Source: WINWORD.EXE | String found in binary or memory: file:///c: |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/2e374756930bee59c371d98ff88572a8.doc |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/2e374756930bee59c371d98ff88572a8.docj-dw |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/2e374756930bee59c371d98ff88572a8.docw-dw |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/users/sofwilliams/appdata/local/microsoft/office/winword.exe_rules.xml |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/users/sofwilliams/appdata/local/microsoft/office/winword.exe_rules.xmlro |
Source: MSOSQM.EXE | String found in binary or memory: file:///c:/windows/performance/winsat/datastore/2011-08-17%2009.00.52.786%20formal.assessment%20(rec |
Source: MSOSQM.EXE | String found in binary or memory: file://c: |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http:// |
Source: bitsadmin.exe | String found in binary or memory: http://93.170.104.98/jbmfkjfre.exe |
Source: cmd.exe | String found in binary or memory: http://93.170.104.98/jbmfkjfre.exe%tmp% |
Source: bitsadmin.exe | String found in binary or memory: http://93.170.104.98/jbmfkjfre.exec: |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/stat/images/onedriveupsell.png |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/xml?resource=onedrivesignupupsell |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/xml?resource=onedrivesyncclientupsell |
Source: WINWORD.EXE | String found in binary or memory: http://cdp1.public-trust.com/crl/omniroot2025.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.comodo.net/utn-userfirst-hardware.crl0q |
Source: WINWORD.EXE | String found in binary or memory: http://crl.comodoca.com/utn-userfirst-hardware.crl06 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.pkioverheid.nl/domorganisatielatestcrl-g2.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.pkioverheid.nl/domovlatestcrl.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.usertrust.com/utn-userfirst-object.crl0) |
Source: WINWORD.EXE | String found in binary or memory: http://crt.comodoca.com/utnaddtrustserverca.crt0$ |
Source: WINWORD.EXE | String found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.entrust.net03 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.entrust.net0d |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.msocsp.com0= |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.msocsp.com0n |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http://odc. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides |
Source: WINWORD.EXE | String found in binary or memory: http://schema |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: http://weather.service.msn.com/data.aspx |
Source: WINWORD.EXE | String found in binary or memory: http://weather.service.msn.com/data.aspx-v2 |
Source: WINWORD.EXE | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: WINWORD.EXE | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.public-trust.com/cps/omniroot.html0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.usertrust.com1 |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https:// |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://api.aadrm.com/ |
Source: WINWORD.EXE | String found in binary or memory: https://api.aadrm.com/vijk |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://apis.live.net/v5.0/ |
Source: WINWORD.EXE | String found in binary or memory: https://apis.live.net/v5.0/neg& |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://broadcast. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://contacts. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://directory.services. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://excelcs. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://excelps. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia |
Source: WINWORD.EXE | String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmediambi_ssl_shortssl. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://login. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://login.windows.net/common/oauth2/authorize |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeg |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorizev |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorizew |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://nexus. |
Source: WINWORD.EXE | String found in binary or memory: https://nexus.officeapps.live.com/nexus/rules?application=winword.exe&version=15.0.4691.1000&isceip= |
Source: WINWORD.EXE | String found in binary or memory: https://nexus.officeapps.live.com; |
Source: WINWORD.EXE | String found in binary or memory: https://nexusrules.officeapps.live.com/nexus/rules?application=winword.exe&version=15.0.4691.1000&is |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://ocws. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://odc. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://officeapps.live.com |
Source: WINWORD.EXE | String found in binary or memory: https://officeapps.live.com5 |
Source: WINWORD.EXE | String found in binary or memory: https://officeapps.live.coma1 |
Source: WINWORD.EXE | String found in binary or memory: https://officeapps.live.comw |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://ols. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/partnerprovisioning.svc/v1/subscriptions |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/wlx.profiles.ic.json |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://pptcs. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://pptps. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://pptss. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://pptwrs. |
Source: 2e374756930bee59c371d98ff88572a8.doc | String found in binary or memory: https://products.office.com/ |
Source: WINWORD.EXE, 2e374756930bee59c371d98ff88572a8.doc | String found in binary or memory: https://products.office.com/yx |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://profile. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://roaming. |
Source: WINWORD.EXE | String found in binary or memory: https://secure.comodo.com/cps0 |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://signup. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://ssl.bing.com/dict/?view=officemoe&ulang=zh-cn&tlang=en-us |
Source: WINWORD.EXE | String found in binary or memory: https://ssl.bing.com/dict/?view=officemoe&ulang=zh-cn&tlang=en-us |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://ssl.bing.com/dict/img/bingdict_e2c.png |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://wordcs. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.3696.dr | String found in binary or memory: https://wordps. |
Source: C:\Windows\System32\cmd.exe | Console Write: ........1#........... ..L."...".E..J........1#......@F.J. ..L."...A.....V..J............L."........w........`.....,..... |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ..........................0.................t8...................................e.w.......w..k.....L.......8........;.. |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ..............0.....B.I.T.S.A.D.M.I.N. .v.e.r.s.i.o.n. .3...0. .[. .7...5...7.6.0.1. .]...........7.X...H....;......8... |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ..........0.........B.I.T.S. .a.d.m.i.n.i.s.t.r.a.t.i.o.n. .u.t.i.l.i.t.y....... .]...........7...7.\...<............-.w |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ....................T.S. .a.d.m.i.n.i.s.t.r.a.t.i.o.n. .u.t.i.l.i.t.y....... .]...........7...7...7.....R............r.. |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ........................d.m.i.n.i.s.t.r.a.t.i.o.n. .u.t.i.l.i.t.y....... .]...........7...7...7.....d................... |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ....................d.m.i.n.i.s.t.r.a.t.i.o.n. .u.t.i.l.i.t.y....... .]...........7...7...7.......7...................|. |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ....................i.n.i.s.t.r.a.t.i.o.n. .u.t.i.l.i.t.y....... .]...........7...7...7.......7......................r.. |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ........................t.r.a.t.i.o.n. .u.t.i.l.i.t.y....... .]...........7...7...7.......7.........p................r.. |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ....................U.n.a.b.l.e. .t.o. .c.o.n.n.e.c.t. .t.o. .B.I.T.S. .-. .0.x.8.0.0.7.0.4.2.2.........P...`.....,..... |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ................................................................Y..w................'..w.q..h......w........`.....,..... |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ................................................................Y..w................'..w.q..h......w..............,..... |
Source: C:\Windows\System32\bitsadmin.exe | Console Write: ................................................................Y..w................'..w.q..h......w........`.....,..... |