProfileServicehtt
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://client-office365-tas.msedge.net/ab5
Source: WINWORD.EXE, 00000000.00000002.2287374418.000000000B3BE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287704271.000000000C480000.00000004.00000001.sdmpString found in binary or memory: https://client-office365-tas.msedge.net/ab?
Source: WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmpString found in binary or memory: https://client-office365-tas.msedge.net/ab?h
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://client-office365-tas.msedge.net/ab?nglz
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://clients.config.office.net/
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/.
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/.ed(B
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/Bearer
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/https://login.windows.net/common/oauth2/authorize
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policiesBearer
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policieshttps://login.windows.net/common/oauth2/
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/ios2Tr9N
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/iosBearer
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/ioshttps://login.windows.net/common/oauth2/authorize
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/macBearer
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://clients.config.office.net/user/v1.0/machttps://login.windows.net/common/oauth2/authorizeti
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://cloudfiles.onenote.com/upload.aspxOneNoteCloudFilesConsumerEmbedhttps://onedrive.live.com/em
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://cloudfiles.onenote.com/upload.aspxeHQX:
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://config.edge.skype.com
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: WINWORD.EXE, 00000000.00000002.2277682092.00000000029F7000.00000004.00000001.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/Office/
Source: WINWORD.EXE, 00000000.00000002.2287850101.000000000C4EC000.00000004.00000001.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/Office/16.0.11001.20108?&Clientid=%7b48479AB2-136A-47BD-A72E
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/documentvirality/prod/index.html
Source: WINWORD.EXE, 00000000.00000003.2017454754.000000000C65D000.00000004.00000001.sdmpString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/documentvirality/prod/index.htmlPer
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/progressui/index.html
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/progressui/index.html0ProgressUICommercialExpUrl
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://contentstorage.osi.office.net/dynamiccanvas/progressui/index.html2$
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://cr.office.com
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://cr.office.comol;
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com&C2
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277470750.00000000029A6000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile32p
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileBearer
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://dataservice.o365filtering.comY
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: WINWORD.EXE, 00000000.00000003.2017454754.000000000C65D000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/p
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://devnull.onenote.com
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comBearer
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://devnull.onenote.comMBI_SSL_SHORT
Source: WINWORD.EXE, 00000000.00000003.2020986370.00000000027AD000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://directory.services.
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://enrichment.osi.office.net/t
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://entitlement.diagnostics.office.comFix
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://entitlement.diagnosticssdf.office.com5pH0=
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://entity.osi.office.net/t
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidUserVoicePo
Source: WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmpString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-androidx
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmpString found in binary or memory: https://globaldisco.crm.dynamics.comG
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://graph.ppe.windows.net/https://graph.ppe.windows.net
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://graph.ppe.windows.net/p
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://graph.ppe.windows.net0
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://graph.windows.net
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://graph.windows.net/
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://graph.windows.net/https://graph.windows.net
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://graph.windows.net/lp
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://graph.windows.net/tnt
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: WINWORD.EXE, 00000000.00000002.2287704271.000000000C480000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetryMi
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmpString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3dsd
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287704271.000000000C480000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://incidents.diagnostics.office.comrtBars
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://incidents.diagnosticssdf.office.comavVHV=
Source: WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bings
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: WINWORD.EXE, 00000000.00000002.2276859103.0000000002830000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArtice9
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: WINWORD.EXE, 00000000.00000002.2276859103.0000000002830000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebookce
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: WINWORD.EXE, 00000000.00000002.2276859103.0000000002830000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveceZ
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediaCi
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://lifecycle.office.com
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.comMBI_SSL_SHORThttps://lifecycle.office.com
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://lifecycle.office.comp
Source: WINWORD.EXE, 00000000.00000003.2010233922.000000000FC96000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
Source: iexplore.exe, 00000007.00000002.2300197944.000002788A1D0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com)
Source: iexplore.exe, 00000007.00000002.2295610648.0000027887959000.00000004.00000020.sdmpString found in binary or memory: https://login.live.comG
Source: iexplore.exe, 00000007.00000002.2295749049.000002788798C000.00000004.00000020.sdmpString found in binary or memory: https://login.live.comL
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmpString found in binary or memory: https://login.microsoftonline.com/s
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize?
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorizee
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorizerq
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://login.windows.local
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.localr
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize/
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize0
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize1
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize1ed8r
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize2
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize32Hu
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize32P
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize4
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeBar
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeBars?
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeCsi
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeE
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeI
Source: WINWORD.EXE, 00000000.00000002.2274199782.000000000016A000.00000004.00000020.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeIdle
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeL
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeM
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeMBI_SSLhttps://
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeMRUU
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeN
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeStmr
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize_
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeabled
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeal
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizealerD
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeands
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeble
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizebled
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizebledp
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeblet$p
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizector
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorized
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorized3
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorized326
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizedngk
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeds
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeees
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeema
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeeopleFt
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeer32
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeer322
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizegDfal
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizegic
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeging
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizei
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeics
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeil
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeingUI
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeion
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeitn
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeize
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizej
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizek
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizel
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizel123
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizel1234
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizel1234N
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeled
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeled:t
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeledb
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeledc
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeledn
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeler2
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeler32
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizellery
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizem
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizens
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizenspe
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizentsy
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeo
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeol11?
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeollab~
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeonRUEs
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizer
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizerVer
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizers
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizerver1
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizes
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeshi
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizessMRU
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizetcher
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizetcher6
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizetmy
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizets
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeture
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeuage
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeuitn
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizevces
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizeve32m
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorizexext
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://login.windows.net/common/oauth2/authorize~
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmp, WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/u
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1MBI_SSL_SHORT
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://management.azure.com
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://management.azure.com/
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://management.azure.comp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://messaging.office.com/
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyBearer
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicying
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://ncus-000.contentsync.
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://ncus-000.pagecontentsync.
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://nexus.officeapps.live.com8
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://nexus.officeapps.live.comd.l
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://nexusrules.officeapps.live.com
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://nexusrules.officeapps.live.com/
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://nexusrules.officeapps.live.com/nexus/rules
Source: WINWORD.EXE, 00000000.00000003.1764549069.000000000C6ED000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2288920243.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://nexusrules.officeapps.live.com/nexus/rules?Application=winword.exe&Version=16.0.11001.20108&
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://nexusrules.officeapps.live.com/nexus/rulesO
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://nexusrules.officeapps.live.com/nexus/rulesP
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://nexusrules.officeapps.live.comZ
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.netize3Wu
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://ocos-office365-s2s.msedge.net/abStW4
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/led
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://officeapps.live.com
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com#
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com$R
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.Chart.D
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.Docs.Mr
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.Mru.Use
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.Off
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com.UseJsoni
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com24
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com6
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com:
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com;
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comBatchSiz$4
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comCpLimS
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comFeatured
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comFindMyFiE
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comGalleryRU
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comHg
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comId
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comMicrosof
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comMicrosofB4
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comTabItemNH4
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comUseRenam
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.com_t
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comc
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comck2Run.D
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comcrosoft.7
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.come.Do
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.come.Dynami-
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.come.Graphi
Source: WINWORD.EXE, 00000000.00000002.2277682092.00000000029F7000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.come.net
Source: WINWORD.EXE, 00000000.00000003.2011552658.000000000C61C000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comeFullL
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comentation
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comfice.DynQ
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comfice.Exp
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comfice.Gra
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comficeStar
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comkbook
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.commentatio
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comnt
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comon
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comool
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comormValue
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comortEnabl
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comosoft.Of
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comq
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comt.Office
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comureOnSav
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comvingStat
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://officeapps.live.comwDisable
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/sed
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://onedrive.live.com
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falsez
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.com/embed?i
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://onedrive.live.com/redir?page=view&resid=1229293068B60FF7
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.comed.p
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://onedrive.live.comyd.p
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://osi.office.netst
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office.comp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/api/v1.0/me/ActivitiesMBI_SSL
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activitiesor
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json1
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsoniSubstrateOfficeIntelligenceServicehttps
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.jsonmec
Source: WINWORD.EXE, 00000000.00000003.1764189174.000000000C7C9000.00000004.00000001.sdmpString found in binary or memory: https://outlook.office365.com/ckOnF
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/nv5
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptionsZn
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonMBI_SSLpeople.directory.
Source: WINWORD.EXE, 00000000.00000002.2273928219.0000000000090000.00000004.00000020.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonsers3
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: WINWORD.EXE, 00000000.00000003.2020986370.00000000027AD000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json.
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonMBI_SSL_SHORTssl.
Source: iexplore.exe, 00000008.00000002.2325705597.000000000A55D000.00000004.00000001.sdmpString found in binary or memory: https://pki.goog/repository/0
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13IdentityServicehttps://identity.
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmpString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13che
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277470750.00000000029A6000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://powerlift-frontdesk.acompli.netPowerLiftGymBaseUrlhttps://powerlift.acompli.netSubstrateOffi
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://powerlift.acompli.net
Source: WINWORD.EXE, 00000000.00000003.1764134937.000000000C79F000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonT
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmpString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptioneventsJw
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptioneventsMBI_SSLhttps://rpsticket.partnerservices.getmicr
Source: WINWORD.EXE, 00000000.00000003.2021055665.00000000027C8000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://settings.outlook.com
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://settings.outlook.comSp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmpString found in binary or memory: https://shell.suite.office.com:1443er
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workhttps://login.windows.net/common/oau
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/workndsF
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmpString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation6.0
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmpString found in binary or memory: https://store.office.cn/addinstemplateR
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://store.office.com/?productgroup=OutlookEQG:
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://store.office.com/?productgroup=OutlookMBI_SSL_SHORT
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://store.office.com/addinstemplate
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://store.office.com/addinstemplatenDeepLinkingServiceBlackForesthttps://store.office.de/addinst
Source: WINWORD.EXE, 00000000.00000003.1761759089.000000000C7FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmpString found in binary or memory: https://store.officeppe.com/addinstemplateaW#
Source: WINWORD.EXE, 00000000.00000002.2277208190.0000000002910000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.com/Todo-Internal.ReadWrites
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://substrate.office.comp
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileBearer
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://tasks.office.com
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://tasks.office.comts
Source: WINWORD.EXE, 00000000.00000002.2287819776.000000000C4DF000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://templatelogging.office.com/client/log
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://templatelogging.office.com/client/log1AppAcquisitionLogginghttps://
Source: WINWORD.EXE, 00000000.00000002.2277302799.0000000002951000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.htmlmInsightsImmersivehttp
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: WINWORD.EXE, 00000000.00000003.2017454754.000000000C65D000.00000004.00000001.sdmpString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.htmleVersioG
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devicesSugge
Source: WINWORD.EXE, 00000000.00000003.1762018453.0000000002AD7000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: WINWORD.EXE, 00000000.00000003.1761891893.000000000C71F000.00000004.00000001.sdmpString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/ExchangeAutoDiscoverhttps:/
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmpString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/kupn
Source: WINWORD.EXE, 00000000.00000002.2287891450.000000000C50B000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosilingR
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://wus2-000.contentsync.
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000002.2277830772.0000000002A40000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://wus2-000.pagecontentsync.
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: WINWORD.EXE, 00000000.00000002.2288367112.000000000C616000.00000004.00000001.sdmpString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA29
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2ClpP
Source: WINWORD.EXE, 00000000.00000003.2019798389.000000000C6D0000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: {2CF7092D-15E4-11EA-AADB-C25F135D3C65}.dat.7.drString found in binary or memory: https://www.google.co.
Source: iexplore.exe, 00000008.00000003.1887000321.0000000005B18000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/
Source: iexplore.exe, 00000008.00000003.2136976636.000000000A50E000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/0x800C0005&DNSError=1460
Source: iexplore.exe, 00000007.00000002.2300197944.000002788A1D0000.00000004.00000001.sdmp, iexplore.exe, 00000007.00000002.2300123414.000002788A19C000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.2139384612.0000000005AF9000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000002.2318552003.00000000051EF000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.2139438925.0000000005B18000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000002.2325502243.000000000A50F000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.1887000321.0000000005B18000.00000004.00000001.sdmp, imagestore.dat.8.drString found in binary or memory: https://www.google.co.za/favicon.ico
Source: iexplore.exe, 00000007.00000002.2299401069.0000027889DD2000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.ico2
Source: iexplore.exe, 00000007.00000002.2300123414.000002788A19C000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.ico?v2
Source: iexplore.exe, 00000007.00000002.2299401069.0000027889DD2000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icoU
Source: iexplore.exe, 00000008.00000002.2325502243.000000000A50F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.ico_:
Source: iexplore.exe, 00000008.00000003.1886953481.0000000005AFA000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icoc
Source: iexplore.exe, 00000007.00000002.2299401069.0000027889DD2000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icoer
Source: iexplore.exe, 00000008.00000002.2325502243.000000000A50F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icoi:
Source: iexplore.exe, 00000007.00000002.2300123414.000002788A19C000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icoicoa
Source: iexplore.exe, 00000007.00000002.2300123414.000002788A19C000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icok
Source: iexplore.exe, 00000008.00000003.1886841695.0000000005AB3000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icotario-lottery-and-gaming/&psig=AFQjCNGDwAdl
Source: iexplore.exe, 00000007.00000002.2299401069.0000027889DD2000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/favicon.icoz
Source: iexplore.exe, 00000008.00000003.1888365796.0000000005342000.00000004.00000001.sdmp, iexplore.exe, 00000008.00000003.1887786730.0000000005344000.00000004.00000001.sdmp, imagestore.dat.8.drString found in binary or memory: https://www.google.co.za/favicon.ico~
Source: iexplore.exe, 00000007.00000002.2294380317.00000093CEF20000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc
Source: iexplore.exe, 00000008.00000002.2318552003.00000000051EF000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&sou
Source: iexplore.exe, 00000008.00000002.2318552003.00000000051EF000.00000004.00000001.sdmpString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&2
Source: ~DF11C1BB160A590842.TMP.7.drString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwj1lpbh
Source: {2CF7092D-15E4-11EA-AADB-C25F135D3C65}.dat.7.drString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=gn.com/portfolio_pa
Source: iexplore.exe, 00000007.00000002.2295749049.000002788798C000.00000004.00000020.sdmpString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=v
Source: {2CF7092D-15E4-11EA-AADB-C25F135D3C65}.dat.7.drString found in binary or memory: https://www.google.co.za/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=za/url?sa=i&rct=j&q
Source: WINWORD.EXE, 00000000.00000002.2274199782.000000000016A000.00000004.00000020.sdmpString found in binary or memory: https://www.korkoladesign.com/
Source: WINWORD.EXE, 00000000.00000003.2018760745.00000000148E3000.00000004.00000001.sdmp, olg[1].htm.0.drString found in binary or memory: https://www.korkoladesign.com/wp-content/uploads/2015/11/olg.png
Source: iexplore.exe, 00000007.00000002.2299450436.0000027889DE9000.00000004.00000001.sdmp, iexplore.exe, 00000007.00000002.2299986896.000002788A151000.00000004.00000001.sdmp, iexplore.exe, 00000007.00000002.2299897250.000002788A100000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/spartan/ientp?locale=en-US&market=US&enableregulatorypsm=0&enablecpsm=0&NTLogo=1
Source: WINWORD.EXE, 00000000.00000003.2021185055.00000000027FE000.00000004.00000001.sdmp, WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmp, EBD278FA-94FE-46CF-B8F7-28DCF57A1CF9.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: WINWORD.EXE, 00000000.00000003.1761661956.000000000C733000.00000004.00000001.sdmpString found in binary or memory: https://www.odwebp.svc.msOneDriveClientDownloadSitehttps://onedrive.live.com/about/download/?windows
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: sus22.expl.winDOCX@4/37@2/2
Creates files inside the user directoryShow sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{AFD0BDF5-4CD1-43EA-A490-C261F29542DD} - OProcSessId.datJump to behavior
Reads ini filesShow sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
SQL strings found in memory and binary dataShow sources
Source: WINWORD.EXE, 00000000.00000002.2288771392.000000000C775000.00000004.00000001.sdmpBinary or memory string: INSERT or REPLACE INTO `packages` (`id`, `priority`, `ts`, `tenant`, `version`, `payload`, `Nrecords`, `Nretries`, `inflight`, `attribs`) VALUES (?,?,?,?,?,?,?,?,?,?);
Source: WINWORD.EXE, 00000000.00000002.2288771392.000000000C775000.00000004.00000001.sdmpBinary or memory string: INSERT or REPLACE INTO `packages` (`id`, `priority`, `ts`, `tenant`, `version`, `payload`, `Nrecords`, `Nretries`, `inflight`, `attribs`) VALUES (?,?,?,?,?,?,?,?,?,?);y
Source: WINWORD.EXEBinary or memory string: CREATE TABLE IF NOT EXISTS `packages` (`id` TEXT PRIMARY KEY,`priority` INTEGER,`ts` INTEGER,`tenant` TEXT,`version` INTEGER,`payload` BLOB,`Nrecords` INTEGER,`Nretries` INTEGER,`inflight` INTEGER);
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE' /Automation -Embedding
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3276 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3276 CREDAT:17410 /prefetch:2Jump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Checks if Microsoft Office is installedShow sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OfficeJump to behavior
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX