Analysis Report COVID-19 Vaccine Locations Booking Sites_April 12 (8eb60eb7-3115-41f6-bcc5-3e70c62319dd).docx

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 143.204.11.124:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.11.124:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.226.169.100:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.226.169.100:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.11.28:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.11.28:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.74.185:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.74.185:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.130:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.130:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.22.246:443 -> 192.168.2.3:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.22.246:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.41.3.217:443 -> 192.168.2.3:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.41.3.217:443 -> 192.168.2.3:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.41.3.217:443 -> 192.168.2.3:49797 version: TLS 1.2

Software Vulnerabilities:

Allocates a big amount of memory (probably used for heap spraying)

Source: winword.exe

Memory has grown: Private usage: 0MB later: 71MB

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.16.19.94 104.16.19.94
Source: Joe Sandbox View	IP Address: 104.16.19.94 104.16.19.94

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c

Found strings which match to known social media urls

Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: <div class="video-container"><iframe allow="encrypted-media" allowfullscreen="" class="video-sizing" frameborder="0" scrolling="no" src="https://www.youtube.com/embed/YrjmP_ueahQ?controls=0"></iframe></div> equals www.youtube.com (Youtube)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: publique d\'Ottawa","phone":"613-422-2900","website":"http://www.facebook.com/centretownpharmacy/","monday":"06:00-18:00","tuesday":"06:00-18:00","wednesday":"06:00-18:00","thursday":"06:00-18:00","friday":"06:00-18:00","saturday":"08:00-16:00","sunday":"08:00-16:00","appointments":"Yes","phone_appointments":"TRUE","walk_ins":"No","age_threshold":"5y"},{"active":"Yes","location_id":"332","pharmacy":"Yes","location_name":"MediOne Rx","operated_by":"Independent","city":"Thornhill","address":"100 Steeles Avenue West","address_fr":"100, rue Steeles Ouest","postal_code":"L4J 7Y1","province":"ON","latitude":"43.7979124","longitude":"-79.425512","phu":"York Region Public Health Services","phu_fr":"Service de sant equals www.facebook.com (Facebook)
Source: base[1].js.11.dr	String found in binary or memory: "html5_qoe_intercept"):this.Yj?(t=t.vss_host||"s.youtube.com",this.Z("www_for_videostats")&&"s.youtube.com"===t&&(t=MD(this.va)||"www.youtube.com")):t="video.google.com";this.Pj=t;ND(this,a,!0);this.L=new UC;g.H(this,this.L);t=b?b.innertubeApiKey:qD("",a.innertube_api_key);r=b?b.innertubeApiVersion:qD("",a.innertube_api_version);p=b?b.innertubeContextClientVersion:qD("",a.innertube_context_client_version);this.Jf={innertubeApiKey:xo("INNERTUBE_API_KEY")||t,innertubeApiVersion:xo("INNERTUBE_API_VERSION")|| equals www.youtube.com (Youtube)
Source: app.min[1].js.11.dr	String found in binary or memory: "use strict";angular.module("onesite.filters",[]).filter("removeInjectedParagraphTag",function(){return function(r){return angular.isString(r)?r.trim().replace(/\r?\n/g,"").replace(/^<(p)[^>]*?>(.+)<\/\1>/im,"$2"):r}}).filter("formatNumber",["numberService",function(r){return r.formatNumber}]).filter("trim",["stringService",function(r){return r.trim}]).filter("slice",["listService",function(r){return r.slice}]).filter("tel",["stringService",function(r){return r.toTel}]).filter("postalCode",["stringService",function(r){return r.toPostalCode}]).filter("pick",["listService",function(r){return r.pick}]).filter("join",["stringService",function(r){return r.join}]).filter("chooseSmall",["numberService",function(r){return r.min}]).filter("localDate",[function(){return function(){return new Date}}]).filter("equals",function(){return angular.equals}).filter("isNumber",function(){return angular.isNumber}).filter("isString",function(){return angular.isString}).filter("isNonEmptyString",function(){return function(r){return angular.isString(r)&&""!==r.trim()}}).filter("socialMedia",function(){var e={facebook:function(r,t){return"//www.facebook.com/sharer.php?u=%2F%2F"+r+"&title="+t},twitter:function(r,t){return"//twitter.com/intent/tweet?url=%2F%2F"+r+"&text="+t}};return function(r,t,n){return e[r](t,n)}}).filter("strToDate",["stringService",function(t){return function(r){return angular.isString(r)?t.strToDate(r.split(" ")[0]):null}}]).filter("onesiteDateFormat",["$filter",function(t){var n={0:"janvier",1:"f equals www.facebook.com (Facebook)
Source: app.min[1].js.11.dr	String found in binary or memory: "use strict";angular.module("onesite.filters",[]).filter("removeInjectedParagraphTag",function(){return function(r){return angular.isString(r)?r.trim().replace(/\r?\n/g,"").replace(/^<(p)[^>]*?>(.+)<\/\1>/im,"$2"):r}}).filter("formatNumber",["numberService",function(r){return r.formatNumber}]).filter("trim",["stringService",function(r){return r.trim}]).filter("slice",["listService",function(r){return r.slice}]).filter("tel",["stringService",function(r){return r.toTel}]).filter("postalCode",["stringService",function(r){return r.toPostalCode}]).filter("pick",["listService",function(r){return r.pick}]).filter("join",["stringService",function(r){return r.join}]).filter("chooseSmall",["numberService",function(r){return r.min}]).filter("localDate",[function(){return function(){return new Date}}]).filter("equals",function(){return angular.equals}).filter("isNumber",function(){return angular.isNumber}).filter("isString",function(){return angular.isString}).filter("isNonEmptyString",function(){return function(r){return angular.isString(r)&&""!==r.trim()}}).filter("socialMedia",function(){var e={facebook:function(r,t){return"//www.facebook.com/sharer.php?u=%2F%2F"+r+"&title="+t},twitter:function(r,t){return"//twitter.com/intent/tweet?url=%2F%2F"+r+"&text="+t}};return function(r,t,n){return e[r](t,n)}}).filter("strToDate",["stringService",function(t){return function(r){return angular.isString(r)?t.strToDate(r.split(" ")[0]):null}}]).filter("onesiteDateFormat",["$filter",function(t){var n={0:"janvier",1:"f equals www.twitter.com (Twitter)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: ' {{time}}",medium:"{{date}}, {{time}}",short:"{{date}}, {{time}}"},defaultWidth:"full"})},formatRelative:function(e,a,t,n){return o[e]},localize:i,match:c,options:{weekStartsOn:0,firstWeekContainsDate:1}};a.a=p},ZS31:function(e,a,t){},"d+rA":function(e,a,t){"use strict";t.d(a,"k",(function(){return M})),t.d(a,"e",(function(){return O})),t.d(a,"o",(function(){return s})),t.d(a,"i",(function(){return i})),t.d(a,"m",(function(){return r})),t.d(a,"h",(function(){return d})),t.d(a,"a",(function(){return c})),t.d(a,"c",(function(){return l})),t.d(a,"d",(function(){return p})),t.d(a,"b",(function(){return u})),t.d(a,"l",(function(){return h})),t.d(a,"j",(function(){return g})),t.d(a,"n",(function(){return S})),t.d(a,"g",(function(){return P})),t.d(a,"f",(function(){return H}));var n=t("q1tI"),o=t.n(n),s={en:{title:"Share Ontario testing locations finder",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fassessment-centre-locations&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Ontario%20COVID-19%20assessment-centre-locations%3A%20https%3A//covid-19.ontario.ca/assessment-centre-locations",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/assessment-centre-locations&title=&summary=&source=",email:"mailto:?subject=Ontario%20COVID-19%20%28testing%29%20locations&body=https%3A//covid-19.ontario.ca/assessment-centre-locations"}},fr:{title:"Partager l'outil du centres de d equals www.facebook.com (Facebook)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: ' {{time}}",medium:"{{date}}, {{time}}",short:"{{date}}, {{time}}"},defaultWidth:"full"})},formatRelative:function(e,a,t,n){return o[e]},localize:i,match:c,options:{weekStartsOn:0,firstWeekContainsDate:1}};a.a=p},ZS31:function(e,a,t){},"d+rA":function(e,a,t){"use strict";t.d(a,"k",(function(){return M})),t.d(a,"e",(function(){return O})),t.d(a,"o",(function(){return s})),t.d(a,"i",(function(){return i})),t.d(a,"m",(function(){return r})),t.d(a,"h",(function(){return d})),t.d(a,"a",(function(){return c})),t.d(a,"c",(function(){return l})),t.d(a,"d",(function(){return p})),t.d(a,"b",(function(){return u})),t.d(a,"l",(function(){return h})),t.d(a,"j",(function(){return g})),t.d(a,"n",(function(){return S})),t.d(a,"g",(function(){return P})),t.d(a,"f",(function(){return H}));var n=t("q1tI"),o=t.n(n),s={en:{title:"Share Ontario testing locations finder",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fassessment-centre-locations&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Ontario%20COVID-19%20assessment-centre-locations%3A%20https%3A//covid-19.ontario.ca/assessment-centre-locations",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/assessment-centre-locations&title=&summary=&source=",email:"mailto:?subject=Ontario%20COVID-19%20%28testing%29%20locations&body=https%3A//covid-19.ontario.ca/assessment-centre-locations"}},fr:{title:"Partager l'outil du centres de d equals www.linkedin.com (Linkedin)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: ' {{time}}",medium:"{{date}}, {{time}}",short:"{{date}}, {{time}}"},defaultWidth:"full"})},formatRelative:function(e,a,t,n){return o[e]},localize:i,match:c,options:{weekStartsOn:0,firstWeekContainsDate:1}};a.a=p},ZS31:function(e,a,t){},"d+rA":function(e,a,t){"use strict";t.d(a,"k",(function(){return M})),t.d(a,"e",(function(){return O})),t.d(a,"o",(function(){return s})),t.d(a,"i",(function(){return i})),t.d(a,"m",(function(){return r})),t.d(a,"h",(function(){return d})),t.d(a,"a",(function(){return c})),t.d(a,"c",(function(){return l})),t.d(a,"d",(function(){return p})),t.d(a,"b",(function(){return u})),t.d(a,"l",(function(){return h})),t.d(a,"j",(function(){return g})),t.d(a,"n",(function(){return S})),t.d(a,"g",(function(){return P})),t.d(a,"f",(function(){return H}));var n=t("q1tI"),o=t.n(n),s={en:{title:"Share Ontario testing locations finder",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fassessment-centre-locations&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Ontario%20COVID-19%20assessment-centre-locations%3A%20https%3A//covid-19.ontario.ca/assessment-centre-locations",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/assessment-centre-locations&title=&summary=&source=",email:"mailto:?subject=Ontario%20COVID-19%20%28testing%29%20locations&body=https%3A//covid-19.ontario.ca/assessment-centre-locations"}},fr:{title:"Partager l'outil du centres de d equals www.twitter.com (Twitter)
Source: base[1].js.11.dr	String found in binary or memory: (g.Lm(b,"www.youtube.com"),c=b.toString()):c=kw(c);b=new wy(c);b.set("cmo=pf","1");d&&b.set("cmo=td","a1.googlevideo.com");return b}; equals www.youtube.com (Youtube)
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: )https://www.youtube.com/embed/cs4qPsP6COA equals www.youtube.com (Youtube)
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: 4https://www.youtube.com/embed/YrjmP_ueahQ?controls=0 equals www.youtube.com (Youtube)
Source: msapplication.xml0.10.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xd2a8dede,0x01d730c7</date><accdate>0xd2a8dede,0x01d730c7</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.10.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xd2a8dede,0x01d730c7</date><accdate>0xd2a8dede,0x01d730c7</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.10.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xd2ab4131,0x01d730c7</date><accdate>0xd2ab4131,0x01d730c7</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.10.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xd2ab4131,0x01d730c7</date><accdate>0xd2ada383,0x01d730c7</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.10.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xd2ada383,0x01d730c7</date><accdate>0xd2ada383,0x01d730c7</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.10.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xd2ada383,0x01d730c7</date><accdate>0xd2ada383,0x01d730c7</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: QN29B4HD.htm.11.dr	String found in binary or memory: <hr aria-hidden="true" class="ontario-thick ontario-margin-bottom-40-!" /><div class="ontario-column ontario-small-12 ontario-medium-7 ontario-large-7 ontario-margin-bottom-48-!"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" class="ontario-margin-bottom-32-!" frameborder="0" height="315" src="https://www.youtube.com/embed/cs4qPsP6COA" style="max-width:560px;" width="100%"></iframe> equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: Mga=function(a,b){if(!a.i["0"]){var c=new fB("0","fakesb",void 0,new bB(0,0,0,void 0,void 0,"auto"),null,null,1);a.i["0"]=b?new nA(new wy("http://www.youtube.com/videoplayback"),c,"fake"):new YA(new wy("http://www.youtube.com/videoplayback"),c,new Vz(0,0),new Vz(0,0),0,NaN)}}; equals www.youtube.com (Youtube)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: Ontario ",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Femplacements-pour-la-vaccination&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Emplacements%20pour%20la%20vaccination%20de%20la%20COVID-19%20de%20l%27Ontario%3A%20https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination&title=&summary=&source=",email:"mailto:?subject=Emplacements%20pour%20la%20vaccination%20de%20la%20COVID-19%20de%20l%27Ontario&body=https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination"}}},c={en:{who_title:"Who can get a vaccine",who_content:"Adults 55 and over in 2021 interested in receiving the AstraZeneca vaccine"},fr:{who_title:"Qui peut se faire vacciner",who_content:"Les adultes equals www.facebook.com (Facebook)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: Ontario ",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Femplacements-pour-la-vaccination&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Emplacements%20pour%20la%20vaccination%20de%20la%20COVID-19%20de%20l%27Ontario%3A%20https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination&title=&summary=&source=",email:"mailto:?subject=Emplacements%20pour%20la%20vaccination%20de%20la%20COVID-19%20de%20l%27Ontario&body=https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination"}}},c={en:{who_title:"Who can get a vaccine",who_content:"Adults 55 and over in 2021 interested in receiving the AstraZeneca vaccine"},fr:{who_title:"Qui peut se faire vacciner",who_content:"Les adultes equals www.linkedin.com (Linkedin)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: Ontario ",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Femplacements-pour-la-vaccination&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Emplacements%20pour%20la%20vaccination%20de%20la%20COVID-19%20de%20l%27Ontario%3A%20https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination&title=&summary=&source=",email:"mailto:?subject=Emplacements%20pour%20la%20vaccination%20de%20la%20COVID-19%20de%20l%27Ontario&body=https%3A//covid-19.ontario.ca/emplacements-pour-la-vaccination"}}},c={en:{who_title:"Who can get a vaccine",who_content:"Adults 55 and over in 2021 interested in receiving the AstraZeneca vaccine"},fr:{who_title:"Qui peut se faire vacciner",who_content:"Les adultes equals www.twitter.com (Twitter)
Source: base[1].js.11.dr	String found in binary or memory: aJ.prototype.replace=function(a,b){a=g.q(a);for(var c=a.next();!c.done;c=a.next())delete this.i[c.value.encryptedTokenJarContents];uka(this,b)};bJ.prototype.gp=function(a){var b,c,d=null===(b=a.responseContext)||void 0===b?void 0:b.locationPlayabilityToken;void 0!==d&&(this.locationPlayabilityToken=d,this.i=void 0,"TVHTML5"===(null===(c=a.responseContext)||void 0===c?void 0:c.clientName)?(this.localStorage=vka(this))&&this.localStorage.set("yt-location-playability-token",d,15552E3):g.po("YT_CL",JSON.stringify({y6:d}),15552E3,void 0,!0))};var eJ;g.v(dJ,Xr);dJ.prototype.Ew=function(a,b){a=Xr.prototype.Ew.call(this,a,b);return Object.assign(Object.assign({},a),this.i)};var Lka=/[&\?]action_proxy=1/,Kka=/[&\?]token=([\w-]*)/,Mka=/[&\?]video_id=([\w-]*)/,Nka=/[&\?]index=([\d-]*)/,Oka=/[&\?]m_pos_ms=([\d-]*)/,Rka=/[&\?]vvt=([\w-]*)/,Fka="ca_type dt el flash u_tz u_his u_h u_w u_ah u_aw u_cd u_nplug u_nmime frm u_java bc bih biw brdim vis wgl".split(" "),Pka="www.youtube-nocookie.com youtube-nocookie.com www.youtube-nocookie.com:443 youtube.googleapis.com www.youtubeedu.com www.youtubeeducation.com video.google.com redirector.gvt1.com".split(" "),Hka={android:"ANDROID", equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: eha,fha);h=this.loaderUrl;var l=void 0===l?!1:l;this.gk=bw(dw(h,gha,null),h,l,"Trusted Ad Domain URL");this.Ea=T(!1,a.privembed);this.protocol=0===this.Fc.indexOf("http:")?"http":"https";this.va=fw((b?b.customBaseYoutubeUrl:a.BASE_YT_URL)||"")||fw(this.Fc)||this.protocol+"://www.youtube.com/";l=b?b.eventLabel:a.el;h="detailpage";"adunit"===l?h=this.l?"embedded":"detailpage":"embedded"===l||this.u?h=oD(h,l,hha):l&&(h="embedded");this.Ca=h;aq();l=null;h=b?b.playerStyle:a.ps;var m=g.gb(uD,h);!h||m&& equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: g.WD=function(a){a=MD(a.va);return"www.youtube-nocookie.com"===a?"www.youtube.com":a}; equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: g.k.clone=function(){var a=new Pm;a.u=this.u;this.i&&(a.i=this.i.clone(),a.l=this.l);return a};var Wm="://secure-...imrworldwide.com/ ://cdn.imrworldwide.com/ ://aksecure.imrworldwide.com/ ://[^.]*.moatads.com ://youtube[0-9]+.moatpixel.com ://pm.adsafeprotected.com/youtube ://pm.test-adsafeprotected.com/youtube ://e[0-9]+.yt.srs.doubleverify.com www.google.com/pagead/xsul www.youtube.com/pagead/slav".split(" "),xda=/\bocr\b/;var yda=/(?:\[|%5B)([a-zA-Z0-9_]+)(?:\]|%5D)/g;var SD={k_:"LIVING_ROOM_APP_MODE_UNSPECIFIED",h_:"LIVING_ROOM_APP_MODE_MAIN",g_:"LIVING_ROOM_APP_MODE_KIDS",i_:"LIVING_ROOM_APP_MODE_MUSIC",j_:"LIVING_ROOM_APP_MODE_UNPLUGGED",f_:"LIVING_ROOM_APP_MODE_GAMING"};Zm.prototype.set=function(a,b){b=void 0===b?!0:b;0<=a&&52>a&&0===a%1&&this.i[a]!=b&&(this.i[a]=b,this.l=-1)}; equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: g.k.getVideoUrl=function(a,b,c,d,e){b={list:b};c&&(e?b.time_continue=c:b.t=c);c=g.XD(this);d&&"www.youtube.com"===c?d="https://youtu.be/"+a:g.GD(this)?(d="https://"+c+"/fire",b.v=a):(d=this.protocol+"://"+c+"/watch",b.v=a,qq&&(a=to())&&(b.ebc=a));return g.Ld(d,b)}; equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: g.mE=function(a){var b=g.XD(a);!a.Z("yt_embeds_disable_new_error_lozenge_url")&&kha.includes(b)&&(b="www.youtube.com");return a.protocol+"://"+b}; equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: g.oM.prototype.l=function(a){var b=this;ooa(this);var c=a.FA,d=this.api.T();"GENERIC_WITHOUT_LINK"!==c||d.I?"TOO_MANY_REQUESTS"===c?(d=this.api.getVideoData(),this.cd(rM(this,"TOO_MANY_REQUESTS_WITH_LINK",d.jn(),void 0,void 0,void 0,!1))):"HTML5_NO_AVAILABLE_FORMATS_FALLBACK"!==c||d.I?this.cd(g.pM(a.errorMessage)):this.cd(rM(this,"HTML5_NO_AVAILABLE_FORMATS_FALLBACK_WITH_LINK_SHORT","//www.youtube.com/supported_browsers")):(a=d.hostLanguage,c="//support.google.com/youtube/?p=player_error1",a&&(c= equals www.youtube.com (Youtube)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: pistage de la COVID-19 de l'Ontario",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fcentres-depistage&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=centres%20de%20d%C3%A9pistage%20de%20la%20COVID-19%20de%20l%27Ontario%3A%20https%3A//covid-19.ontario.ca/centres-depistage",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/centres-depistage&title=&summary=&source=",email:"mailto:?subject=Emplacements%20des%20centres%20de%20d equals www.facebook.com (Facebook)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: pistage de la COVID-19 de l'Ontario",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fcentres-depistage&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=centres%20de%20d%C3%A9pistage%20de%20la%20COVID-19%20de%20l%27Ontario%3A%20https%3A//covid-19.ontario.ca/centres-depistage",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/centres-depistage&title=&summary=&source=",email:"mailto:?subject=Emplacements%20des%20centres%20de%20d equals www.linkedin.com (Linkedin)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: pistage de la COVID-19 de l'Ontario",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fcentres-depistage&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=centres%20de%20d%C3%A9pistage%20de%20la%20COVID-19%20de%20l%27Ontario%3A%20https%3A//covid-19.ontario.ca/centres-depistage",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/centres-depistage&title=&summary=&source=",email:"mailto:?subject=Emplacements%20des%20centres%20de%20d equals www.twitter.com (Twitter)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: s 17 h en semaine"},test:function(e){return function(e){for(var a=n.slice(1,6),t=0;t<a.length;t++){if(e&&e[a[t]])if(i(e[a[t]].toLowerCase(),"17:01"))return!0}return!1}(e)},checked:!1},{id:"openOnWeekends",text:{en:"Open on weekends",fr:"Ouvert la fin de semaine"},test:function(e){return e.saturday||e.sunday},checked:!1}]}],d={en:{title:"Share Ontario vaccine locations finder",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fvaccine-locations&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Ontario%20COVID-19%20vaccine-locations%3A%20https%3A//covid-19.ontario.ca/vaccine-locations",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/vaccine-locations&title=&summary=&source=",email:"mailto:?subject=Ontario%20COVID-19%20pharmacy%20vaccine%20locations&body=https%3A//covid-19.ontario.ca/vaccine-locations"}},fr:{title:"Partagez le localisateur de centres de vaccination de l equals www.facebook.com (Facebook)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: s 17 h en semaine"},test:function(e){return function(e){for(var a=n.slice(1,6),t=0;t<a.length;t++){if(e&&e[a[t]])if(i(e[a[t]].toLowerCase(),"17:01"))return!0}return!1}(e)},checked:!1},{id:"openOnWeekends",text:{en:"Open on weekends",fr:"Ouvert la fin de semaine"},test:function(e){return e.saturday||e.sunday},checked:!1}]}],d={en:{title:"Share Ontario vaccine locations finder",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fvaccine-locations&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Ontario%20COVID-19%20vaccine-locations%3A%20https%3A//covid-19.ontario.ca/vaccine-locations",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/vaccine-locations&title=&summary=&source=",email:"mailto:?subject=Ontario%20COVID-19%20pharmacy%20vaccine%20locations&body=https%3A//covid-19.ontario.ca/vaccine-locations"}},fr:{title:"Partagez le localisateur de centres de vaccination de l equals www.linkedin.com (Linkedin)
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: s 17 h en semaine"},test:function(e){return function(e){for(var a=n.slice(1,6),t=0;t<a.length;t++){if(e&&e[a[t]])if(i(e[a[t]].toLowerCase(),"17:01"))return!0}return!1}(e)},checked:!1},{id:"openOnWeekends",text:{en:"Open on weekends",fr:"Ouvert la fin de semaine"},test:function(e){return e.saturday||e.sunday},checked:!1}]}],d={en:{title:"Share Ontario vaccine locations finder",links:{facebook:"https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcovid-19.ontario.ca%2Fvaccine-locations&amp;src=sdkpreparse",twitter:"https://twitter.com/intent/tweet?text=Ontario%20COVID-19%20vaccine-locations%3A%20https%3A//covid-19.ontario.ca/vaccine-locations",linkedin:"https://www.linkedin.com/shareArticle?mini=true&url=https%3A//covid-19.ontario.ca/vaccine-locations&title=&summary=&source=",email:"mailto:?subject=Ontario%20COVID-19%20pharmacy%20vaccine%20locations&body=https%3A//covid-19.ontario.ca/vaccine-locations"}},fr:{title:"Partagez le localisateur de centres de vaccination de l equals www.twitter.com (Twitter)
Source: component.min[2].js.11.dr	String found in binary or memory: s de la Couronne.</p>",photo:{uri:"//files.ontario.ca/trillium_13.jpg"},displayName:"Gouvernement de l'Ontario",ministry:"Bureau du Conseil des ministres"}};this.$get=function(){return e}}]).provider("defaultContact",[function(){var e={en:{id:"7474",twitter:"https://twitter.com/ongov",youtube:"https://www.youtube.com/ONgov",facebook:"https://www.facebook.com/ONgov"},fr:{id:"8211",twitter:"https://twitter.com/ongouv",youtube:"https://www.youtube.com/ONgov",facebook:"https://www.facebook.com/ONgouv"}};this.$get=function(){return e}}]).provider("defaultTaxonomy",[function(){var e={3:[{language:"fr",field_global_topic:{und:[{value:1}]},name:"Affaires et equals www.facebook.com (Facebook)
Source: component.min[2].js.11.dr	String found in binary or memory: s de la Couronne.</p>",photo:{uri:"//files.ontario.ca/trillium_13.jpg"},displayName:"Gouvernement de l'Ontario",ministry:"Bureau du Conseil des ministres"}};this.$get=function(){return e}}]).provider("defaultContact",[function(){var e={en:{id:"7474",twitter:"https://twitter.com/ongov",youtube:"https://www.youtube.com/ONgov",facebook:"https://www.facebook.com/ONgov"},fr:{id:"8211",twitter:"https://twitter.com/ongouv",youtube:"https://www.youtube.com/ONgov",facebook:"https://www.facebook.com/ONgouv"}};this.$get=function(){return e}}]).provider("defaultTaxonomy",[function(){var e={3:[{language:"fr",field_global_topic:{und:[{value:1}]},name:"Affaires et equals www.twitter.com (Twitter)
Source: component.min[2].js.11.dr	String found in binary or memory: s de la Couronne.</p>",photo:{uri:"//files.ontario.ca/trillium_13.jpg"},displayName:"Gouvernement de l'Ontario",ministry:"Bureau du Conseil des ministres"}};this.$get=function(){return e}}]).provider("defaultContact",[function(){var e={en:{id:"7474",twitter:"https://twitter.com/ongov",youtube:"https://www.youtube.com/ONgov",facebook:"https://www.facebook.com/ONgov"},fr:{id:"8211",twitter:"https://twitter.com/ongouv",youtube:"https://www.youtube.com/ONgov",facebook:"https://www.facebook.com/ONgouv"}};this.$get=function(){return e}}]).provider("defaultTaxonomy",[function(){var e={3:[{language:"fr",field_global_topic:{und:[{value:1}]},name:"Affaires et equals www.youtube.com (Youtube)
Source: base[1].js.11.dr	String found in binary or memory: this.V("highrepfallback");else if(a.i){b=this.l?this.l.l.l:null;if(swa(a)&&b&&b.isLocked())var d="FORMAT_UNAVAILABLE";else if(!this.i.I&&"auth"===a.errorCode&&"429"===a.details.rc){d="TOO_MANY_REQUESTS";var e="6"}this.V("playererror",a.errorCode,d,g.EB(a.details),e)}else d=/^pp/.test(this.videoData.clientPlaybackNonce),iU(this,a.errorCode,a.details),d&&"manifest.net.connect"===a.errorCode&&(a="https://www.youtube.com/generate_204?cpn="+this.videoData.clientPlaybackNonce+"&t="+(0,g.N)(),(new pT(a, equals www.youtube.com (Youtube)

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: clientconfig.passport.net

URLs found in memory or binary data

Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: http://covid-19.ontario.ca/covid19-cms-assets/2020-12/Covid-Vaccine_Meta_EN_V1.jpg
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: http://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-metaimage-covid-vaccination-en-2020-12-24.p
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://covidswab.lh.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://durhamcovidswab.lh.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://gbgh.on.ca/covid-19-novel-coronavirus-updates/
Source: jquery.once.min[1].js.11.dr	String found in binary or memory: http://github.com/robloach/jquery-once
Source: effect-min[1].js.11.dr	String found in binary or memory: http://jqueryui.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://myownpharmacy.ca/guardian/
Source: app.min[1].js.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://news.ontario.ca/newsroom/en
Source: app.min[1].js.11.dr	String found in binary or memory: http://news.ontario.ca/newsroom/fr
Source: clearfix.module[1].css.11.dr	String found in binary or memory: http://nicolasgallagher.com/micro-clearfix-hack
Source: jquery.once.min[1].js.11.dr	String found in binary or memory: http://opensource.org/licenses/GPL-2.0
Source: jquery.once.min[1].js.11.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://tbnplc.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://trilliumhealthpartners.ca/covid-19/A/assessment.html#starthere
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://web.lacgh.napanee.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.GBACHC.ca/COVID-19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.HamiltonCovidTest.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.akwesasne.ca/covid-19-novel-coronavirus-information/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.algomapublichealth.com/disease-and-illness/infectious-diseases/novel-coronavirus/#assessm
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.almontegeneral.com/assessmentcentre
Source: msapplication.xml.10.dr	String found in binary or memory: http://www.amazon.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.assessmentbooking.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.bradysdrugstore.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.bramptonpharmacist.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.chathamfamilypharmacy.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.cornerstonepharmacy.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.covidswab.lh.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.covidtestinglm.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.dalespharmacy.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.drhc.on.ca/dryden-regional-health-centre-opens/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.elfht.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.erincreekpharmacy.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.espanolaregionalhospital.ca/covid-19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.gbfht.ca/cac
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.geraldtondh.com/
Source: msapplication.xml1.10.dr	String found in binary or memory: http://www.google.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.hauserspharmacy.com
Source: phulocator[1].htm.11.dr	String found in binary or memory: http://www.health.gov.on.ca/en/common/default.aspx/disclaimers.html
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.health.gov.on.ca/en/common/system/services/phu/locations.aspx
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: http://www.health.gov.on.ca/en/pro/programs/publichealth/coronavirus/docs/Guidance_for_Prioritizing_
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.health.gov.on.ca/fr/common/system/services/phu/locations.aspx
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.hoganpharmacy.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.hpha.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.hwmh.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.jeancoutu.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.lakeridgehealth.on.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.lakeridgehealth.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.lancasterwellnesspharmacy.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.libertymarketpharmacy.com/
Source: msapplication.xml2.10.dr	String found in binary or memory: http://www.live.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.lwdh.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.maindrugmartcompounding.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.medionerx.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.metrodrugs.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.mhc.on.ca/covid-19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.ndfht.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.ngh.on.ca
Source: msapplication.xml3.10.dr	String found in binary or memory: http://www.nytimes.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.pharmacy101.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.pharmaessence.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.pharmorepharmacy.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.porcupinehu.on.ca/en/your-health/infectious-diseases/novel-coronavirus/covid-assessment-c
Source: msapplication.xml4.10.dr	String found in binary or memory: http://www.reddit.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.rexall.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.rvh.on.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.southstormontpharmacies.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.stevensonhospital.ca/news/index.html?id=265
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.timiskaminghu.com/90484/covid-19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.tmcpharmacy.ca
Source: msapplication.xml5.10.dr	String found in binary or memory: http://www.twitter.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.vanierpharmacy.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.walmart.ca/en/stores-near-me/morningside-scarborough-supercentre-3111
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.whcacovid.com
Source: msapplication.xml6.10.dr	String found in binary or memory: http://www.wikipedia.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: http://www.wrh.on.ca
Source: msapplication.xml7.10.dr	String found in binary or memory: http://www.youtube.com/
Source: base[1].js.11.dr	String found in binary or memory: http://www.youtube.com/videoplayback
Source: base[1].js.11.dr	String found in binary or memory: http://youtube.com/drm/2012/10/10
Source: base[1].js.11.dr	String found in binary or memory: http://youtube.com/streaming/metadata/segment/102015
Source: base[1].js.11.dr	String found in binary or memory: http://youtube.com/streaming/otf/durations/112015
Source: base[1].js.11.dr	String found in binary or memory: http://youtube.com/yt/2012/10/10
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://CovidScreen.lacgh.napanee.on.ca)
Source: base[1].js.11.dr	String found in binary or memory: https://admin.youtube.com
Source: gtm[1].js.11.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: gtm[1].js.11.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.11.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: app.min[1].js.11.dr	String found in binary or memory: https://api.ontario.ca
Source: app.min[1].js.11.dr	String found in binary or memory: https://api.ontario.ca/api/book
Source: app.min[1].js.11.dr	String found in binary or memory: https://api.ontario.ca/es/datatable
Source: app.min[1].js.11.dr	String found in binary or memory: https://api.ontario.ca/es/onesite
Source: app.min[1].js.11.dr	String found in binary or memory: https://api.ontario.ca/es/v2/elasticsearch_index_drupal_onesite_elasticsearch_page_index
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://app.getcorigan.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://assessmentbooking.simplybook.plus/v2/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://atikokanfht.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://barriehealth.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://booking.sbghc.on.ca/
Source: gtm[1].js.11.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/foundation-sites
Source: about-ontario[1].htm.11.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://chancellorswaypharmacy.com/
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontar
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontarRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.cRoot
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/BCOVID-19
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/Root
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/assessment-centre-locations/
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/-19-vaccination-plan#phase-1
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/19-book-vaccine-assets/favicon-32x32.png
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/Root
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THow
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THow/.ca/book-vaccine/Root
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THow/page/about-ontarioonsRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THow/page/government-ontarioRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowalth.gov.on.ca/phulocator/rioRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/book-vaccine/
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/book-vaccine/Root
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/covid-19-vaccines-ontarioRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/ontarios-covid-19-vaccinatm/embed/YrjmP_ueahQ?con
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/rendezvous-vaccin/Root
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/vaccine-locations/Root
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/vaccine-locationsRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowio.ca/vernment-ontarioRoot
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/THowohealth.ca/os-covid-19-vaccinatm/embed/YrjmP_ueahQ?cont
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/book-vaccine/t
Source: imagestore.dat.11.dr	String found in binary or memory: https://covid-19.ontario.ca/c19-book-vaccine-assets/favicon-32x32.png8
Source: book-vaccine[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/c19-book-vaccine-assets/social_image_en.png
Source: rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/c19-book-vaccine-assets/social_image_fr.png
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/centres-depistage/
Source: imagestore.dat.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-ac-assets/favicon-32x32.png?v=95d5a2a6253850552d499cd53df6b4a28
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-data/data-catalogue/8a89caa9-511c-4568-af89-7f2174b4378c.json
Source: populate-front-page-data[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-data/data-catalogue/ed270bb8-340b-41f9-a7c6-e8ef587e6d11.json
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-sat-assets/social_image_en.jpeg
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-test-and-testing-location-information
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-test-and-testing-location-information#centres
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-test-and-testing-location-information#pharmacy
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-vaccine-safety
Source: covid-19-vaccines-ontario[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-vaccines-ontario
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/covid-19-vaccines-ontariotario.ca/themes/custom/ds_theme/favicon.ico
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-covid-alert-2020-12-21.png
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-find-zone-measures-2020-12-
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-physical-distancing-2020-12
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-self-assessment-2020-12-21.
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-stay-home-2020-12-21.png
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-up-to-date-info-2020-12-21.
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-wear-a-mask-2020-12-21.png
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-19-icons-workplace-2020-12-21.png
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-vaccine-page-intro-box-702x532-2020-
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/co-covid-vaccine-page-intro-tall-704x1050-202
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2020-12/vaccine-banner_0.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/covidappbanner_240x182px.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/phone.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/report-price-gouging-during-corona-virus.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/screen-before-you-go.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/tools-assessment-centre.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/tools-check-results.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-02/tools-self-assessment.svg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-03/english_socialmedia_Mar29.png
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-03/getting-covid-vaccine-meta-1920x1080-en.jpg
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covid19-cms-assets/2021-03/ideas-to-combat-corona-virus.svg
Source: covid-19-vaccines-ontario[1].htm.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/covidalert
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/data
Source: rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/emplacements-pour-la-vaccination
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/feedback/assessment-centre-locations
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/commentaires/centres-depistage
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/index.fr.html
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/information-sur-le-depistage-et-les-centres-de-depistage-de-la-covid-
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/le-plan-de-vaccination-de-lontario-contre-la-covid-19
Source: rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/le-plan-de-vaccination-de-lontario-contre-la-covid-19#phase-1
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/recevoir-un-vaccin-contre-la-covid-19
Source: covid-19-vaccines-ontario[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/vaccins-contre-la-covid-19-en-ontario
Source: about-ontario[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/fr/zones-et-restrictions
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/get-covid-19-vaccine
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/getting-covid-19-vaccine-ontario
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/getting-covid-19-vaccine-ontario#phase-1
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/getting-covid-19-vaccine-ontario#phase-2
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/getting-covid-19-vaccine-ontario#phase-3
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/getting-covid-19-vaccine-ontario#task-force
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/index.html
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/ontarios-covid-19-vac
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid-19.ontario.ca/ontarios-covid-19-vacRoot
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/ontarios-covid-19-vaccination-plan
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/ontarios-covid-19-vaccination-plan#phase-1
Source: rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/rendezvous-vaccin/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/rendezvous-vaccin/id-19.ontario.ca/c19-book-vaccine-assets/favicon-32x32
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/rendezvous-vaccin/~
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/self-assessment/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid-19.ontario.ca/self-assessment/.
Source: imagestore.dat.11.dr	String found in binary or memory: https://covid-19.ontario.ca/themes/custom/ds_theme/favicon.ico
Source: imagestore.dat.11.dr	String found in binary or memory: https://covid-19.ontario.ca/themes/custom/ds_theme/favicon.ico~
Source: imagestore.dat.11.dr	String found in binary or memory: https://covid-19.ontario.ca/themes/custom/ds_theme/favicon.ico~&
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/vaccine-locations
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/vaccine-locations/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/vaccine-locationsFCOVID-19
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/vaccine-locationss://covid-19.ontario.ca/vaccine-locations
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/vernment-ontario
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid-19.ontario.ca/vernment-ontariotheme/favicon.ico
Source: about-ontario[1].htm.11.dr, covid-19-vaccines-ontario[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://covid-19.ontario.ca/zones-and-restrictions
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://covid19.ontari
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid19.ontariohealth.ca/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid19.ontariohealth.ca/os-covid-19-vaccination-plan#phase-1
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://covid19.ontariohealth.ca/os-covid-19-vaccination-plan#phase-1d
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid19.smgh.ca:4433/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covid19.smgh.ca:4433/.
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://covid19results.ehealthontario.ca:4443/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covidbooking.sunnybrook.ca/appointment/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covidtestinglm.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://covidtestregistration.grhosp.on.ca/
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://covidvaccine.sunnybrook.ca/covid-vaccine/gp/self-schedule
Source: app.min[1].js.11.dr	String found in binary or memory: https://data.211support.org/api/v1/detail
Source: ed270bb8-340b-41f9-a7c6-e8ef587e6d11[1].json.11.dr, 8a89caa9-511c-4568-af89-7f2174b4378c[1].json.11.dr	String found in binary or memory: https://data.ontario.ca/api/3/action/help_show?name=datastore_search
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://data.ontario.ca/dataset/covid-19-vaccine-data-in-ontario
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://data.ontario.ca/dataset?keywords_en=COVID-19
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: base[1].js.11.dr	String found in binary or memory: https://docs.google.com/get_video_info
Source: onesite-health.min[1].js.11.dr	String found in binary or memory: https://drhd.icon.ehealthontario.ca
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://durhamregion.vertoengage.com/engage/generic-open-clinic?key=5f58a4fe-9e22-4fb8
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://durhamregion.vertoengage.com/engage/generic-open-clinic?key=5f58a4fe-9e22-4fb8-b49a-b8fe1ca0
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://eohu.ca/en/covid-19-novel-coronavirus
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://eohu.ca/en/covid/covid-19-testing-assessment-centres
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://eohu.ca/fr/covid/covid-19-testing-assessment-centres
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://epicapps.toh.ca/mychart/openscheduling
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://epicapps.toh.ca/mychart/openscheduling?lang=canadianenglish
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://eshc.simplybook.me/v2/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://ethp.ca/main/covid19-testing
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://extra-mile-pharmacy-medical-centre.business.site/
Source: about-ontario[1].htm.11.dr	String found in binary or memory: https://files.ontario.ca/banner-icon-alert-xsmall.png
Source: covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://files.ontario.ca/moh-covid-19-vaccines-fact-sheet-en-2021-02-05.pdf
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://forms.office.com/Pages/ResponsePage.aspx?id=S9Av_mSBdEqx7DvOSbCZil70dO3WbMJGjFAvNoHxeT5UQ1ZD
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://gbachc.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://gbfht.ca/cac/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://gbhs.simplybook.me/v2/
Source: modernizr[1].js.11.dr	String found in binary or memory: https://github.com/kriskowal/es5-shim/blob/master/es5-shim.js
Source: moment.min[1].js.11.dr	String found in binary or memory: https://github.com/moment/moment/issues/1779
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://glencadepharmacy.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://hdh.appointlet.com/s/assessment
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://hopitalmontfort.com/en/second-covid-19-care-clinic-opening-ottawa-east-thursday
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://hpepublichealth.ca/covid-19-vaccines/
Source: onesite-health.min[1].js.11.dr	String found in binary or memory: https://hrhd.icon.ehealthontario.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://hybridpharm.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://keeleandfinchpharmasave.medmeapp.ca/schedule
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://kingstonhsc.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://kingstonhsc.ca/patients-families-and-visitors/covid-19-information/community-assessment-cent
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://lambtonpublichealth.ca/2019-novel-coronavirus/testing-criteria/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://loyalist.medmeapp.com/schedule
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://lwha.ca/covidbooking/
Source: onesite-body.min[1].js.11.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js?v=3&key=
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://medpluspharmacy.medmeapp.com/schedule/
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://news.ontario.ca/newsroom/en
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://news.ontario.ca/newsroom/fr
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://news.ontario.ca/search/en?keywords=covid19
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://news.ontario.ca/search/en?keywords=vaccine
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://nhappointmentscheduler.powerappsportals.com/
Source: onesite-health.min[1].js.11.dr	String found in binary or memory: https://nrph.icon.ehealthontario.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://nygh.on.ca/covid-19-updates
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://nygh.on.ca/patients-and-visitors/covid-19-updates/assessment-centres
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://one.halton.ca/vab/s/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://ottawa.ca/en/recreation-and-parks/recreation-facilities/facility-listing/ray-friel-recreatio
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://outlook.office365.com/owa/calendar/COVIDAssessment
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://outlook.office365.com/owa/calendar/HPHA1
Source: gtm[1].js.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: base[1].js.11.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/osd.js
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://pharmasave.com/barrie-marsellus-drive/prescriptions/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://pharmasave.com/store/pharmasave-eagle-manor/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://pharmasave.com/store/pharmasave-huron-street/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://pharmasave.com/store/pharmasave-morrison-pharmacy/
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://portal.healthmyself.net/hrhcovidtest/guest/#/nae/book/type
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://portal.healthmyself.net/tehncovid/guest/#/g5x/book/type
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://psfdh.on.ca/2020/04/03/community-assessment-centre/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://rcvtac.ca/
Source: base[1].js.11.dr	String found in binary or memory: https://redux.js.org/api/store#subscribelistener
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://registration-mom.mychamp.ca/Live/Montfort/Booking/Account/BookRegister
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://s-ca.chkmkt.com/?e=210138&h=71305F7BD7FC4D6&l=en
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://saversdrugmart.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://secure.hsnsudbury.ca/COVID19AppointmentRequest
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://shn.ca/cold-flu-covid19-clinic/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://simpsonspharmacy.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://slmhc.on.ca/about/covid-19-information/covid-19-assessment-centre/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://southlake.ca/
Source: app.min[1].js.11.dr	String found in binary or memory: https://stage.api.ontariogovernment.ca
Source: analytics[1].js.11.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://sunnybrook.ca/content/?page=novel-coronavirus-covid-19-assessment-centre
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: base[1].js.11.dr	String found in binary or memory: https://support.google.com/youtube/?p=missing_quality
Source: base[1].js.11.dr	String found in binary or memory: https://support.google.com/youtube/?p=noaudio
Source: base[1].js.11.dr	String found in binary or memory: https://support.google.com/youtube/?p=report_playback
Source: base[1].js.11.dr	String found in binary or memory: https://support.google.com/youtube/answer/6276924
Source: remote[1].js.11.dr	String found in binary or memory: https://support.google.com/youtube/answer/7640706
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://survey123.arcgis.com/share/4f76dd7a66b6438196b0de3869cf136f
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://surveys.savience.com/s/LACOVIDPUBLIC/
Source: analytics[1].js.11.dr	String found in binary or memory: https://tagassistant.google.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://temiskaming-hospital.com/tem/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://testing.getcorigan.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://trilliumhealthpartners.ca/assessment
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://trilliumhealthpartners.ca/covid-19/A/assessment.html#starthere
Source: component.min[2].js.11.dr	String found in binary or memory: https://twitter.com/ongov
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://uht-public.vertoengage.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://unityhealth.to/assessment-centres/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://v2.waitwhile.com/book/barriecovidtesting
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://vaccineto.ca/sites
Source: base[1].js.11.dr	String found in binary or memory: https://viacon.corp.google.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://wholehealthcooksville.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.Pharmachoice.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.bchsys.org/en/covid-19-online-scheduling.aspx
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.bchu.org/ServicesWeProvide/InfectiousDiseases/Pages/COVID-19-Vaccine-Clinic-Appointments
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.bchu.org/ServicesWeProvide/InfectiousDiseases/Pages/COVID-19-Vaccines.aspx
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.brockvillegeneralhospital.ca/en/patient-care/covid-19-coronavirus.aspx#
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.canada.ca/en/public-health/services/diseases/2019-novel-coronavirus-infection/awareness-
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.canada.ca/en/public-health/services/immunization/national-advisory-committee-on-immuniza
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.cmh.org/patients-visitors/service-resumption-covid-19/covid-19-testing
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.crfht.ca/en/our-clinic/covid-19-updates
Source: drupalSettingsLoader[1].js.11.dr	String found in binary or memory: https://www.drupal.org/node/2815083
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.durhamvaccinebooking.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.dynacare.ca/covidtestingontario.aspx
Source: analytics[1].js.11.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.11.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.11.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm[1].js.11.dr	String found in binary or memory: https://www.google.com
Source: recaptcha__en[1].js.11.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.google.com/maps/search/?api=1&query=
Source: about-ontario[1].htm.11.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?render=explicit
Source: recaptcha__en[1].js.11.dr, api[1].js0.11.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: base[1].js.11.dr	String found in binary or memory: https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2i
Source: gtm[1].js.11.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.11.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: book-vaccine[1].htm.11.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-5G4CS4L
Source: about-ontario[1].htm.11.dr	String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-T7V5LF
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.grhosp.on.ca/
Source: remote[1].js.11.dr	String found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: api[1].js0.11.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/mrdLhN7MywkJAAbzddTIjTaM/recaptcha__en.js
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.guardian-ida-pharmacies.ca/en/ontario/brampton/kennedy-medical-plex-pharmacy-ida-7027581
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.guardian-ida-pharmacies.ca/en/ontario/london/london-medical-plex-pharmacy-7027570
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.guardian-ida-pharmacies.ca/en/ontario/london/medpoint-care-pharmacy-7015702
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.guardian-ida-pharmacies.ca/en/ontario/scarborough/village-square-pharmacy-7005106
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.haliburtoncares.ca/
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.halton.ca/For-Residents/Immunizations-Preventable-Disease/Diseases-Infections/New-Corona
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.halton.ca/For-Residents/New-Coronavirus/COVID-19-Vaccines/COVID-19-Vaccination-Clinics
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.halton.ca/For-Residents/New-Coronavirus/COVID-19-Vaccines/COVID-19-Vaccination-Clinics#l
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.haltonhealthcare.on.ca/covid-19-info/booking-a-test
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.haltonhealthcare.on.ca/covid-19-info/covid-19-testing
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.hamilton.ca/coronavirus/assessment-centres
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.hamilton.ca/coronavirus/covid-19-vaccine-booking
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.hanoverhospital.on.ca/news.php?pgid=121
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.headwatershealth.ca/
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.health.gov.on.ca/en/pro/programs/publichealth/coronavirus/docs/vaccine/COVID-19_Phase_2_
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.hpph.ca/en/news/coronavirus-covid19-update.aspx#Testing-tracing-and-results-for-COVID-19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.hrh.ca/covid-19/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.hsnsudbury.ca/portalen/Patients-and-Visitors/COVID-19/COVID-19-Assessment-Centre
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.josephbranthospital.ca/en/redevelopment-expansion/covid-19-assessment-testing.asp?_mid_=
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.junctionchemist.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.lakeridgehealth.on.ca/en/patientsandvisitors/novel-coronavirus-2019-ncov.asp
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ldhc.com/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.lifelabs.com
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.lifelabs.com/book-an-appointment/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.mackenziehealth.ca/en/about-us/get-the-latest-information-on-covid-19.aspx
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.mahc.ca/en/services/covid19.aspx#
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.mahc.ca/en/services/muskoka-assessment-centre.aspx
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.mattawahealth.ca/News/mattawa-assessment-centre
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.medicineshoppe.ca/en/ontario/caledonia/the-medicine-shoppe-pharmacy-210-7003593
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.medicineshoppe.ca/en/ontario/london/the-medicine-shoppe-pharmacy-190-7016244
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.medicineshoppe.ca/en/ontario/ottawa/the-medicine-shoppe-pharmacy-143-7009763
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.medicineshoppe.ca/en/ontario/ottawa/the-medicine-shoppe-pharmacy-271-7021282
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.medicineshoppe.ca/en/ontario/toronto/the-medicine-shoppe-pharmacy-134-7014226
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.msh.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.msh.on.ca/clinics-departments/covid-19-assessment-centre#registration
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.myhealthunit.ca/en/health-topics/coronavirus.asp
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.myvisit.cmh.org
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.niagarahealth.on.ca/centres
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.niagararegion.ca/health/covid-19/vaccination/appointment-booking.aspx
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.niagararegion.ca/health/covid-19/vaccination/clinic-schedule.aspx
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.nshn.care/covid19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.nwhu.on.ca/covid19/Pages/self-assessment.aspx
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.nygh.on.ca/covid19vaccination
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://www.ontario.ca
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.ontario.ca/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.ontario.ca/.ca/book-vaccine/
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/feedback/contact-us?id=25811&nid=130423
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/form/report-price-gouging-related-covid-19
Source: rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/commentaires/pour-nous-joindre?id=25812&nid=130424
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/page/accessibilite
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/page/conditions-dutilisation
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/page/declaration-concernant-la-protection-de-la-vie-privee
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/page/droits-dauteur-imprimeur-de-la-reine-pour-lontarioc
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/page/gouvernement-de-lontario
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr, rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/fr/page/lontario-en-bref
Source: imagestore.dat.11.dr	String found in binary or memory: https://www.ontario.ca/img/favicon.ico
Source: imagestore.dat.11.dr	String found in binary or memory: https://www.ontario.ca/img/favicon.ico~
Source: imagestore.dat.11.dr	String found in binary or memory: https://www.ontario.ca/img/favicon.ico~&
Source: ~DF7AEF20D2E45A483C.TMP.10.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ontario.ca/page/about-ontario
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.ontario.ca/page/about-ontario4About
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.ontario.ca/page/about-ontarioonst
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ontario.ca/page/accessibility
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/businesses-get-help-covid-19-costs
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ontario.ca/page/copyright-information-c-queens-printer-ontario
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-cases-schools-and-child-care-centres
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-communication-resources#staying-safe
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-communication-resources#vaccine-facts
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-stop-spread
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr, covid-19-vaccines-ontario[1].htm.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-stop-spread#physical-distancing
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-stop-spread#section-0
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-stop-spread#section-6
Source: covid-19-vaccines-ontario[1].htm.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-stop-spread#stay-home
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-stop-spread#wash-hands
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-support-people
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-support-people#section-4
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-support-students-and-parents
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-support-workers
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/covid-19-variants
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/ethical-framework-covid-19-vaccine-distribution
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr, covid-19-vaccines-ontario[1].htm.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/face-coverings-and-face-masks
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ontario.ca/page/government-ontario
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.ontario.ca/page/government-ontarioDGovernment
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.ontario.ca/page/government-ontario~
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ontario.ca/page/privacy-statement
Source: covid-19-vaccines-ontario[1].htm.11.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/resources-prevent-covid-19-workplace
Source: book-vaccine[1].htm.11.dr, ontarios-covid-19-vaccination-plan[1].htm.11.dr, 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ontario.ca/page/terms-use
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/page/vaccines
Source: ontarios-covid-19-vaccination-plan[1].htm.11.dr	String found in binary or memory: https://www.ontario.ca/search/search-results
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://www.ontario.caio.ca/book-vaccine/t
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.osmh.on.ca/covid-19/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ottawapublichealth.ca/en/shared-content/assessment-centres.aspx
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.ottawapublichealth.ca/en/shared-content/assessment-centres.aspx#Click-here-to-learn-more
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.peelregion.ca/coronavirus/vaccine/book-appointment/
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.peelregion.ca/coronavirus/vaccine/book-appointment/#clinics
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.pharmasavebramcity.com
Source: {F74D304A-9CBA-11EB-90E4-ECF4BB862DED}.dat.10.dr	String found in binary or memory: https://www.phdapps.he
Source: ~DF7AEF20D2E45A483C.TMP.10.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://www.phdapps.health.gov.on.ca/phulocator/
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.phdapps.health.gov.on.ca/phulocator/4Public
Source: rendezvous-vaccin[1].htm.11.dr	String found in binary or memory: https://www.phdapps.health.gov.on.ca/phulocator/fr/Default.aspx
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.phdapps.health.gov.on.ca/phulocator/rio
Source: ~DF7AEF20D2E45A483C.TMP.10.dr	String found in binary or memory: https://www.phdapps.health.gov.on.ca/phulocator/riotario.ca/themes/custom/ds_theme/favicon.ico
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.porcupinehu.on.ca/en/your-health/infectious-diseases/novel-coronavirus/covid-assessment-
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.prhc.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.prhc.on.ca/about-us/covid-19-novel-coronavirus/
Source: QN29B4HD.htm.11.dr	String found in binary or memory: https://www.publichealthontario.ca/en/diseases-and-conditions/infectious-diseases/respiratory-diseas
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.qhc.on.ca/covid-19.php
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.regionofwaterloo.ca/en/health-and-wellness/covid-19-vaccination-clinics-in-waterloo-regi
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rexall.ca/storelocator/store/0869/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rexall.ca/storelocator/store/109
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rexall.ca/storelocator/store/3012/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rexall.ca/storelocator/store/6933
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rexall.ca/storelocator/store/95
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rexall.ca/storelocator/store/980
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.riversidehealthcare.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rmh.org/covid-19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rvh.on.ca
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.rvh.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.sbghc.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.shn.ca/covid19-assess/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.simcoemuskokahealth.org/Topics/COVID-19/AssessmentCentresandTesting
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.simcoemuskokahealth.org/Topics/COVID-19/Vaccine-and-Immunization
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.simcoemuskokahealth.org/Topics/COVID-19/Vaccine-and-Immunization#c11dec2d-91db-41b0-bd35
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.sinaihealth.ca/covid19/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.sinaihealth.ca/covid19/covid-19-assessment-centre/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.smgh.ca/covid-19-testing-available-for-k-w-residents-with-symptoms-starting-may-16/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.sschs.ca/general/home.html
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.stegh.on.ca/node/626
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.stjoes.ca/coronavirus/covid-19-test-home
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.tbdhu.com/coronavirus
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.tehn.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.tehn.ca/programs-services/covid-19-assessment-centre
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.thfht.com/wp-content/uploads/2020/05/PRESS-RELEASE-May-25-2020-AC-Final.pdf
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.tillsonburghospital.on.ca/about-tdmh/covid-19/
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.toronto.ca/home/covid-19/
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.toronto.ca/home/covid-19/covid-19-protect-yourself-others/covid-19-vaccines/covid-19-how
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.uhn.ca/Covid19
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.uhn.ca/Covid19#
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.uhn.ca/covid19_vaccine
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.villagesquaremedical.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.waha.ca/covid-19/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.walmart.ca/en/stores-near-me/mississauga-dixie-supercentre-1126
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.walmart.ca/en/stores-near-me/richmond-hill-south-supercentre-1116
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.walmart.ca/en/stores-near-me/richmond-hill-supercentre-3195
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.walmart.ca/en/stores-near-me/woodbridge-supercentre-1081
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.wdgpublichealth.ca/your-health/covid-19-information-public/assessment-centres-wdg
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.wdgpublichealth.ca/your-health/covid-19-information-public/covid-19-vaccine-information/
Source: onesite-live-chat.min[1].js.11.dr	String found in binary or memory: https://www.webchat.ccm2.gov.on.ca/EO_Webchat/iceMessagingWeb/Chat.html?destinationURI=sip:im_990a_s
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.wgh.on.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.whcacovid.com/harriston-assessment-centre
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.whgh.ca/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.williamoslerhs.ca/coronavirus
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.williamoslerhs.ca/patients-and-families/preparing-for-your-visit-or-stay/coronavirus-inf
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.womenscollegehospital.ca/assessmentcentre
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.womenscollegehospital.ca/covid19-tool/
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.wrh.on.ca/COVID19AssessmentCentre
Source: 4178e9cc986fc140f048cd41cab70b6192963e31-551c0acc8f79274f589f[1].js.11.dr	String found in binary or memory: https://www.wrh.on.ca/OnlineBooking
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/covid19vaccinationclinics
Source: ~WRS{2BC4B282-2D2D-481B-89EF-D0F816722558}.tmp.0.dr	String found in binary or memory: https://www.york.ca/wps/portal/yorkhome/health/yr/covid-19/covid19vaccinationclinics/04covid19vaccin
Source: component.min[2].js.11.dr	String found in binary or memory: https://www.youtube.com/ONgov
Source: ~DF7AEF20D2E45A483C.TMP.10.dr, covid-19-vaccines-ontario[1].htm.11.dr	String found in binary or memory: https://www.youtube.com/embed/YrjmP_ueahQ?controls=0
Source: ~DF7AEF20D2E45A483C.TMP.10.dr, QN29B4HD.htm.11.dr	String found in binary or memory: https://www.youtube.com/embed/cs4qPsP6COA
Source: base[1].js.11.dr	String found in binary or memory: https://www.youtube.com/generate_204?cpn=
Source: base[1].js.11.dr	String found in binary or memory: https://youtu.be/
Source: base[1].js.11.dr	String found in binary or memory: https://youtube.com/api/drm/fps?ek=uninitialized
Source: base[1].js.11.dr	String found in binary or memory: https://youtubei.googleapis.com/youtubei/
Source: base[1].js.11.dr	String found in binary or memory: https://yurt.corp.google.com

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 143.204.11.124:443 -> 192.168.2.3:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.11.124:443 -> 192.168.2.3:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.226.169.100:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.226.169.100:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.11.28:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 143.204.11.28:443 -> 192.168.2.3:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.16.19.94:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.74.185:443 -> 192.168.2.3:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.198.74.185:443 -> 192.168.2.3:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.130:443 -> 192.168.2.3:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.58.207.130:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.3:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.3:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.22.246:443 -> 192.168.2.3:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.22.246:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.41.3.217:443 -> 192.168.2.3:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.41.3.217:443 -> 192.168.2.3:49794 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.41.3.217:443 -> 192.168.2.3:49797 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: clean1.winDOCX@4/245@15/9

Creates files inside the user directory

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word

Jump to behavior

Creates temporary files

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\{D63A0268-7FAD-4C24-9B3F-14C3E2894C13} - OProcSessId.dat

Jump to behavior

Reads ini files

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5992 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5992 CREDAT:17410 /prefetch:2			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Document is a ZIP file with path names indicative of goodware

Source: COVID-19 Vaccine Locations Booking Sites_April 12 (8eb60eb7-3115-41f6-bcc5-3e70c62319dd).docx	Initial sample: OLE zip file path = word/_rels/header2.xml.rels
Source: COVID-19 Vaccine Locations Booking Sites_April 12 (8eb60eb7-3115-41f6-bcc5-3e70c62319dd).docx	Initial sample: OLE zip file path = docProps/custom.xml

Checks if Microsoft Office is installed

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior