Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: unknown |
HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.22:49167 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 151.101.129.26:443 -> 192.168.2.22:49169 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49172 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49171 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49173 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49176 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49174 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49175 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 151.101.129.26:443 -> 192.168.2.22:49170 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.22:49178 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.22:49177 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.22:49183 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.231.78.0:443 -> 192.168.2.22:49181 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.231.78.0:443 -> 192.168.2.22:49182 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 151.101.194.217:443 -> 192.168.2.22:49186 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 151.101.194.217:443 -> 192.168.2.22:49187 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.22:49185 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.22:49184 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 185.230.61.163:443 -> 192.168.2.22:49188 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 185.230.61.163:443 -> 192.168.2.22:49189 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.22:49190 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.22:49191 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.22:49192 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.17.71.188:443 -> 192.168.2.22:49193 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.17.71.188:443 -> 192.168.2.22:49194 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49196 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49197 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 142.250.185.198:443 -> 192.168.2.22:49202 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.22:49211 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 142.250.185.198:443 -> 192.168.2.22:49204 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.22:49212 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 216.58.212.162:443 -> 192.168.2.22:49214 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 216.58.212.162:443 -> 192.168.2.22:49215 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 216.58.212.162:443 -> 192.168.2.22:49216 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.22:49227 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.22:49228 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 108.174.11.37:443 -> 192.168.2.22:49218 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 108.174.11.37:443 -> 192.168.2.22:49217 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 142.250.185.194:443 -> 192.168.2.22:49230 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 142.250.185.194:443 -> 192.168.2.22:49229 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.22:49234 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.22:49235 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.22:49238 version: TLS 1.2 |
Source: Joe Sandbox View |
IP Address: 151.101.194.217 151.101.194.217 |
Source: Joe Sandbox View |
IP Address: 52.2.188.208 52.2.188.208 |
Source: Joe Sandbox View |
JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b |
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E195542A-72A2-4470-89E8-B7D87A58E0E0}.tmp |
Jump to behavior |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.artsenvoorwaarheid.nlDNT: 1Connection: Keep-Alive |
Source: gtm[1].js.3.dr |
String found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq||(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq||(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1566517726971189\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=1566517726971189\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n", equals www.facebook.com (Facebook) |
Source: identity[1].js.3.dr |
String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]||(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)||(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.*\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL||!a.Facebook |