Source: WINWORD.EXE | String found in binary or memory: file:// |
Source: WINWORD.EXE | String found in binary or memory: file:///c: |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/k-25ss9tv61sm78f_35s.rtf |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/k-25ss9tv61sm78f_35s.rtf& |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/k-25ss9tv61sm78f_35s.rtf8 |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/users/sofwilliams/appdata/local/microsoft/office/winword.exe_rules.xml |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/users/sofwilliams/appdata/local/microsoft/office/winword.exe_rules.xml= |
Source: WINWORD.EXE | String found in binary or memory: file:///c:/users/sofwilliams/appdata/local/microsoft/office/winword.exe_rules.xmleta/ |
Source: WINWORD.EXE | String found in binary or memory: ftp:// |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http:// |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/stat/images/onedriveupsell.png |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/xml?resource=onedrivesignupupsell |
Source: WINWORD.EXE | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/xml?resource=onedrivesignupupsellz |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/xml?resource=onedrivesyncclientupsell |
Source: WINWORD.EXE | String found in binary or memory: http://cdn.odc.officeapps.live.com/odc/xml?resource=onedrivesyncclientupsell9n |
Source: WINWORD.EXE | String found in binary or memory: http://cdp1.public-trust.com/crl/omniroot2025.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.comodo.net/utn-userfirst-hardware.crl0q |
Source: WINWORD.EXE | String found in binary or memory: http://crl.comodoca.com/utn-userfirst-hardware.crl06 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.pkioverheid.nl/domorganisatielatestcrl-g2.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crl.pkioverheid.nl/domovlatestcrl.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://crt.comodoca.com/utnaddtrustserverca.crt0$ |
Source: WINWORD.EXE | String found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0 |
Source: WINWORD.EXE | String found in binary or memory: http://fontfabrik.comq |
Source: WINWORD.EXE | String found in binary or memory: http://ns.ad |
Source: WINWORD.EXE | String found in binary or memory: http://ns.adbe. |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.entrust.net03 |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.entrust.net0d |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.msocsp.com0= |
Source: WINWORD.EXE | String found in binary or memory: http://ocsp.msocsp.com0n |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http://odc. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides |
Source: WINWORD.EXE | String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides_g |
Source: WINWORD.EXE | String found in binary or memory: http://p |
Source: WINWORD.EXE | String found in binary or memory: http://schemas.d5 |
Source: WINWORD.EXE | String found in binary or memory: http://w |
Source: WINWORD.EXE | String found in binary or memory: http://w$ |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: http://weather.service.msn.com/data.aspx |
Source: WINWORD.EXE | String found in binary or memory: http://www.ascendercorp.com/ |
Source: WINWORD.EXE | String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlt |
Source: WINWORD.EXE | String found in binary or memory: http://www.bethmardutho.org.p |
Source: WINWORD.EXE | String found in binary or memory: http://www.c-and-g.co.jp |
Source: WINWORD.EXE | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: WINWORD.EXE | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.fontbureau.com |
Source: WINWORD.EXE | String found in binary or memory: http://www.fontbureau.com/designers |
Source: WINWORD.EXE | String found in binary or memory: http://www.fontbureau.com/designers/ |
Source: WINWORD.EXE | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmln |
Source: WINWORD.EXE | String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
Source: WINWORD.EXE | String found in binary or memory: http://www.fonts.com |
Source: WINWORD.EXE | String found in binary or memory: http://www.founder.com.cn/cn |
Source: WINWORD.EXE | String found in binary or memory: http://www.founder.com.cn/cn/ |
Source: WINWORD.EXE | String found in binary or memory: http://www.galapagosdesign.com/ |
Source: WINWORD.EXE | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: WINWORD.EXE | String found in binary or memory: http://www.ibq |
Source: WINWORD.EXE | String found in binary or memory: http://www.ncst.ernet.in/~rkjoshi |
Source: WINWORD.EXE | String found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.public-trust.com/cps/omniroot.html0 |
Source: WINWORD.EXE | String found in binary or memory: http://www.sakkal.com |
Source: WINWORD.EXE | String found in binary or memory: http://www.sandoll.co.kr |
Source: WINWORD.EXE | String found in binary or memory: http://www.tiro.com;copyright |
Source: WINWORD.EXE | String found in binary or memory: http://www.typography.netd |
Source: WINWORD.EXE | String found in binary or memory: http://www.u |
Source: WINWORD.EXE | String found in binary or memory: http://www.urwpp.de |
Source: WINWORD.EXE | String found in binary or memory: http://www.usertrust.com1 |
Source: WINWORD.EXE | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https:// |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://api.aadrm.com/ |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://apis.live.net/v5.0/ |
Source: WINWORD.EXE | String found in binary or memory: https://apis.live.net/v5.0/ne& |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://broadcast. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://contacts. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://directory.services. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://excelcs. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://excelps. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://login. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://login.windows.net/common/oauth2/authorize |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorize61e2d24043c256f1e26330120 |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorize7 |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorizeadalclientidexceb01ca |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorizekshu() |
Source: WINWORD.EXE | String found in binary or memory: https://login.windows.net/common/oauth2/authorizex |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://nexus. |
Source: WINWORD.EXE | String found in binary or memory: https://nexus.officeapps.live.com/nexus/rules2- |
Source: WINWORD.EXE | String found in binary or memory: https://nexus.officeapps.live.comom/config15/5 |
Source: WINWORD.EXE | String found in binary or memory: https://nexusrules.officeapps.live.com/nexus/rules?application=winword.exe&version=15.0.4691.1000&is |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://ocws. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://odc. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://officeapps.live.com |
Source: WINWORD.EXE | String found in binary or memory: https://officeapps.live.compa |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://ols. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/partnerprovisioning.svc/v1/subscriptions |
Source: WINWORD.EXE | String found in binary or memory: https://partnerservices.getmicrosoftkey.com/partnerprovisioning.svc/v1/subscriptionsg |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://pf.directory.live.com/profile/mine/wlx.profiles.ic.json |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://pptcs. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://pptps. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://pptss. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://pptwrs. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://profile. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://roaming. |
Source: WINWORD.EXE | String found in binary or memory: https://secure.comodo.com/cps0 |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://signup. |
Source: config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://ssl.bing.com/dict/?view=officemoe&ulang=zh-cn&tlang=en-us |
Source: WINWORD.EXE | String found in binary or memory: https://ssl.bing.com/dict/?view=officemoe&ulang=zh-cn&tlang=en-us |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://ssl.bing.com/dict/img/bingdict_e2c.png |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://wordcs. |
Source: WINWORD.EXE, config15--lcid=1033&syslcid=1033&uilcid=1033&build=15.0.4693&crev=20.756.dr | String found in binary or memory: https://wordps. |
Source: C:\Windows\System32\cmd.exe | Dropped file: SEt BwZn=cREaTeOBject(RM7H("1E21343D24322767213F2A212E",VW)) |
Source: C:\Windows\System32\cmd.exe | Dropped file: sET RAOx=crEATEobjECT(RM7H("161E2D24043C256F1E26330120",CNlxWn)) |
Source: C:\Windows\System32\cmd.exe | Dropped file: Set OAmVp=RAOx.ENVirOnMeNT(RM7H("33250E20321230","Acw")) |
Source: C:\Windows\System32\cmd.exe | Dropped file: SeT XkSvP=crEatEobJEcT(RM7H("052A113B27301D2F3C6D2A04040B261D18",EPNWwO)) |
Source: C:\Windows\System32\cmd.exe | Dropped file: SeT XkSvP= creatEoBJECt(RM7H("7E1B19375C011523475C22087F3A2E1163",PQMM)) |
Source: C:\Windows\System32\cmd.exe | Dropped file: SEt M5=createObJECt(RM7H("071C091C0476152C343D2735",Y9zz983)) |
Source: C:\Windows\System32\cmd.exe | Dropped file: sET GH7=cREaTEobjEct(RM7H("002431302538253D206D1F3C2029003E302D302103312D263A21", "LSGCYUL")) |
Source: C:\Windows\System32\cmd.exe | Dropped file: sEt AdyAC=GH7.CREaTETextFile(NUa,239-238,3016-3016) |