Loading ...

Play interactive tourEdit tour

Windows Analysis Report http://Conades.org/aut/minusite-6199055

Overview

General Information

Sample URL:http://Conades.org/aut/minusite-6199055
Analysis ID:527978
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Yara detected hidden Macro 4.0 in Excel
Found inlined nop instructions (likely shell or obfuscated code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Tries to load missing DLLs
May sleep (evasive loops) to hinder dynamic analysis
Detected potential crypto function
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4356 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://Conades.org/aut/minusite-6199055 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 2324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1604,8824529351644360635,1512842161302076560,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1604,8824529351644360635,1512842161302076560,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4780 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • unarchiver.exe (PID: 6996 cmdline: C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\minusite-6199055.zip MD5: 1BFD96908AB2C114F24ABAF0CB630007)
      • 7za.exe (PID: 7032 cmdline: C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\smlp2cvx.d4q" "C:\Users\user\Downloads\minusite-6199055.zip MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 7164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 4516 cmdline: cmd.exe" /C "C:\Users\user\AppData\Local\Temp\smlp2cvx.d4q\new-2011054530.xls MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 4508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • EXCEL.EXE (PID: 1400 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /dde MD5: 5D6638F2C8F8571C593999C58866007E)
          • regsvr32.exe (PID: 1352 cmdline: "C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
          • regsvr32.exe (PID: 6168 cmdline: "C:\Windows\System32\regsvr32.exe" C:\Datop\bestb.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
          • regsvr32.exe (PID: 6720 cmdline: "C:\Windows\System32\regsvr32.exe" C:\Datop\bestc.ocx MD5: 426E7499F6A7346F0410DEAD0805586B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\smlp2cvx.d4q\new-2011054530.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x3c8aa:$s1: Excel
  • 0x3d978:$s1: Excel
  • 0x3521:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
C:\Users\user\AppData\Local\Temp\smlp2cvx.d4q\new-2011054530.xlsJoeSecurity_HiddenMacroYara detected hidden Macro 4.0 in ExcelJoe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: "C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx, CommandLine: "C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /dde, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 1400, ProcessCommandLine: "C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx, ProcessId: 1352

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
    Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
    Source: unknownHTTPS traffic detected: 23.35.236.56:443 -> 192.168.2.7:49764 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 108.179.253.213:443 -> 192.168.2.7:49784 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 108.179.253.213:443 -> 192.168.2.7:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.7:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.82.209.183:443 -> 192.168.2.7:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.161.44.139:443 -> 192.168.2.7:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.7:49790 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.7:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.7:49794 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 80.67.82.235:443 -> 192.168.2.7:49795 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.151:443 -> 192.168.2.7:49805 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.7:49811 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.7:49815 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49822 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49829 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49832 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.85:443 -> 192.168.2.7:49835 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49840 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.54.110.249:443 -> 192.168.2.7:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.112.88.60:443 -> 192.168.2.7:49852 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.199.120.182:443 -> 192.168.2.7:49874 version: TLS 1.2

    Software Vulnerabilities:

    barindex
    Document exploit detected (process start blacklist hit)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 4x nop then jmp 02CD09B7h7_2_02CD02A8
    Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 4x nop then jmp 02CD09B6h7_2_02CD02A8
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49676
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 23.35.236.56
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: unknownTCP traffic detected without corresponding DNS query: 20.82.209.183
    Source: angular.js.1.drString found in binary or memory: http://angularjs.org
    Source: data_1.4.dr, 000003.log2.1.dr, History.1.drString found in binary or memory: http://conades.org/aut/contemporary-236025701.zip
    Source: Current Session.1.drString found in binary or memory: http://conades.org/aut/minusite-6199055
    Source: History.1.drString found in binary or memory: http://conades.org/aut/minusite-6199055/0(S
    Source: History Provider Cache.1.drString found in binary or memory: http://conades.org/aut/minusite-61990552
    Source: History Provider Cache.1.drString found in binary or memory: http://conades.org/aut/minusite-61990552:
    Source: History.1.drString found in binary or memory: http://conades.org/aut/minusite-6199055http://conades.org/aut/minusite-6199055application/octet-stre
    Source: angular.js.1.drString found in binary or memory: http://errors.angularjs.org/1.6.4-local
    Source: pnacl_public_x86_64_pnacl_sz_nexe.1.drString found in binary or memory: http://llvm.org/):
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://tools.ietf.org/html/rfc1950
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
    Source: mirroring_hangouts.js.1.drString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.dr, manifest.json1.1.drString found in binary or memory: https://accounts.google.com
    Source: craw_window.js.1.drString found in binary or memory: https://accounts.google.com/MergeSession
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.aadrm.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.aadrm.com/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.cortana.ai
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.diagnostics.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.office.net
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.onedrive.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.dr, manifest.json1.1.drString found in binary or memory: https://apis.google.com
    Source: mirroring_common.js.1.drString found in binary or memory: https://apis.google.com/js/client.js
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://augloop.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://augloop.office.com/v2
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: mirroring_common.js.1.drString found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cdn.entity.
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: pnacl_public_x86_64_libcrt_platform_a.1.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
    Source: pnacl_public_x86_64_libcrt_platform_a.1.drString found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://clients.config.office.net/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.drString found in binary or memory: https://clients2.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients2.google.com/cr/report
    Source: manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.drString found in binary or memory: https://clients2.google.com/service/update2/crx
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.drString found in binary or memory: https://clients2.googleusercontent.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://clients6.google.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: pnacl_public_x86_64_ld_nexe.1.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
    Source: pnacl_public_x86_64_ld_nexe.1.drString found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://config.edge.skype.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: manifest.json1.1.drString found in binary or memory: https://content.googleapis.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cortana.ai
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cortana.ai/api
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://cr.office.com
    Source: common.js.1.dr, mirroring_cast_streaming.js.1.drString found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dev.cortana.ai
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://devnull.onenote.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://directory.services.
    Source: 76b0f4c2-0bb6-4255-a82f-4cc26f73710e.tmp.4.dr, 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.dr, 58a2d35b-15a6-4eb8-b267-71b53b43ab2d.tmp.4.drString found in binary or memory: https://dns.google
    Source: mirroring_common.js.1.drString found in binary or memory: https://docs.google.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: manifest.json1.1.drString found in binary or memory: https://feedback.googleusercontent.com
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.drString found in binary or memory: https://fonts.googleapis.com
    Source: manifest.json1.1.drString found in binary or memory: https://fonts.googleapis.com;
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.drString found in binary or memory: https://fonts.gstatic.com
    Source: manifest.json1.1.drString found in binary or memory: https://fonts.gstatic.com;
    Source: angular.js.1.dr, material_css_min.css.1.drString found in binary or memory: https://github.com/angular/material
    Source: craw_background.js.1.dr, craw_window.js.1.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://graph.ppe.windows.net
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://graph.windows.net
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://graph.windows.net/
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.clients6.google.com
    Source: manifest.json1.1.drString found in binary or memory: https://hangouts.google.com/
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://lifecycle.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://login.microsoftonline.com/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://login.windows.local
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://management.azure.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://management.azure.com/
    Source: mirroring_common.js.1.drString found in binary or memory: https://meet.google.com
    Source: mirroring_hangouts.js.1.drString found in binary or memory: https://meetings.clients6.google.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://messaging.office.com/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://ncus.contentsync.
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: mirroring_common.js.1.drString found in binary or memory: https://networktraversal.googleapis.com/v1alpha
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://officeapps.live.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: 71493052-21d6-4b51-8d0a-ba28f6348003.tmp.4.drString found in binary or memory: https://ogs.google.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://onedrive.live.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://osi.office.net
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://otelrules.azureedge.net
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://outlook.office.com
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://outlook.office.com/
    Source: E4D27F66-2E94-4931-B210-887418C1BE9B.19.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=</