Windows Analysis Report Corona als Dank.docx

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.26:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.26:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.26:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.236.202.140:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.236.202.140:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.217:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.217:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.230.61.179:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.230.61.179:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.70.188:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.70.188:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.198:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.198:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.130:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.130:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.130:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.84:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.84:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.84:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.4:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.37:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.37:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49851 version: TLS 1.2

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 151.101.0.84 151.101.0.84
Source: Joe Sandbox View	IP Address: 151.101.0.84 151.101.0.84
Source: Joe Sandbox View	IP Address: 151.101.130.217 151.101.130.217

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Downloads files from webservers via HTTP

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.artsenvoorwaarheid.nlConnection: Keep-Alive

Found strings which match to known social media urls

Source: gtm[1].js.6.dr	String found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq||(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq||(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1566517726971189\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=1566517726971189\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n", equals www.facebook.com (Facebook)
Source: fbevents[1].js.6.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage||function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"*");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]||(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)||(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.*\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL||!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func
Source: msapplication.xml0.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0b07e4a2,0x01d76c1d</date><accdate>0x0b07e4a2,0x01d76c1d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x0b07e4a2,0x01d76c1d</date><accdate>0x0b07e4a2,0x01d76c1d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0b07e4a2,0x01d76c1d</date><accdate>0x0b07e4a2,0x01d76c1d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x0b07e4a2,0x01d76c1d</date><accdate>0x0b0f0b93,0x01d76c1d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0b0f0b93,0x01d76c1d</date><accdate>0x0b0f0b93,0x01d76c1d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.5.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x0b0f0b93,0x01d76c1d</date><accdate>0x0b0f0b93,0x01d76c1d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: gtm[1].js.6.dr	String found in binary or memory: function Tq(a,b){}function Uq(a,b,c){};var Vq=!!A.MutationObserver,Wq=void 0,Xq=function(a){if(!Wq){var b=function(){var c=H.body;if(c)if(Vq)(new MutationObserver(function(){for(var e=0;e<Wq.length;e++)J(Wq[e])})).observe(c,{childList:!0,subtree:!0});else{var d=!1;hc(c,"DOMNodeInserted",function(){d||(d=!0,J(function(){d=!1;for(var e=0;e<Wq.length;e++)J(Wq[e])}))})}};Wq=[];H.body?b():J(b)}Wq.push(a)};var Zq=["www.youtube.com","www.youtube-nocookie.com"],$q,ar=!1,br=0; equals www.youtube.com (Youtube)

Performs DNS lookups

Source: unknown

DNS traffic detected: queries for: www.artsenvoorwaarheid.nl

URLs found in memory or binary data

Source: internet-explorer[1].htm.6.dr	String found in binary or memory: http://dev.wix.com/
Source: santa-components.prod[1].js.6.dr	String found in binary or memory: http://feross.org
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://img.youtube.com/vi/CakiQCH5ZY0/mqdefault.jpg
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://img.youtube.com/vi/CakiQCH5ZY0/mqdefault.jpg"
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: http://investors.wix.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: bolt-custom-elements.min[1].js.6.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: bolt-custom-elements.min[1].js.6.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: bolt-custom-elements.min[1].js.6.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: bolt-custom-elements.min[1].js.6.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: minified[1].js.6.dr	String found in binary or memory: http://rock.mit-license.org
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://static.wixstatic.com/media/139571a1212e4d3d8074041626ba3ed6.jpg
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://static.wixstatic.com/media/139571a1212e4d3d8074041626ba3ed6.jpg"
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://static.wixstatic.com/media/bc001baa4397444f809fa5f147c28a9e.jpg
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://static.wixstatic.com/media/bc001baa4397444f809fa5f147c28a9e.jpg"
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://static.wixstatic.com/media/d967ba93f0314c78924edc8a8c8cfa15.jpg
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: http://static.wixstatic.com/media/d967ba93f0314c78924edc8a8c8cfa15.jpg"
Source: lodash.min[1].js.6.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: internet-explorer[1].htm.6.dr, helvetica[1].css.6.dr	String found in binary or memory: http://webfonts.fonts.com
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.WantToKnow.nl
Source: msapplication.xml.5.dr	String found in binary or memory: http://www.amazon.com/
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.artsenvoorwaarheid.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.bluetiger.studio.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.deblijeB.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.deguldenmiddenweg.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.denieuwewereld.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.deoorlogreedsverloren.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.devrijemare.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.eenoorlogreesverloren.nl
Source: msapplication.xml1.5.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.5.dr	String found in binary or memory: http://www.live.com/
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.moederhart.nl
Source: msapplication.xml3.5.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.5.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.5.dr	String found in binary or memory: http://www.twitter.com/
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.vaccinvrij.nl
Source: ~WRS{E3818052-BF02-4A3F-98E6-061521D6460F}.tmp.0.dr	String found in binary or memory: http://www.vrouwenvoorvrijheid.nl
Source: msapplication.xml6.5.dr	String found in binary or memory: http://www.wikipedia.com/
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: http://www.wix.com/blog
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: http://www.wix.com/jobs/main
Source: msapplication.xml7.5.dr	String found in binary or memory: http://www.youtube.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: gtm[1].js.6.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: gtm[1].js.6.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.6.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.cortana.ai
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.office.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.onedrive.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://augloop.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: f[1].txt.6.dr	String found in binary or memory: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://bo.wix.com/suricate/
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://browser.sentry-cdn.com/4.6.2/bundle.min.js
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://browser.sentry-cdn.com/5.21.4/bundle.min.js
Source: wixui.Captcha.chunk[1].js.6.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: wixui.Captcha.chunk[1].js.6.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: gtm[1].js.6.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cdn.entity.
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://config.edge.skype.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cortana.ai
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cortana.ai/api
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://cr.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://de.wix.com/outdated-browser/internet-explorer
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: wixui.Captcha.chunk[1].js.6.dr	String found in binary or memory: https://developers.google.com/maps/faq#languagesupport
Source: wixui.Captcha.chunk[1].js.6.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/language
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://directory.services.
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://es.wix.com/outdated-browser/internet-explorer
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: wixui.Captcha.chunk[1].js.6.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createclass
Source: react.production.min[1].js.6.dr	String found in binary or memory: https://fb.me/react-polyfills
Source: santa-components.prod[1].js.6.dr	String found in binary or memory: https://feross.org/opensource
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/amaticsc/v16/TUZ3zwprpvBS1izr_vOMscGKfLUE.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/amaticsc/v16/TUZyzwprpvBS1izr_vOECOSZ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/anton/v15/1Ptgg87LROyAm3Kz-Ck.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/barlow/v5/7cHpv4kjgoGqM7E_DMs_.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/barlow/v5/7cHqv4kjgoGqM7E3t-4s51oq.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/barlow/v5/7cHrv4kjgoGqM7E_Cfs7wHk.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/barlow/v5/7cHsv4kjgoGqM7E_CfOA5WouvTw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/basic/v10/xfu_0WLxV2_XKTNw6Fc.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/caudex/v10/esDQ311QOP6BJUr4zfKH.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/caudex/v10/esDS311QOP6BJUr4yMKDtbw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/caudex/v10/esDT311QOP6BJUrwdteUkp8F.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/caudex/v10/esDV311QOP6BJUr4yMo4kK8BMpM.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/chelseamarket/v8/BCawqZsHqfr89WNP_IApC8tzKChiJgk.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cinzel/v11/8vIU7ww63mVu7gtR-kwKxNvkNOjw-jHgfY3lCw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cinzel/v11/8vIU7ww63mVu7gtR-kwKxNvkNOjw-tbnfY3lCw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cookie/v12/syky-y18lb0tSbf9kgqU.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/corben/v14/LYjAdGzzklQtCMpFHCZQqnos.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/corben/v14/LYjDdGzzklQtCMpNpwND.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cormorantgaramond/v10/co3WmX5slCNuHLi8bLeY9MK7whWMhyjYrEPzvD-KzhU.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cormorantgaramond/v10/co3YmX5slCNuHLi8bLeY9MK7whWMhyjQEl5fvg-O.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cormorantgaramond/v10/co3ZmX5slCNuHLi8bLeY9MK7whWMhyjYrEtImSw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/cormorantgaramond/v10/co3bmX5slCNuHLi8bLeY9MK7whWMhyjYqXtM.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/damion/v10/hv-XlzJ3KEUe_YZkamww.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/dancingscript/v16/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7B1i03Sup6.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/dancingscript/v16/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3Sup6.woff)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GR1SDk_YAPI.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GR2SDk_YAPIlWk.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GR4SDk_YAPIlWk.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GR5SDk_YAPIlWk.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GR6SDk_YAPIlWk.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GR7SDk_YAPIlWk.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGUmQSNjdsmc35JDF1K5GRxSDk_YAPIlWk.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweD81ZyHKpWiGIg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweDQ1ZyHKpWiGIg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweDU1ZyHKpWiGIg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweDY1ZyHKpWiGIg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweDc1ZyHKpWiGIg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweDg1ZyHKpWiGIg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v12/SlGWmQSNjdsmc35JDF1K5GRweDs1ZyHKpWg.woff2)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v15/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkBI95.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v15/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-DPNkBI95.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v15/SlGFmQSNjdsmc35JDF1K5GRwUjcdlttVFm-rI7dbR799U64.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/ebgaramond/v15/SlGFmQSNjdsmc35JDF1K5GRwUjcdlttVFm-rI7e8QL99U64.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/enriqueta/v10/gokpH6L7AUFrRvV44HVr92-3n9xD.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/enriqueta/v10/goksH6L7AUFrRvV44HVjTEqk.woff)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/enriqueta/v9/gokpH6L7AUFrRvV44HVr92-3kdxFiafDFtAi.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/enriqueta/v9/gokpH6L7AUFrRvV44HVr92-3n9xFiafDFg.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/enriqueta/v9/goksH6L7AUFrRvV44HVjQkqisv5Io53K.woff2)
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/enriqueta/v9/goksH6L7AUFrRvV44HVjTEqisv5Iow.woff2)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/forum/v11/6aey4Ky-Vb8Ew8IROpQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/frederickathegreat/v10/9Bt33CxNwt7aOctW2xjbCstzwVKsIBVV--SjxbE.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/jockeyone/v10/HTxpL2g2KjCFj4x8WI6AnIHxGg.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/josefinslab/v13/lW-qwjwOK3Ps5GSJlNNkMalnrxShJj4wo7AR-pHveD0NKIie.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/josefinslab/v13/lW-qwjwOK3Ps5GSJlNNkMalnrxShJj4wo7AR-pHvnzoNKIie.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/josefinslab/v13/lW-swjwOK3Ps5GSJlNNkMalNpiZe_ldbOR4W71msR349LA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/josefinslab/v13/lW-swjwOK3Ps5GSJlNNkMalNpiZe_ldbOR4W776rR349LA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/jura/v16/z7NOdRfiaC4Vd8hhoPzfb5vBTP1d7ZumR_4.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/jura/v16/z7NOdRfiaC4Vd8hhoPzfb5vBTP266pumR_4.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/kellyslab/v11/-W_7XJX0Rz3cxUnJC5t6fkQLeA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-s.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPHw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwfr.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/librebaskerville/v9/kmKhZrc3Hgbbcjq75U4uslyuy4kn0qNcWxEQCg.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/librebaskerville/v9/kmKiZrc3Hgbbcjq75U4uslyuy4kn0qviTgY3KcY.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/librebaskerville/v9/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxU.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/lobster/v23/neILzCirqoswsqX9zoKmNQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/marckscript/v11/nwpTtK2oNgBA3Or78gapdwuyyCg5.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/monoton/v10/5h1aiZUrOngCibe4TkHLRA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTUPjIg1_i6t8kCHKm459WxZcgvz_PZ2.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTUQjIg1_i6t8kCHKm459WxRyS7g.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD-A.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhzQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/mrdehaviland/v9/OpNVnooIhJj96FdB73296ksbOg3F60U.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/niconne/v10/w8gaH2QvRug1_rTfnQyn3w.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/noticiatext/v10/VuJ2dNDF2Yv9qppOePKYRP12Zjte.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/noticiatext/v10/VuJodNDF2Yv9qppOePKYRP12Ywtan0g.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/noticiatext/v10/VuJpdNDF2Yv9qppOePKYRP1-3R5NuGvW.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/noticiatext/v10/VuJrdNDF2Yv9qppOePKYRP12YwPhulvShDM.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v15/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMQQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensanscondensed/v15/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff1GhDuXMQQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/oswald/v36/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiYw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/overlock/v10/Z9XQDmdMWRiN1_T9Z7Tc0FWJhr6j9w.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/overlock/v10/Z9XSDmdMWRiN1_T9Z7xizfmLtro.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/overlock/v10/Z9XTDmdMWRiN1_T9Z7Tc2O6slQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/overlock/v10/Z9XVDmdMWRiN1_T9Z7TZ6Oo.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/patrickhand/v14/LDI1apSQOAYtSuYWp8ZhfYe8XsLN.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/play/v12/6ae84K2oVqwItm4TCpAy3A.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/play/v12/6aez4K2oVqwIvtU2GQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v22/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_k-UXtHA
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v22/nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXtHA
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v22/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtU.
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v22/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDXbtU.
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlEw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmy15VF9eI.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfedA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrJJLucHtG.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/questrial/v13/QdVUSTchPBm7nuUeVf70viFj.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v19/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4WjMDrMfJg.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v19/1Pt_g8zYS_SKggPNyCgSQamb1W0lwk4S4Y_LDrMfJg.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v19/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVs9pbCIPrc.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v19/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrc.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TzBic6CsI.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1Mu51xIIzQ.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/rozhaone/v8/AlZy_zVFtYP12Zncg2kRcn3_.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/sacramento/v8/buEzpo6gcdjy0EiZMBUG4C0f-w.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/sail/v11/DPEjYwiBxwYJJBPJBw.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/sarina/v11/-F6wfjF3ITQwasLRKUrT.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/signika/v12/vEFO2_JTCgwQ5ejvMV0O96D01E8J0tJXHKbBjMg.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/signika/v12/vEFO2_JTCgwQ5ejvMV0O96D01E8J0tKwG6bBjMg.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/spinnaker/v12/w8gYH2oyX-I0_rvR6HmX23YM.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/suezone/v5/taiJGmd_EZ6rqscQgOFMmo0.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/worksans/v9/QGY9z_wNahGAdqQ43Rh_ebrnlwyYfEPxPoGU3ms5pIfe.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/worksans/v9/QGY9z_wNahGAdqQ43Rh_ebrnlwyYfEPxPoGUOWw5pIfe.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/worksans/v9/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8JoA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/worksans/v9/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K67QBi8JoA.woff)
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://fr.wix.com/outdated-browser/internet-explorer
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://frog.wix.com/bt?src=29&evid=3
Source: bundle.min[1].js0.6.dr, bundle.min[1].js.6.dr	String found in binary or memory: https://github.com/getsentry/sentry-javascript
Source: gtm[1].js.6.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: https://github.com/madrobby/zepto/blob/master/MIT-LICENSE
Source: bolt-main-prod-old[1].js.6.dr	String found in binary or memory: https://github.com/madrobby/zepto/blob/master/src/detect.js#files
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://github.com/wix/yoshi/issues/2689
Source: minified[1].js.6.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: f[1].txt0.6.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1006927621/?random
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://graph.windows.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://graph.windows.net/
Source: gsap.min[1].js.6.dr	String found in binary or memory: https://greensock.com
Source: gsap.min[1].js.6.dr	String found in binary or memory: https://greensock.com/standard-license
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://ja.wix.com/outdated-browser/internet-explorer
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://ko.wix.com/outdated-browser/internet-explorer
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: lodash.min[1].js.6.dr	String found in binary or memory: https://lodash.com/
Source: lodash.min[1].js.6.dr	String found in binary or memory: https://lodash.com/license
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://login.windows.local
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://management.azure.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://management.azure.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://messaging.office.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: lodash.min[1].js0.6.dr, lodash.min[1].js.6.dr	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://officeapps.live.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://onedrive.live.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: lodash.min[1].js.6.dr	String found in binary or memory: https://openjsf.org/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://osi.office.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://outlook.office.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: gtm[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: gtm[1].js.6.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://polyfill.io/v3/polyfill.min.js?features=fetch
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://pt.wix.com/outdated-browser/internet-explorer
Source: insight.min[1].js.6.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: insight.min[1].js.6.dr	String found in binary or memory: https://px.ads.linkedin.com/insight_tag_errors.gif?
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: react.production.min[1].js.6.dr, react-dom.production.min[1].js.6.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: wixui.Captcha.chunk[1].js.6.dr	String found in binary or memory: https://recaptcha.net/recaptcha/api.js
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://ru.wix.com/outdated-browser/internet-explorer
Source: core[1].js.6.dr	String found in binary or memory: https://s.pinimg.com/ct/lib/main.c6ca189a.js
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://settings.outlook.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://siteassets.parastorage.com/pages/pages/thunderbolt?beckyExperiments=specs.thunderbolt.addres
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://siteassets.parastorage.com/pages/singlePage/viewerViewModeJson
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/client/pfavico.ico
Source: imagestore.dat.6.dr	String found in binary or memory: https://static.parastorage.com/client/pfavico.ico~
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/Container_DefaultAreaSkin.0b1317f3.chun
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/FiveGridLine_NotchDashedLine.aad659a0.c
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/SlideShowSlide.ed4bbfec.chunk.min.css
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/VerticalMenu_VerticalMenuSolidColorSkin
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/VideoPlayer.06bb53f1.chunk.min.css
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/bootstrap-components-responsive.4c4fb78
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/componentSdks.53d69c69.bundle.min.js
Source: thunderboltElements.07dab272.bundle.min[1].js.6.dr, HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/editor-elements/dist/thunderboltElements.07dab272.bundle.min
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v11/wixMade
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/santa-resources/resources/viewer/user-site-fonts/v7/helvetic
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/santa/1.1651.0
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/tag-manager-client/1.427.0/siteTags.bundle.min.js
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/web/1.1777.0/javascript/wysiwyg/viewer/deprecatedbrowsers/Up
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-bolt/1.7264.0
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-bolt/1.7264.0/bolt-main/app/bolt-custom-elements.min.js
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-bolt/1.7264.0/bolt-main/app/main-r.min.js
Source: internet-explorer[1].htm.6.dr, HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-perf-measure/1.501.0/wix-perf-measure.bundle.min.js
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/bi-common.inline.126f35b2.bundle.min.js
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/bi.inline.cf9319d3.bundle.min.js
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/bi.inline.cf9319d3.bundle.min.js.map
Source: HOSOIXRG.htm.6.dr, bootstrap-features.53639d1b.bundle.min[1].js.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/bootstrap-features.53639d1b.bundle.min.
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/browser-deprecation.inline.36d57dbc.bun
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/createPlatformWorker.inline.f762923e.bu
Source: custom-elements-polyfill.39b1b49f.chunk.min[1].js.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/custom-elements-polyfill.39b1b49f.chunk
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/externals-registry.inline.d76c0075.bund
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/initCustomElements.inline.b649141a.bund
Source: intersection-observer-polyfill.67fb87dd.chunk.min[1].js.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/intersection-observer-polyfill.67fb87dd
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/main.a9ba068a.bundle.min.js
Source: main.a9ba068a.bundle.min[1].js.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/main.a9ba068a.bundle.min.js.map
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/sendFedopsLoadStarted.inline.5a36bd68.b
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/tslib.inline.909b9ad8.bundle.min.js
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/tslib.inline.909b9ad8.bundle.min.js.map
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/webpack-runtime.2bd38f9a.bundle.min.js.
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/windowMessageRegister.inline.6ff9ddf9.b
Source: wix-resize-observer-polyfill.56f8c1c1.chunk.min[1].js.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-thunderbolt/dist/wix-resize-observer-polyfill.56f8c1c1.c
Source: viewerComponentService.bundle[1].js.6.dr, dataRefs.bundle.min[1].js.6.dr	String found in binary or memory: https://static.parastorage.com/services/wix-ui-santa/1.1606.0/
Source: internet-explorer[1].htm.6.dr, HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/core-js-bundle
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/focus-within-polyfill
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/lodash
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/react
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/react-dom
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/requirejs-bolt
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.parastorage.com/unpkg/whatwg-fetch
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://static.wixstatic.com/media/311dce_77ca1007cf83485da0b7e16ffb9735ac~mv2.png/v1/fill/w_1200
Source: analytics[1].js.6.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://store.office.com/addinstemplate
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://store.officeppe.com/addinstemplate
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: analytics[1].js.6.dr, f[1].txt.6.dr	String found in binary or memory: https://tagassistant.google.com/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://tasks.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://templatelogging.office.com/client/log
Source: fetch.umd[1].js.6.dr	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://users.wix.com/wix-users
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://www.artsenvoorwaarheid.nl
Source: HOSOIXRG.htm.6.dr, ~DFF5CBE78ED25AADD4.TMP.5.dr	String found in binary or memory: https://www.artsenvoorwaarheid.nl/
Source: {33226EEE-D810-11EB-90EB-ECF4BBEA1588}.dat.5.dr	String found in binary or memory: https://www.artsenvoorwaarheid.nl/Root
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://www.artsenvoorwaarheid.nl/informed-consent
Source: {33226EEE-D810-11EB-90EB-ECF4BBEA1588}.dat.5.dr	String found in binary or memory: https://www.artsenvoorwaarheid.nl/waarheid.nl/Root
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm[1].js.6.dr	String found in binary or memory: https://www.google.com
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://www.google.com/intl/en/chrome/
Source: f[2].txt.6.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/642100862/?random
Source: f[3].txt.6.dr	String found in binary or memory: https://www.google.com/pagead/1p-user-list/819384062/?random
Source: gtm[1].js.6.dr	String found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: f[2].txt.6.dr	String found in binary or memory: https://www.google.de/pagead/1p-user-list/642100862/?random
Source: f[3].txt.6.dr	String found in binary or memory: https://www.google.de/pagead/1p-user-list/819384062/?random
Source: gtm[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: f[1].txt.6.dr, gtm[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.6.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/new/
Source: HOSOIXRG.htm.6.dr	String found in binary or memory: https://www.nvkp.nl/fileadmin/nvkp/pdf/NVKP_kinderen_en_Covid-19_met_bronnen.pdf
Source: EEDCAF9D-BC91-4C9F-8B50-94E1F85D3771.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://www.wix.com/favicon.ico
Source: internet-explorer[1].htm.6.dr	String found in binary or memory: https://www.wix.com/outdated-browser/internet-explorer

Uses HTTPS

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.26:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.26:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.1.26:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.102.176.152:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.236.202.140:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.236.202.140:443 -> 192.168.2.4:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.4:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.246.6.109:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.217:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.130.217:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.230.61.179:443 -> 192.168.2.4:49782 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.230.61.179:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.2.188.208:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.70.188:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.17.70.188:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.198:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.198:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.15:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.130:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.130:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.16.130:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.84:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.84:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.0.84:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.4:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.35:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.37:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.174.11.37:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.240.17.35:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.96.106.200:443 -> 192.168.2.4:49851 version: TLS 1.2

System Summary:

Classification label

Source: classification engine

Classification label: clean1.winDOCX@4/142@23/18

Creates files inside the user directory

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word

Jump to behavior

Creates temporary files

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\{4962482A-6076-44B7-ADF3-9C84F113DC88} - OProcSessId.dat

Jump to behavior

Reads ini files

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Spawns processes

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:984 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:984 CREDAT:17410 /prefetch:2			Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Checks if Microsoft Office is installed

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Disables application error messsages (SetErrorMode)

Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior