Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1

Overview

General Information

Sample URL:https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1
Analysis ID:452723
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
Found iframes
HTML body contains low number of good links
HTML title does not match URL
Submit button contains javascript call
Suspicious form URL found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3500 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 4588 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6532 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=4612 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 3708 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=3848 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 60060.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=Matcher: Found strong image similarity, brand: Microsoft image: 60060.img.1.gfk.csv EF884BDEDEF280DF97A4C5604058D8DB
Phishing site detected (based on logo template match)Show sources
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=Matcher: Template: microsoft matched
Source: https://www.paperturn.com/flipbookHTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: https://www.paperturn.com/flipbookHTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: https://www.paperturn.com/flipbookHTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: https://www.paperturn.com/flipbookHTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: https://www.paperturn.com/loginHTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: https://www.paperturn.com/loginHTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: Number of links: 0
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: Number of links: 0
Source: https://www.paperturn.com/flipbookHTTP Parser: Title: Flipbook: 10 reasons to convert your PDF into a flipbook does not match URL
Source: https://www.paperturn.com/flipbookHTTP Parser: Title: Flipbook: 10 reasons to convert your PDF into a flipbook does not match URL
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://www.paperturn.com/flipbookHTTP Parser: Title: Flipbook: 10 reasons to convert your PDF into a flipbook does not match URL
Source: https://www.paperturn.com/flipbookHTTP Parser: Title: Flipbook: 10 reasons to convert your PDF into a flipbook does not match URL
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: Form action: securepassword.php?4K5CL816269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: Form action: securepassword.php?4K5CL816269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="author".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="author".. found
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: No <meta name="author".. found
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: No <meta name="author".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="author".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="author".. found
Source: https://www.paperturn.com/loginHTTP Parser: No <meta name="author".. found
Source: https://www.paperturn.com/loginHTTP Parser: No <meta name="author".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="copyright".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="copyright".. found
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: No <meta name="copyright".. found
Source: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc8510bcc1ac9819c9793d16548a8c40cc851&email=&error=HTTP Parser: No <meta name="copyright".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="copyright".. found
Source: https://www.paperturn.com/flipbookHTTP Parser: No <meta name="copyright".. found
Source: https://www.paperturn.com/loginHTTP Parser: No <meta name="copyright".. found
Source: https://www.paperturn.com/loginHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.225.123:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.225.93:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.106.139:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49841 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.106.139:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknownHTTPS traffic detected: 144.91.89.225:443 -> 192.168.2.5:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 144.91.89.225:443 -> 192.168.2.5:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:49871 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.204.90:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:50029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: 000003.log4.0.drString found in binary or memory: -_https://www.youtube.com equals www.youtube.com (Youtube)
Source: 000003.log4.0.drString found in binary or memory: ._https://www.youtube.com equals www.youtube.com (Youtube)
Source: 000003.log4.0.drString found in binary or memory: 0_https://www.youtube.com equals www.youtube.com (Youtube)
Source: 000003.log4.0.drString found in binary or memory: 5_https://www.youtube.com equals www.youtube.com (Youtube)
Source: 000003.log0.0.drString found in binary or memory: Gnamespace-79d3313a_90a9_4eca_bc4a_615fe95f4398-https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: 000003.log4.0.drString found in binary or memory: META:https://www.youtube.com equals www.youtube.com (Youtube)
Source: 75c880fe196c95da_0.0.drString found in binary or memory: T2_keyhttps://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: Current Session.0.drString found in binary or memory: X(https://www.facebook.com/tr/ [id ev ] #0 equals www.facebook.com (Facebook)
Source: 000003.log4.0.drString found in binary or memory: _https://www.youtube.com equals www.youtube.com (Youtube)
Source: d2b8a8d9a2d95859_0.0.drString found in binary or memory: _keyhttps://www.youtube.com/s/player/3804dce2/fetch-polyfill.vflset/fetch-polyfill.js equals www.youtube.com (Youtube)
Source: 95fee99bab72dc0f_0.0.drString found in binary or memory: _keyhttps://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/base.js equals www.youtube.com (Youtube)
Source: 75c880fe196c95da_0.0.drString found in binary or memory: _keyhttps://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/embed.js equals www.youtube.com (Youtube)
Source: 3ee3277df70d5d32_0.0.drString found in binary or memory: _keyhttps://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/remote.js equals www.youtube.com (Youtube)
Source: 4a93ae2abbf51303_0.0.drString found in binary or memory: _keyhttps://www.youtube.com/s/player/3804dce2/www-embed-player.vflset/www-embed-player.js equals www.youtube.com (Youtube)
Source: Reporting and NEL.1.drString found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/ equals www.facebook.com (Facebook)
Source: Current Session.0.drString found in binary or memory: f/https://www.youtube.com/embed/q0nkrcMDCmc?rel=0 equals www.youtube.com (Youtube)
Source: Current Session.0.drString found in binary or memory: https://www.facebook.com/tr/ equals www.facebook.com (Facebook)
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071232260245","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071232279667","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071232549869","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13274071232549872","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://r2---sn-h0jeener.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071232987782","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.googletagmanager.com","supports_spdy":true},{"isolation":[],"server":"https://d3euuwqpqlzvic.cloudfront.net","supports_spdy":true},{"isolation":[],"server":"https://assets.paperturn-view.com","supports_spdy":true},{"isolation":[],"server":"https://translations.paperturn.com","supports_spdy":true},{"isolation":[],"server":"https://www.paperturn-view.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071235537569","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://assets.calendly.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071239711465","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":69227},"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://use.fontawesome.com","supports_spdy":true},{"isolation":[],"server":"https://consentcdn.cookiebot.com","supports_spdy":true},{"isolation":[],"server":"https://acsbapp.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071271542770","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.google-analytics.com","supports_spdy":true},{"isolation":[],"server":"https://connect.facebook.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071272739807","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://stats.g.doubleclick.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274071274233590","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://www.google.com","supports_spdy":tr
Source: Current Session.0.drString found in binary or memory: {"og:site_name":"Paperturn","og:url":"https://www.paperturn.com/online-pdf-flip-book-features","og:title":"15 interactive features to supercharge your flipbooks","og:image":"https://images.paperturn.com/g/share-paperturn-en.jpg","og:image:width":"1176","og:image:height":"630","og:type":"website","og:description":"Unlike a normal PDF your online brochure can be easily shared on Facebook and be more dynamic using YouTube videos.\nAlso it can be inserted in your email signature and you can even integrate it with Google analytics and see advanced statistics."} equals www.facebook.com (Facebook)
Source: Current Session.0.drString found in binary or memory: {"og:site_name":"Paperturn","og:url":"https://www.paperturn.com/online-pdf-flip-book-features","og:title":"15 interactive features to supercharge your flipbooks","og:image":"https://images.paperturn.com/g/share-paperturn-en.jpg","og:image:width":"1176","og:image:height":"630","og:type":"website","og:description":"Unlike a normal PDF your online brochure can be easily shared on Facebook and be more dynamic using YouTube videos.\nAlso it can be inserted in your email signature and you can even integrate it with Google analytics and see advanced statistics."} equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: EDC238BFF48A31D55A97E1E93892934B_33E8F98A524575FDD27708D6D61F97ED.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: Current Session.0.drString found in binary or memory: http://schema.org/AggregateRating
Source: Current Session.0.drString found in binary or memory: http://schema.org/WebPage
Source: Reporting and NEL.1.drString found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=o1Y%2BBXwLiarvZW4%2FqS8c07Jm73mY8vPzze7jVSiGCG93tDB3p4BX3mR
Source: manifest.json0.0.dr, 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://acsbapp.com
Source: 8140b5c475fbdf1c_0.0.drString found in binary or memory: https://acsbapp.com/apps/app/dist/js/app.js
Source: manifest.json0.0.dr, 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://apis.google.com
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://assets.calendly.com
Source: c693e56ec7dc32cf_0.0.drString found in binary or memory: https://assets.calendly.com/assets/external/widget.js
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://assets.paperturn-view.com
Source: 78ec281d449072c9_0.0.drString found in binary or memory: https://assets.paperturn-view.com/12.dc063ac5.js
Source: 878756e158c08974_0.0.drString found in binary or memory: https://assets.paperturn-view.com/12.dc063ac5.jsa
Source: 878756e158c08974_0.0.drString found in binary or memory: https://assets.paperturn-view.com/12.dc063ac5.jsaD
Source: f5e415729b027894_0.0.drString found in binary or memory: https://assets.paperturn-view.com/13.9cb813a3.js
Source: c7dbfff3f5d11b28_0.0.drString found in binary or memory: https://assets.paperturn-view.com/6.f4dbef67.js
Source: a07811dab2c1a983_0.0.drString found in binary or memory: https://assets.paperturn-view.com/7.0f628dc6.js
Source: 505f12502b0e1e8f_0.0.drString found in binary or memory: https://assets.paperturn-view.com/8.e31fc8b3.js
Source: 8d4436abab9cbffc_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Alert.22553599.js
Source: f99d6da11388c29b_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-BottomBar.9060c6c1.js
Source: a6de80f86bf10fb4_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-EmbedFullscreenSwitch.b1cc3074.js
Source: 8421b1b3082ac36c_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-ErrorBoundary.3ef6552e.js
Source: 57849aa2afcf52a8_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Newsflash.389922b8.js
Source: 9bec16c4529e250a_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Pages.5c372095.js
Source: a3b9cf33e4506e9e_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-PoweredBy.81832c27.js
Source: ab2e7647897bb5a2_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Preload.8e1d07ba.js
Source: e7eeab8bd5560049_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-SnackbarProvider.b1a734fc.js
Source: 859d57729f30e053_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Styles.e7b2b5dd.js
Source: 5ae823d24fa20467_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Toolbar.0413dfe3.js
Source: ab9b9b92e56d5efe_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-ToolbarButton.4ce3af8a.js
Source: 8936c0436506fed9_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-ToolbarIcon.687326a7.js
Source: 78971c5f3b10669d_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Tooltip.d369b3de.js
Source: 236c9a70f6d402a3_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-TopBar.54d5964a.js
Source: bf709059c5fc7310_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-Viewer.775a1c39.js
Source: ed55c9f01fcca8ed_0.0.drString found in binary or memory: https://assets.paperturn-view.com/components-ViewerContainer.a8be06bc.js
Source: 75180a52d49873b5_0.0.drString found in binary or memory: https://assets.paperturn-view.com/index.js?20210723020032
Source: e41c3bf86352e7cd_0.0.drString found in binary or memory: https://assets.paperturn-view.com/index.js?20210723020133
Source: c968078420fe3f97_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-AddToBasket~components-Alert~components-Basket~
Source: 5c8938a5f2f8b277_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-Alert~components-BuyBasket~components-Dialog~co
Source: a2df7e764a389255_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-BottomBar.e724eb41.js
Source: b4191926631e1e0f_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-BuyBasket~components-SendBasket~components-Snac
Source: 3f84843334707219_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-Newsflash.b7b94969.js
Source: 98f7ac3352864cdd_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-Pages~components-Search.4fcb49bb.js
Source: 402f710388ce73f0_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-ToolbarButton.aafd698b.js
Source: 4b4ae9e2956257f4_0.0.drString found in binary or memory: https://assets.paperturn-view.com/vendors~components-Tooltip~components-TopBar.09a36c1b.js
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://connect.facebook.net
Source: f7733717fc9a9560_0.0.drString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: cb14d97ede8b4cfb_0.0.drString found in binary or memory: https://connect.facebook.net/signals/config/808672289198286?v=2.9.43&r=stable
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://consent.cookiebot.com
Source: 16d9c28137016842_0.0.drString found in binary or memory: https://consent.cookiebot.com/15dac99d-cb99-4df3-83c0-6e8c10ac66d8/cc.js?renew=false&referer=www.pap
Source: 0ae6b52f6e424e4e_0.0.drString found in binary or memory: https://consent.cookiebot.com/uc.js
Source: 000003.log4.0.drString found in binary or memory: https://consentcdn.cookiebot.com
Source: 000003.log4.0.drString found in binary or memory: https://consentcdn.cookiebot.com&_https://consentcdn.cookiebot.com
Source: 000003.log0.0.drString found in binary or memory: https://consentcdn.cookiebot.com/
Source: 8959e7f160a77ede_0.0.drString found in binary or memory: https://consentcdn.cookiebot.com/consentconfig/15dac99d-cb99-4df3-83c0-6e8c10ac66d8/paperturn.com/co
Source: Current Session.0.drString found in binary or memory: https://consentcdn.cookiebot.com/sdk/bc-v3.min.html
Source: manifest.json0.0.drString found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: Reporting and NEL.1.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorryY
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://d3euuwqpqlzvic.cloudfront.net
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 6a3aeedd-434b-43b2-b003-feca369dd65f.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.dr, b25feb06-4ffa-4707-a885-6016f837f55d.tmp.1.drString found in binary or memory: https://dns.google
Source: manifest.json0.0.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://fonts.googleapis.com;
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://fonts.gstatic.com/
Source: manifest.json0.0.drString found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.drString found in binary or memory: https://hangouts.google.com/
Source: 878756e158c08974_0.0.drString found in binary or memory: https://i1.ytimg.com/vi/
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://images.paperturn.com/
Source: Favicons-journal.0.drString found in binary or memory: https://images.paperturn.com/g/favicon-new/favicon.ico
Source: Current Session.0.drString found in binary or memory: https://images.paperturn.com/g/share-paperturn-en.jpg
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: 8936c0436506fed9_0.0.dr, 98f7ac3352864cdd_0.0.dr, 7a24f279f3c8e97a_0.0.dr, 859d57729f30e053_0.0.dr, ab2e7647897bb5a2_0.0.dr, 78ec281d449072c9_0.0.dr, 57849aa2afcf52a8_0.0.drString found in binary or memory: https://paperturn-view.com/
Source: f99d6da11388c29b_0.0.drString found in binary or memory: https://paperturn-view.com/$Mt
Source: 505f12502b0e1e8f_0.0.drString found in binary or memory: https://paperturn-view.com/(
Source: d5ef84d81abcea8d_0.0.drString found in binary or memory: https://paperturn-view.com/.
Source: d5ef84d81abcea8d_0.0.drString found in binary or memory: https://paperturn-view.com/.?
Source: f4692d38da8f7d92_0.0.drString found in binary or memory: https://paperturn-view.com/8Xn
Source: 505f12502b0e1e8f_0.0.drString found in binary or memory: https://paperturn-view.com/9
Source: bf709059c5fc7310_0.0.drString found in binary or memory: https://paperturn-view.com/9r
Source: e7eeab8bd5560049_0.0.drString found in binary or memory: https://paperturn-view.com/A)
Source: c968078420fe3f97_0.0.drString found in binary or memory: https://paperturn-view.com/DWn
Source: c7dbfff3f5d11b28_0.0.drString found in binary or memory: https://paperturn-view.com/G
Source: 98f7ac3352864cdd_0.0.drString found in binary or memory: https://paperturn-view.com/OA
Source: 9bec16c4529e250a_0.0.drString found in binary or memory: https://paperturn-view.com/P
Source: a2df7e764a389255_0.0.drString found in binary or memory: https://paperturn-view.com/PEt
Source: 859d57729f30e053_0.0.drString found in binary or memory: https://paperturn-view.com/U
Source: 4b4ae9e2956257f4_0.0.drString found in binary or memory: https://paperturn-view.com/XAt
Source: 75180a52d49873b5_0.0.drString found in binary or memory: https://paperturn-view.com/coY
Source: e41c3bf86352e7cd_0.0.drString found in binary or memory: https://paperturn-view.com/d
Source: a3b9cf33e4506e9e_0.0.drString found in binary or memory: https://paperturn-view.com/uVn
Source: 16d9c28137016842_0.0.dr, 641fb3ab98d94d28_0.0.dr, c693e56ec7dc32cf_0.0.dr, e78a65cbed4dea02_0.0.drString found in binary or memory: https://paperturn.com/
Source: 16d9c28137016842_0.0.drString found in binary or memory: https://paperturn.com/8
Source: ddf29fd5d7ab777f_0.0.drString found in binary or memory: https://paperturn.com/9v
Source: 16d9c28137016842_0.0.drString found in binary or memory: https://paperturn.com/C#=
Source: f7733717fc9a9560_0.0.drString found in binary or memory: https://paperturn.com/HL
Source: 8959e7f160a77ede_0.0.drString found in binary or memory: https://paperturn.com/M&
Source: 8959e7f160a77ede_0.0.drString found in binary or memory: https://paperturn.com/O
Source: ca3cacf61e20435d_0.0.drString found in binary or memory: https://paperturn.com/U
Source: 8e8595a5d4720c28_0.0.drString found in binary or memory: https://paperturn.com/d3
Source: 8959e7f160a77ede_0.0.drString found in binary or memory: https://paperturn.com/e
Source: c693e56ec7dc32cf_0.0.drString found in binary or memory: https://paperturn.com/i2
Source: 8959e7f160a77ede_0.0.drString found in binary or memory: https://paperturn.com/id
Source: 0ae6b52f6e424e4e_0.0.drString found in binary or memory: https://paperturn.com/l
Source: 80d379f7f5b93e31_0.0.drString found in binary or memory: https://paperturn.com/s
Source: cb14d97ede8b4cfb_0.0.drString found in binary or memory: https://paperturn.com/u8
Source: manifest.json.0.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://r2---sn-h0jeener.gvt1.com
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://spoprod-a.akamaihd.net/
Source: a2a9870c369aa42b_0.0.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-next-prod_2018-11-02-sts_20181108.001/require-a19851d1.js
Source: bbfcd0a0712d3aa4_0.0.drString found in binary or memory: https://spoprod-a.akamaihd.net/files/odsp-next-prod_2018-11-02-sts_20181108.001/spoguestaccess-f1ac8
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: 80d379f7f5b93e31_0.0.drString found in binary or memory: https://static.zdassets.com/ekr/asset_composer.js
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://stats.g.doubleclick.net
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://translations.paperturn.com
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://use.fontawesome.com
Source: Network Action Predictor-journal.0.drString found in binary or memory: https://use.fontawesome.com/
Source: e65797cd70a56c3a_0.0.drString found in binary or memory: https://v2.zopim.com/bin/v/widget_v2.329.js
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://www.google-analytics.com
Source: ddf7e8582ef3dff7_0.0.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: manifest.json0.0.dr, 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://www.google.com
Source: manifest.json.0.drString found in binary or memory: https://www.google.com/
Source: 105618d59203ef9a_0.0.drString found in binary or memory: https://www.google.com/js/th/rri_UWQ0J4KTeoiEc0uqeM0aau5ykYMkDZQXo2HoPhc.js
Source: manifest.json0.0.drString found in binary or memory: https://www.google.com;
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://www.google.de
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://www.googletagmanager.com
Source: d5ef84d81abcea8d_0.0.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-47719712-4
Source: 7a0401b1-ba1d-4486-bd77-cf1fa87cf2d8.tmp.1.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: 335e69ddec2b9ac6_0.0.drString found in binary or memory: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Source: manifest.json0.0.drString found in binary or memory: https://www.gstatic.com;
Source: Current Session.0.dr, 75de2cc4-3143-4e6f-a0b4-1887dc1313b3.tmp.1.drString found in binary or memory: https://www.paperturn-view.com
Source: Current Session.0.drString found in binary or memory: https://www.paperturn-view.com&
Source: Current Session.0.drString found in binary or memory: https://www.paperturn-view.com/paperturn-marketing/embed-features-page-country-heritage?pid=MzE31606
Source: Current Session.0.dr, History-journal.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1
Source: Current Session.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1#Sharepoint
Source: History Provider Cache.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.12#Sharepoint
Source: Current Session.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.15-N
Source: History-journal.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1Sharepoint
Source: History-journal.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1e
Source: History-journal.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1j
Source: Current Session.0.drString found in binary or memory: https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1m
Source: Current Session.0.drString found in binary or memory: https://www.paperturn-view.comh
Source: 000003.log4.0.drString found in binary or memory: https://www.paperturn.com
Source: 000003.log0.0.drString found in binary or memory: https://www.paperturn.com/
Source: History-journal.0.drString found in binary or memory: https://www.paperturn.com/Convert
Source: ddf29fd5d7ab777f_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-2c7001179082c8031f506f1a6a77ca2f.js
Source: 3aa07428c0e4d4b1_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-2c7001179082c8031f506f1a6a77ca2f.jsa
Source: 3aa07428c0e4d4b1_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-2c7001179082c8031f506f1a6a77ca2f.jsaD
Source: 823f8fc18e89de25_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-5a97efeeff018a0419f17b6689972674.js
Source: 641fb3ab98d94d28_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-8e659b93bd027876d82817aa95060866.js
Source: 8e8595a5d4720c28_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-af8546ccbc09deec7e6b7a04c8502a92.js
Source: 5e756fb02c040fa1_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-b6b0e1e2a9cc4a10cafe9a7b0396818b.js
Source: 9aeca2548873487f_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-b6b0e1e2a9cc4a10cafe9a7b0396818b.jsa
Source: 9aeca2548873487f_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-b6b0e1e2a9cc4a10cafe9a7b0396818b.jsaD
Source: e78a65cbed4dea02_0.0.drString found in binary or memory: https://www.paperturn.com/cache/v2.3.12/mini-d0f4fc79d4063f6d5171f399465f6cb6.js
Source: Current Session.0.dr, Favicons-journal.0.drString found in binary or memory: https://www.paperturn.com/flipbook
Source: History Provider Cache.0.drString found in binary or memory: https://www.paperturn.com/flipbook28Flipbook:
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.com/flipbook8Flipbook:
Source: History-journal.0.drString found in binary or memory: https://www.paperturn.com/flipbookFlipbook:
Source: Current Session.0.dr, Favicons-journal.0.drString found in binary or memory: https://www.paperturn.com/login
Source: History-journal.0.drString found in binary or memory: https://www.paperturn.com/loginLogin
Source: d1d96ac840cd7ef0_0.0.dr, 91b9b5ff6833c0d7_0.0.drString found in binary or memory: https://www.paperturn.com/o3/resource/js/lib/angularjs/angularjs-lates.min.js
Source: 91b9b5ff6833c0d7_0.0.drString found in binary or memory: https://www.paperturn.com/o3/resource/js/lib/angularjs/angularjs-lates.min.jsaD
Source: Current Session.0.dr, History.0.drString found in binary or memory: https://www.paperturn.com/online-pdf-flip-book-features
Source: Favicons.0.drString found in binary or memory: https://www.paperturn.com/online-pdf-flip-book-features$
Source: History.0.drString found in binary or memory: https://www.paperturn.com/online-pdf-flip-book-features15
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.com/online-pdf-flip-book-features515
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.com/prices
Source: Favicons.0.drString found in binary or memory: https://www.paperturn.com/prices#
Source: History-journal.0.drString found in binary or memory: https://www.paperturn.com/prices/&W
Source: History.0.drString found in binary or memory: https://www.paperturn.com/pricesCheap
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.com/pricesI
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.com/pricesICheap
Source: Current Session.0.dr, Favicons-journal.0.drString found in binary or memory: https://www.paperturn.com/uk/
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.com/uk/8Convert
Source: History-journal.0.drString found in binary or memory: https://www.paperturn.com/uk/Convert
Source: Current Session.0.drString found in binary or memory: https://www.paperturn.comh
Source: 000003.log4.0.drString found in binary or memory: https://www.youtube.com
Source: 000003.log0.0.drString found in binary or memory: https://www.youtube.com/
Source: Current Session.0.drString found in binary or memory: https://www.youtube.com/embed/q0nkrcMDCmc?rel=0
Source: d2b8a8d9a2d95859_0.0.drString found in binary or memory: https://www.youtube.com/s/player/3804dce2/fetch-polyfill.vflset/fetch-polyfill.js
Source: 95fee99bab72dc0f_0.0.drString found in binary or memory: https://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/base.js
Source: 75c880fe196c95da_0.0.drString found in binary or memory: https://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/embed.js
Source: 3ee3277df70d5d32_0.0.drString found in binary or memory: https://www.youtube.com/s/player/3804dce2/player_ias.vflset/en_US/remote.js
Source: 4a93ae2abbf51303_0.0.drString found in binary or memory: https://www.youtube.com/s/player/3804dce2/www-embed-player.vflset/www-embed-player.js
Source: Network Action Predictor-journal.0.dr, b868e2287919f738_0.0.drString found in binary or memory: https://xpans.in/
Source: fd410d0fcd87a62a_0.0.drString found in binary or memory: https://xpans.in/5
Source: d80a1cc1e7bfcfc1_0.0.drString found in binary or memory: https://xpans.in/F
Source: Current Session.0.drString found in binary or memory: https://xpans.in/document/Drive/
Source: History-journal.0.drString found in binary or memory: https://xpans.in/document/Drive/Sharing
Source: Current Session.0.drString found in binary or memory: https://xpans.in/document/Drive/_-
Source: e8a9b928233b277a_0.0.drString found in binary or memory: https://xpans.in/document/Drive/asd/ScriptResource.axd?d=KozZrTVT8ndoIojtkc7ps-zrkEG427bomy-mzEko1Qr
Source: b868e2287919f738_0.0.drString found in binary or memory: https://xpans.in/document/Drive/asd/ScriptResource.axd?d=P9Sp2kK_d4BNWXJEemNdILK9AkaZTG86MaHXVWE9ulL
Source: fd410d0fcd87a62a_0.0.drString found in binary or memory: https://xpans.in/document/Drive/asd/ScriptResource.axd?d=YfbPqEYj0W31Qd6b83PGlWON7nZi7y2471DNsdTWssE
Source: d80a1cc1e7bfcfc1_0.0.drString found in binary or memory: https://xpans.in/document/Drive/asd/WebResource.axd?d=Vseh0_O29CS6SASZGjJ5B50eCxofIEK9mDd5NZNa5k8Kti
Source: Favicons.0.drString found in binary or memory: https://xpans.in/document/Drive/images/favicon.ico?rev=45
Source: Favicons.0.drString found in binary or memory: https://xpans.in/document/Drive/images/favicon.ico?rev=45:
Source: Current Session.0.drString found in binary or memory: https://xpans.in/document/Drive/securepassword.php
Source: History-journal.0.drString found in binary or memory: https://xpans.in/document/Drive/vynii1ggv7u34dlblu2qibdn.php?89bi9G16269732590bcc1ac9819c9793d16548a
Source: 95fee99bab72dc0f_0.0.drString found in binary or memory: https://youtube.com/
Source: d2b8a8d9a2d95859_0.0.drString found in binary or memory: https://youtube.com/H&
Source: 3ee3277df70d5d32_0.0.drString found in binary or memory: https://youtube.com/L
Source: 335e69ddec2b9ac6_0.0.drString found in binary or memory: https://youtube.com/wJ
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.225.123:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 143.204.225.93:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49760 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.106.139:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49842 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49841 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.106.139:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknownHTTPS traffic detected: 144.91.89.225:443 -> 192.168.2.5:49865 version: TLS 1.2
Source: unknownHTTPS traffic detected: 144.91.89.225:443 -> 192.168.2.5:49864 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:49871 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.18.204.90:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49923 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknownHTTPS traffic detected: 148.251.96.155:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:50029 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:50056 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.29.88.9:443 -> 192.168.2.5:50078 version: TLS 1.2
Source: classification engineClassification label: mal72.phis.win@45/253@49/34
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60FA22BB-DAC.pmaJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\8c1e99c0-df59-4ed3-b323-36c067026dd9.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://www.paperturn-view.com/us/papterturnfiles/sharepoint-file?pid=MTc175036&v=1.1'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=audio --enable-audio-service-sandbox --mojo-platform-channel-handle=4612 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=video_capture --enable-audio-service-sandbox --mojo-platform-channel-handle=3848 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,7917042391378505505,9881702941299426833,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8