Analysis Report https://www.evernote.com/shard/s595/sh/b91d9696-d04c-42d9-aac2-403f317dbf26/5c12ac24b795a9cb44df2e7a0e541ee4

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: https://www.evernote.com/shard/s595/sh/b91d9696-d04c-42d9-aac2-403f317dbf26/5c12ac24b795a9cb44df2e7a0e541ee4

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://www.evernote.com/shard/s595/client/snv?noteGuid=b91d9696-d04c-42d9-aac2-403f317dbf26&noteKey=5c12ac24b795a9cb44df2e7a0e541ee4&sn=https%3A%2F%2Fwww.evernote.com%2Fshard%2Fs595%2Fsh%2Fb91d9696-d04c-42d9-aac2-403f317dbf26%2F5c12ac24b795a9cb44df2e7a0e541ee4&title=%252B1630-373-7027%2Bleft%2Byou%2Ba%2Bmissed%2Bcall%2Bfrom%2BMike%2BVan%2BDril

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

Yara detected HtmlPhish_20

Source: Yara match

File source: 78395.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Source: https://office365microsoftlogin.weebly.com/

Matcher: Template: office matched

HTML body contains low number of good links

Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: Number of links: 0
Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: Number of links: 0

Suspicious form URL found

Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: Form action: https://office365microsoftlogin.weebly.com/ajax/apps/formSubmitAjax.php
Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: Form action: https://office365microsoftlogin.weebly.com/ajax/apps/formSubmitAjax.php

META author tag missing

Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: No <meta name="author".. found
Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: No <meta name="author".. found

META copyright tag missing

Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://office365microsoftlogin.weebly.com/	HTTP Parser: No <meta name="copyright".. found

Compliance:

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 35.190.3.250:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.189:443 -> 192.168.2.3:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.29.187:443 -> 192.168.2.3:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.29.187:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.107.63:443 -> 192.168.2.3:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.107.63:443 -> 192.168.2.3:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:50028 version: TLS 1.2

Networking:

Found strings which match to known social media urls

Source: Reporting and NEL.2.dr	String found in binary or memory: coep_reporthttps://www.facebook.com/browser_reporting/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.2.dr	String found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/ equals www.facebook.com (Facebook)
Source: Reporting and NEL.2.dr	String found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/Y equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: https://www.facebook.com/tr/ equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: id=1007410362605534&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app&rl=&if=false&ts=1614044771587&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22meta%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22og%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044770793&coo=false&es=automatic&tm=3&rqm=formPOST equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: id=1007410362605534&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app&rl=&if=false&ts=1614044771587&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22meta%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22og%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044770793&coo=false&es=automatic&tm=3&rqm=formPOST equals www.linkedin.com (Linkedin)
Source: Current Session.1.dr	String found in binary or memory: id=1007410362605534&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app&rl=&if=false&ts=1614044771587&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22meta%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22og%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044770793&coo=false&es=automatic&tm=3&rqm=formPOST equals www.youtube.com (Youtube)
Source: Current Session.1.dr	String found in binary or memory: id=1007410362605534&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper&rl=&if=false&ts=1614044775009&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Web+Clipper+-+Annotate%2C+save+%26+search+screenshots+and+clips+from+the+web%22%2C%22meta%3Adescription%22%3A%22Web+Clipper+lets+you+save+full+webpages+as+you%27re+browsing%2C+add+annotations+%26+search+all+your+web+captures.+Discover+more+ways+to+get+the+most+out+of+Evernote%21%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Annotate%2C+Save+%26+Search+Full+Screen+Captures+%7C+Evernote+Web+Clipper%22%2C%22og%3Adescription%22%3A%22Evernote+Web+Clipper+lets+you+save+full+page+screen+captures%2C+annotate+images%2C+and+search+saved+pages+even+when+you%27re+offline.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044774363&coo=false&es=automatic&tm=3&rqm=formPOST equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: id=1007410362605534&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper&rl=&if=false&ts=1614044775009&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Web+Clipper+-+Annotate%2C+save+%26+search+screenshots+and+clips+from+the+web%22%2C%22meta%3Adescription%22%3A%22Web+Clipper+lets+you+save+full+webpages+as+you%27re+browsing%2C+add+annotations+%26+search+all+your+web+captures.+Discover+more+ways+to+get+the+most+out+of+Evernote%21%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Annotate%2C+Save+%26+Search+Full+Screen+Captures+%7C+Evernote+Web+Clipper%22%2C%22og%3Adescription%22%3A%22Evernote+Web+Clipper+lets+you+save+full+page+screen+captures%2C+annotate+images%2C+and+search+saved+pages+even+when+you%27re+offline.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044774363&coo=false&es=automatic&tm=3&rqm=formPOST equals www.linkedin.com (Linkedin)
Source: Current Session.1.dr	String found in binary or memory: id=1007410362605534&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper&rl=&if=false&ts=1614044775009&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Web+Clipper+-+Annotate%2C+save+%26+search+screenshots+and+clips+from+the+web%22%2C%22meta%3Adescription%22%3A%22Web+Clipper+lets+you+save+full+webpages+as+you%27re+browsing%2C+add+annotations+%26+search+all+your+web+captures.+Discover+more+ways+to+get+the+most+out+of+Evernote%21%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Annotate%2C+Save+%26+Search+Full+Screen+Captures+%7C+Evernote+Web+Clipper%22%2C%22og%3Adescription%22%3A%22Evernote+Web+Clipper+lets+you+save+full+page+screen+captures%2C+annotate+images%2C+and+search+saved+pages+even+when+you%27re+offline.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044774363&coo=false&es=automatic&tm=3&rqm=formPOST equals www.youtube.com (Youtube)
Source: Current Session.1.dr	String found in binary or memory: id=891802871018262&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app&rl=&if=false&ts=1614044772088&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22meta%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22og%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044770793&coo=false&es=automatic&tm=3&rqm=formPOST equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: id=891802871018262&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app&rl=&if=false&ts=1614044772088&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22meta%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22og%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044770793&coo=false&es=automatic&tm=3&rqm=formPOST equals www.linkedin.com (Linkedin)
Source: Current Session.1.dr	String found in binary or memory: id=891802871018262&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app&rl=&if=false&ts=1614044772088&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22meta%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Evernote+Online+Notepad+-+Take+notes+here.+Sync+them+everywhere.%22%2C%22og%3Adescription%22%3A%22With+Evernote%2C+your+notes+sync+across+all+your+devices.+Organize+with+notebooks+and+tags+to+find+everything+you+need+quickly.+Taking+notes+has+never+been+so+easy.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fnotes-app%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044770793&coo=false&es=automatic&tm=3&rqm=formPOST equals www.youtube.com (Youtube)
Source: Current Session.1.dr	String found in binary or memory: id=891802871018262&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper&rl=&if=false&ts=1614044775106&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Web+Clipper+-+Annotate%2C+save+%26+search+screenshots+and+clips+from+the+web%22%2C%22meta%3Adescription%22%3A%22Web+Clipper+lets+you+save+full+webpages+as+you%27re+browsing%2C+add+annotations+%26+search+all+your+web+captures.+Discover+more+ways+to+get+the+most+out+of+Evernote%21%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Annotate%2C+Save+%26+Search+Full+Screen+Captures+%7C+Evernote+Web+Clipper%22%2C%22og%3Adescription%22%3A%22Evernote+Web+Clipper+lets+you+save+full+page+screen+captures%2C+annotate+images%2C+and+search+saved+pages+even+when+you%27re+offline.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044774363&coo=false&es=automatic&tm=3&rqm=formPOST equals www.facebook.com (Facebook)
Source: Current Session.1.dr	String found in binary or memory: id=891802871018262&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper&rl=&if=false&ts=1614044775106&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Web+Clipper+-+Annotate%2C+save+%26+search+screenshots+and+clips+from+the+web%22%2C%22meta%3Adescription%22%3A%22Web+Clipper+lets+you+save+full+webpages+as+you%27re+browsing%2C+add+annotations+%26+search+all+your+web+captures.+Discover+more+ways+to+get+the+most+out+of+Evernote%21%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Annotate%2C+Save+%26+Search+Full+Screen+Captures+%7C+Evernote+Web+Clipper%22%2C%22og%3Adescription%22%3A%22Evernote+Web+Clipper+lets+you+save+full+page+screen+captures%2C+annotate+images%2C+and+search+saved+pages+even+when+you%27re+offline.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044774363&coo=false&es=automatic&tm=3&rqm=formPOST equals www.linkedin.com (Linkedin)
Source: Current Session.1.dr	String found in binary or memory: id=891802871018262&ev=Microdata&dl=https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper&rl=&if=false&ts=1614044775106&cd%5BDataLayer%5D=%5B%5D&cd%5BMeta%5D=%7B%22title%22%3A%22Web+Clipper+-+Annotate%2C+save+%26+search+screenshots+and+clips+from+the+web%22%2C%22meta%3Adescription%22%3A%22Web+Clipper+lets+you+save+full+webpages+as+you%27re+browsing%2C+add+annotations+%26+search+all+your+web+captures.+Discover+more+ways+to+get+the+most+out+of+Evernote%21%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd%5BOpenGraph%5D=%7B%22og%3Atitle%22%3A%22Annotate%2C+Save+%26+Search+Full+Screen+Captures+%7C+Evernote+Web+Clipper%22%2C%22og%3Adescription%22%3A%22Evernote+Web+Clipper+lets+you+save+full+page+screen+captures%2C+annotate+images%2C+and+search+saved+pages+even+when+you%27re+offline.%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fevernote.com%2Ffeatures%2Fwebclipper%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fevernote.com%2Fimg%2Fmeta%2Fevernote-og.png%22%2C%22og%3Asite_name%22%3A%22Evernote%22%7D&cd%5BSchema.org%5D=%5B%5D&cd%5BJSON-LD%5D=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%2C%22logo%22%3A%22https%3A%2F%2Fs24953.pcdn.co%2Fblog%2Fwp-content%2Fuploads%2F2018%2F08%2Fenblog_brandlaunch_2600x1000-1-685x425.png%22%2C%22sameAs%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fevernote%2F%22%2C%22https%3A%2F%2Fmedium.com%2F%40evernote%22%2C%22https%3A%2F%2Fwww.instagram.com%2Fevernote%22%2C%22https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCr_JcNR6slxFcTtDZ8t6F0A%22%2C%22https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fevernote%22%2C%22https%3A%2F%2Ftwitter.com%2Fevernote%22%5D%7D%2C%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22name%22%3A%22Evernote%22%2C%22url%22%3A%22https%3A%2F%2Fevernote.com%2F%22%7D%5D&sw=1280&sh=1024&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1614044732801.446845238&it=1614044774363&coo=false&es=automatic&tm=3&rqm=formPOST equals www.youtube.com (Youtube)

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: www.evernote.com

Urls found in memory or binary data

Source: 000003.log3.1.dr	String found in binary or memory: https://a10732733166.cdn.optimizely.com
Source: 000003.log0.1.dr	String found in binary or memory: https://a10732733166.cdn.optimizely.com/
Source: Current Session.1.dr	String found in binary or memory: https://a10732733166.cdn.optimizely.com/client_storage/a10732733166.html
Source: manifest.json0.1.dr, 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: 74311c0e3e66331c_0.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Source: manifest.json0.1.dr, 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://cdn.optimizely.com/
Source: 252d794805ca6117_0.1.dr	String found in binary or memory: https://cdn.optimizely.com/js/10831113667.js
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://cdn2.editmysite.com/
Source: 1e86b7fa04131db8_0.1.dr, bce11561f2598066_0.1.dr	String found in binary or memory: https://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1613524086&
Source: bce11561f2598066_0.1.dr	String found in binary or memory: https://cdn2.editmysite.com/js/lang/en/stl.js?buildTime=1613524086&aD
Source: dd817c03f5d0eaef_0.1.dr	String found in binary or memory: https://cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1613524086
Source: 43e644de4aa0cd7a_0.1.dr	String found in binary or memory: https://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1613524086
Source: 53b0ff8e7a0fe4ef_0.1.dr	String found in binary or memory: https://cdn2.editmysite.com/js/site/main.js?buildTime=1613524086
Source: 7d025005377e9f42_0.1.dr	String found in binary or memory: https://cdn2.editmysite.com/js/wsnbn/snowday262.js
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 758377246be36174_0.1.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 0975bddc074f57c1_0.1.dr	String found in binary or memory: https://connect.facebook.net/signals/config/1007410362605534?v=2.9.33&r=stable
Source: c7283c7b015094ed_0.1.dr	String found in binary or memory: https://connect.facebook.net/signals/config/891802871018262?v=2.9.33&r=stable
Source: manifest.json0.1.dr	String found in binary or memory: https://content.googleapis.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/
Source: Current Session.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv/
Source: History.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv//
Source: 0b49a560886c1370_0.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv/ce/ce-2285e650ae.js
Source: e7741d47a1883d4f_0.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv/en.9677374f5226e3503d72.js
Source: Favicons.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv/icons-1ec2b385e995168bc5bb4934b116d4a6/favicon.ico
Source: bbd1e9ef85f0ea52_0.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv/main.9b81edb692cbef98e58b.js
Source: 6710c8dd7787f8e8_0.1.dr	String found in binary or memory: https://dashboard.svc.www.evernote.com/app/nv/vendors~main.f4e1a51e4825d39e90a9.js
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/DOM/MutationObserver
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr, 36686bab-9dd7-4fff-9e00-b2773caffb07.tmp.2.dr, 3913faf4-31e7-409e-ad60-a254014fa9e5.tmp.2.dr	String found in binary or memory: https://dns.google
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com
Source: 000003.log0.1.dr, 0975bddc074f57c1_0.1.dr, f2bbe5cea512785e_0.1.dr	String found in binary or memory: https://evernote.com/
Source: d7a1c792f43e596d_0.1.dr	String found in binary or memory: https://evernote.com/#
Source: 151684b7e77589b9_0.1.dr	String found in binary or memory: https://evernote.com/#7
Source: 0975bddc074f57c1_0.1.dr	String found in binary or memory: https://evernote.com/#b
Source: 0975bddc074f57c1_0.1.dr	String found in binary or memory: https://evernote.com/%
Source: e19ab5391128b780_0.1.dr	String found in binary or memory: https://evernote.com/)
Source: 2a4a86ac228dc88a_0.1.dr	String found in binary or memory: https://evernote.com/.Kj
Source: f2bbe5cea512785e_0.1.dr	String found in binary or memory: https://evernote.com/1
Source: 252d794805ca6117_0.1.dr	String found in binary or memory: https://evernote.com/1%
Source: c7283c7b015094ed_0.1.dr	String found in binary or memory: https://evernote.com/1Mz
Source: a443d39d1fae8570_0.1.dr	String found in binary or memory: https://evernote.com/2
Source: 758377246be36174_0.1.dr	String found in binary or memory: https://evernote.com/5s9
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/8Best
Source: 24b02991d02afc49_0.1.dr	String found in binary or memory: https://evernote.com/9
Source: a443d39d1fae8570_0.1.dr	String found in binary or memory: https://evernote.com/=
Source: c7283c7b015094ed_0.1.dr	String found in binary or memory: https://evernote.com/A
Source: 66a3fd6086b5a401_0.1.dr	String found in binary or memory: https://evernote.com/Alp
Source: History.1.dr	String found in binary or memory: https://evernote.com/Best
Source: e19ab5391128b780_0.1.dr	String found in binary or memory: https://evernote.com/C
Source: 66a3fd6086b5a401_0.1.dr	String found in binary or memory: https://evernote.com/I4
Source: 40550c603d6681ec_0.1.dr	String found in binary or memory: https://evernote.com/K
Source: 0975bddc074f57c1_0.1.dr	String found in binary or memory: https://evernote.com/L
Source: 252d794805ca6117_0.1.dr	String found in binary or memory: https://evernote.com/Lp
Source: 0975bddc074f57c1_0.1.dr	String found in binary or memory: https://evernote.com/Mdx
Source: 162fde7c79a881f4_0.1.dr	String found in binary or memory: https://evernote.com/NC
Source: 252d794805ca6117_0.1.dr	String found in binary or memory: https://evernote.com/T
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/U
Source: 2165e2def390e585_0.1.dr	String found in binary or memory: https://evernote.com/Xn_
Source: 7ee77a05eee15d31_0.1.dr	String found in binary or memory: https://evernote.com/Y
Source: 66a3fd6086b5a401_0.1.dr	String found in binary or memory: https://evernote.com/Zg
Source: 252d794805ca6117_0.1.dr	String found in binary or memory: https://evernote.com/c
Source: Favicons.1.dr	String found in binary or memory: https://evernote.com/favicon.ico
Source: Favicons.1.dr	String found in binary or memory: https://evernote.com/favicon.ico:
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/features/notes-app
Source: History.1.dr	String found in binary or memory: https://evernote.com/features/notes-appEvernote
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/features/webclipper
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/features/webclipperH
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/features/webclipperHWeb
Source: History.1.dr	String found in binary or memory: https://evernote.com/features/webclipperWeb
Source: 758377246be36174_0.1.dr	String found in binary or memory: https://evernote.com/hhw
Source: c7283c7b015094ed_0.1.dr	String found in binary or memory: https://evernote.com/j
Source: 38480b16bce1e580_0.1.dr	String found in binary or memory: https://evernote.com/js/features.b2d17c19dcf548705a23.js
Source: 1a8a1b98f4c762b9_0.1.dr	String found in binary or memory: https://evernote.com/js/features2020.ed41e1c0b02db85fa5a1.js
Source: 2165e2def390e585_0.1.dr	String found in binary or memory: https://evernote.com/js/homepage-refresh-2020.cdbb300a0f16d30f0175.js
Source: e3101327c9f33192_0.1.dr	String found in binary or memory: https://evernote.com/js/homepage-refresh-2020.cdbb300a0f16d30f0175.jsaD
Source: 40550c603d6681ec_0.1.dr	String found in binary or memory: https://evernote.com/js/legal-detail.1bc6156146307b06910c.js
Source: 1612b62d01057b63_0.1.dr	String found in binary or memory: https://evernote.com/js/privacy-detail.088ada0b0ef2b31b72f9.js
Source: d77b8fb57306a18b_0.1.dr	String found in binary or memory: https://evernote.com/js/privacy.575937cbb0f6cedfc08c.js
Source: 5998dd32816f7ad2_0.1.dr	String found in binary or memory: https://evernote.com/js/vendors.a9a1fd52267e34ba2d22.js
Source: 597a313d0a21f4f6_0.1.dr	String found in binary or memory: https://evernote.com/js/vendors.a9a1fd52267e34ba2d22.jsaD
Source: 2a4a86ac228dc88a_0.1.dr	String found in binary or memory: https://evernote.com/js/why-evernote.2a21acf402243672707f.js
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/legal/terms-of-service
Source: History.1.dr	String found in binary or memory: https://evernote.com/legal/terms-of-serviceTerms
Source: 24b02991d02afc49_0.1.dr	String found in binary or memory: https://evernote.com/pE
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/privacy/
Source: History.1.dr	String found in binary or memory: https://evernote.com/privacy/Evernote
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/privacy/cookies
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/privacy/cookiesB
Source: History.1.dr	String found in binary or memory: https://evernote.com/privacy/cookiesCookie
Source: 0975bddc074f57c1_0.1.dr	String found in binary or memory: https://evernote.com/q
Source: 7c1dbc8619d19e0a_0.1.dr	String found in binary or memory: https://evernote.com/sI
Source: 758377246be36174_0.1.dr	String found in binary or memory: https://evernote.com/t
Source: Favicons.1.dr	String found in binary or memory: https://evernote.com/tos/
Source: History.1.dr	String found in binary or memory: https://evernote.com/tos/Terms
Source: 758377246be36174_0.1.dr	String found in binary or memory: https://evernote.com/w
Source: Current Session.1.dr	String found in binary or memory: https://evernote.com/why-evernote
Source: History.1.dr	String found in binary or memory: https://evernote.com/why-evernoteFocus
Source: 1612b62d01057b63_0.1.dr	String found in binary or memory: https://evernote.com/z
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_oeu1614044736016r0.2561784427478866$$10831113667$$layer_map
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_oeu1614044736016r0.2561784427478866$$10831113667$$layer_states
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_oeu1614044736016r0.2561784427478866$$10831113667$$session_stateZ
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_oeu1614044736016r0.2561784427478866$$10831113667$$tracker_optimizely
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_oeu1614044736016r0.2561784427478866$$10831113667$$variation_map
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_oeu1614044736016r0.2561784427478866$$10831113667$$visitor_profile
Source: 000003.log3.1.dr	String found in binary or memory: https://evernote.com_pending_events
Source: Current Session.1.dr	String found in binary or memory: https://evernote.comh
Source: manifest.json0.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor-journal.1.dr	String found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 378c026fa472ddf2_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044732740&cv=
Source: 143cf43e21bd5e8c_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044738279&cv=
Source: a11ac5cf9ac5242c_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044743303&cv=
Source: e13ff206ff0ee9a9_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044757728&cv=
Source: 60f06f972295786f_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044762134&cv=
Source: 8ae3279c1c9aa41f_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044766200&cv=
Source: 96ef818923c2e92f_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044770729&cv=
Source: 162fde7c79a881f4_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781428326/?random=1614044774378&cv=
Source: 296f00565bc963a6_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044732738&cv=
Source: 10e6128476bd8058_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044738288&cv=
Source: 77d5e1bac43e0376_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044743311&cv=
Source: f137fb8ca2b4d972_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044757734&cv=
Source: 8b1a08f77aad3420_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044762138&cv=
Source: 2a952e16ed79776b_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044766209&cv=
Source: 14b83777c6a6f772_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044770665&cv=
Source: 978ea4c37094d70e_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975811088/?random=1614044774381&cv=
Source: a5bf1908950f670b_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044732722&cv=
Source: 2faf1108cfa99c5a_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044738283&cv=
Source: f620174c7c4ae271_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044743308&cv=
Source: ba5ddc20b7748c8d_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044757737&cv=
Source: 00473751859ace99_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044762128&cv=
Source: 2a729790c8f1bd0b_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044766206&cv=
Source: ff40512757403033_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044770661&cv=
Source: 151684b7e77589b9_0.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984368495/?random=1614044774370&cv=
Source: manifest.json0.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://hotjar.com
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://identify.hotjar.com
Source: 000003.log3.1.dr	String found in binary or memory: https://logx.optimizely.com/v1/events
Source: 000003.log3.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com
Source: Favicons.1.dr, Network Action Predictor-journal.1.dr, Current Session.1.dr, 000003.log0.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/
Source: Current Session.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/#Office
Source: History.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/Office
Source: Current Session.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/ajax/apps/formSubmitAjax.php
Source: Favicons.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/favicon.ico
Source: Favicons.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/favicon.icoe
Source: 98a4d40d758e6fc1_0.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/files/templateArtifacts.js?1613993205
Source: 46eedc6020a1c54b_0.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/files/theme/custom.js?1556830342
Source: 9bc6f2ebc0217660_0.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/files/theme/plugins.js?1556830342
Source: f5bf27361285931b_0.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com/gdpr/gdprscript.js?buildTime=1613524086&hasRemindMe=true&
Source: 000003.log3.1.dr	String found in binary or memory: https://office365microsoftlogin.weebly.com6_https://office365microsoftlogin.weebly.com
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://play.google.com
Source: 24b02991d02afc49_0.1.dr	String found in binary or memory: https://rules.quantcount.com/rules-p-gapWjDVPppng3.js
Source: manifest.json.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: a99290c87fe5010f_0.1.dr, d7a1c792f43e596d_0.1.dr	String found in binary or memory: https://script.hotjar.com/modules.f56917110d6a0ab1d784.js
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://script.hotjar.com/modules.f56917110d6a0ab1d784.jsaD
Source: cdcc69ea20fbcaa3_0.1.dr	String found in binary or memory: https://secure.quantserve.com/quant.js
Source: cdcc69ea20fbcaa3_0.1.dr	String found in binary or memory: https://secure.quantserve.com/quant.jsaD
Source: 2d3b34dafdfa3a16_0.1.dr	String found in binary or memory: https://ssl.google-analytics.com/ga.js
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: e3101327c9f33192_0.1.dr	String found in binary or memory: https://stage-www.yinxiang.com/?referer=en
Source: 7c1dbc8619d19e0a_0.1.dr	String found in binary or memory: https://static.hotjar.com/c/hotjar-605273.js?sv=6
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://surveystats.hotjar.io/hit
Source: 000003.log0.1.dr	String found in binary or memory: https://vars.hotjar.com/
Source: Current Session.1.dr	String found in binary or memory: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://vc.hotjar.io/sessions
Source: f5bf27361285931b_0.1.dr, 53b0ff8e7a0fe4ef_0.1.dr	String found in binary or memory: https://weebly.com/
Source: 9bc6f2ebc0217660_0.1.dr	String found in binary or memory: https://weebly.com/G
Source: 2d3b34dafdfa3a16_0.1.dr	String found in binary or memory: https://weebly.com/d#
Source: 7d025005377e9f42_0.1.dr	String found in binary or memory: https://weebly.com/f3
Source: 43e644de4aa0cd7a_0.1.dr	String found in binary or memory: https://weebly.com/v
Source: 000003.log3.1.dr	String found in binary or memory: https://www.evernote.com
Source: Current Session.1.dr	String found in binary or memory: https://www.evernote.com/shard/s595/client/snv/ce
Source: History.1.dr, History Provider Cache.1.dr, Favicons-journal.1.dr, Current Session.1.dr	String found in binary or memory: https://www.evernote.com/shard/s595/client/snv?noteGuid=b91d9696-d04c-42d9-aac2-403f317dbf26&noteKey
Source: History-journal.1.dr, Current Session.1.dr	String found in binary or memory: https://www.evernote.com/shard/s595/sh/b91d9696-d04c-42d9-aac2-403f317dbf26/5c12ac24b795a9cb44df2e7a
Source: a443d39d1fae8570_0.1.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 7ee77a05eee15d31_0.1.dr	String found in binary or memory: https://www.google-analytics.com/plugins/ua/ec.js
Source: manifest.json0.1.dr, 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com;
Source: e19ab5391128b780_0.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: e19ab5391128b780_0.1.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.jsaD
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 66a3fd6086b5a401_0.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-MP67N8C
Source: 73892199-4600-4f1b-939e-bc6ab115de00.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: e94c10b920133cab_0.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/pRiAUlKgZOMcFLsfzZTeGtOA/recaptcha__en.js
Source: manifest.json0.1.dr	String found in binary or memory: https://www.gstatic.com;
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjar.com/?utm_source=client&utm_medium=survey&utm_campaign=insights
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjar.com/feedback-polls?utm_source=client&utm_medium=poll&utm_campaign=insights
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjar.com/incoming-feedback?utm_source=client&utm_medium=incoming_feedback&utm_campaign
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/de.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/el.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/es.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/fi.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/fr.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/it.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/nl.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/pl.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/pt.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/pt_br.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/ru.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/sq.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/sv.html
Source: a99290c87fe5010f_0.1.dr	String found in binary or memory: https://www.hotjarconsent.com/zh.html
Source: e3101327c9f33192_0.1.dr	String found in binary or memory: https://www.yinxiang.com/?referer=en
Source: Favicons.1.dr, History.1.dr, Network Action Predictor-journal.1.dr, Current Session.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/
Source: History.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/Your
Source: Favicons.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/favicon.ico
Source: Favicons.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/favicon.ico$
Source: ef6c920662221cc8_0.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/javascript/hashslider.js
Source: 7d236927cf3d6c7f_0.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/javascript/jquery-1.7.1.min.js
Source: 3a6866528061df31_0.1.dr	String found in binary or memory: https://www.youronlinechoices.eu/wp-content/plugins/optout/js/optout_testpage.js
Source: ef6c920662221cc8_0.1.dr	String found in binary or memory: https://youronlinechoices.eu/
Source: 7d236927cf3d6c7f_0.1.dr	String found in binary or memory: https://youronlinechoices.eu/D

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 35.190.3.250:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.46:443 -> 192.168.2.3:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 199.34.228.53:443 -> 192.168.2.3:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.189:443 -> 192.168.2.3:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.29.187:443 -> 192.168.2.3:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.29.187:443 -> 192.168.2.3:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.107.63:443 -> 192.168.2.3:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.158.107.63:443 -> 192.168.2.3:49911 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:49967 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49968 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:49984 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.244.42.3:443 -> 192.168.2.3:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.169.132.251:443 -> 192.168.2.3:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.134:443 -> 192.168.2.3:50028 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: mal68.phis.win@45/254@27/24

Creates files inside the program directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Creates files inside the user directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60345E20-1624.pma

Jump to behavior

Creates temporary files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\e4a38fdb-ac26-47cd-9873-b8b8549f5cbb.tmp

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://www.evernote.com/shard/s595/sh/b91d9696-d04c-42d9-aac2-403f317dbf26/5c12ac24b795a9cb44df2e7a0e541ee4'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,16948765496604090743,7477657816965738739,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,16948765496604090743,7477657816965738739,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Found GUI installer (many successful clicks)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: agree
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Confirm

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Creates a directory in C:\Program Files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior