Windows Analysis Report https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f1drv.ms%2fu%2fs%21AkodBYHyG1DWb7SSY7m8YBUEyng%3fe%3dblm7w0&c=E,1,Dj7Q4HmkOZ3qXMDHZ2zgLPoWv5nD5C7gYieOiNzOl6PJxbzRL-piJW1ktBB1FWAVlQzkemDRZ_VpojdssWKzejgaAiAkyqkwM7TzzAiKoAHyfEn6Ln1QDoba8A,,&typo=1

Overview

General Information

Sample URL: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f1drv.ms%2fu%2fs%21AkodBYHyG1DWb7SSY7m8YBUEyng%3fe%3dblm7w0&c=E,1,Dj7Q4HmkOZ3qXMDHZ2zgLPoWv5nD5C7gYieOiNzOl6PJxbzRL-piJW1ktBB1FWAVlQzkemDRZ_VpojdssWKzejgaAiAkyqkwM7TzzAiKoAHyfEn6Ln1QDoba8A,,&typo=1
Analysis ID: 518
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Phishing site detected (based on shot template match)
Yara detected HtmlPhish7
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on image similarity)
HTML body contains low number of good links
No HTML title found

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on shot template match)
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Template: office matched
Yara detected HtmlPhish7
Source: Yara match File source: 69819.3.pages.csv, type: HTML
Yara detected HtmlPhish10
Source: Yara match File source: 69819.3.pages.csv, type: HTML
Phishing site detected (based on image similarity)
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Found strong image similarity, brand: Microsoft image: 69819.3.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Found strong image similarity, brand: Microsoft image: 69819.3.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Found strong image similarity, brand: Microsoft image: 90050.4.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Found strong image similarity, brand: Microsoft image: 90050.4.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Found strong image similarity, brand: Microsoft image: 86585.5.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ Matcher: Found strong image similarity, brand: Microsoft image: 86585.5.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A
HTML body contains low number of good links
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: Number of links: 0
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: Number of links: 0
No HTML title found
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: HTML title missing
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: HTML title missing
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: No <meta name="author".. found
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: No <meta name="author".. found
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: No <meta name="copyright".. found
Source: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 176.57.150.65:443 -> 192.168.2.3:50242 version: TLS 1.2
Source: unknown HTTPS traffic detected: 176.57.150.65:443 -> 192.168.2.3:50243 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 1MB later: 31MB
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: unknown Network traffic detected: HTTP traffic on port 52519 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62185 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62181 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52519
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55547
Source: unknown Network traffic detected: HTTP traffic on port 55548 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 55548
Source: unknown Network traffic detected: HTTP traffic on port 62179 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 57842
Source: unknown Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 61822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54060
Source: unknown Network traffic detected: HTTP traffic on port 60184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59451 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53190 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 62184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50503
Source: unknown Network traffic detected: HTTP traffic on port 63481 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52565
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51477
Source: unknown Network traffic detected: HTTP traffic on port 54060 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64704
Source: unknown Network traffic detected: HTTP traffic on port 51477 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60184
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64643 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62180
Source: unknown Network traffic detected: HTTP traffic on port 62183 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62181
Source: unknown Network traffic detected: HTTP traffic on port 49437 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52565 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62182
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 56937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62183
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62184
Source: unknown Network traffic detected: HTTP traffic on port 57842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62185
Source: unknown Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 64704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59451
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62616
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 58285
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 60914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62178
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53190
Source: unknown Network traffic detected: HTTP traffic on port 62616 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62179
Source: unknown Network traffic detected: HTTP traffic on port 61906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62379
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49437
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 65062
Source: unknown Network traffic detected: HTTP traffic on port 50503 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 65062 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63481
Source: unknown Network traffic detected: HTTP traffic on port 62379 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62182 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 54884
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50243
Source: unknown Network traffic detected: HTTP traffic on port 50245 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50245
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown Network traffic detected: HTTP traffic on port 55547 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58285 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 64643
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 131.253.33.200
Source: unknown TCP traffic detected without corresponding DNS query: 104.89.41.209
Source: unknown TCP traffic detected without corresponding DNS query: 104.89.41.209
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: global traffic HTTP traffic detected: GET /url?a=https%3a%2f%2f1drv.ms%2fu%2fs%21AkodBYHyG1DWb7SSY7m8YBUEyng%3fe%3dblm7w0&c=E,1,Dj7Q4HmkOZ3qXMDHZ2zgLPoWv5nD5C7gYieOiNzOl6PJxbzRL-piJW1ktBB1FWAVlQzkemDRZ_VpojdssWKzejgaAiAkyqkwM7TzzAiKoAHyfEn6Ln1QDoba8A,,&typo=1 HTTP/1.1Host: linkprotect.cudasvc.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=92.0.4515.107&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-92.0.4515.107Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0asWvVP5wt4i50ZtXmm6vOxVjDtXf5_Qw7lkxpfoCKuSDoNNBzgKJlH33NRLE64ElFJ7tH1Z-k87IEqFgY8CrWkCeKjCA9RVUlD1akfG5oQv3gVAMZSmuXL0E38bjZru1-bydB5IpnTlf_6cw/extension_9221_427_0_1.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /u/s!AkodBYHyG1DWb7SSY7m8YBUEyng?e=blm7w0 HTTP/1.1Host: 1drv.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/proxy?v=3 HTTP/1.1Host: skyapi.onedrive.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://onedrive.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=f003e72e-f229-4d14-b354-bddbceb7b2dc&&RD00155D99607F&315; wla42=; mkt=en-US; xidseq=3; E=P:9CsxUuKB2Yg=:m7FDh3BWwTsMprkbMCzlOX4AXY3osYR8GCDTYRP5MCo=:F
Source: global traffic HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1632798744328 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: xid=f003e72e-f229-4d14-b354-bddbceb7b2dc&&RD00155D99607F&315; wla42=; mkt=en-US; xidseq=3; E=P:9CsxUuKB2Yg=:m7FDh3BWwTsMprkbMCzlOX4AXY3osYR8GCDTYRP5MCo=:F; BP=l=SDX.Skydrive&FR=&ST=; MUID=23799C55381260F80B208CEA3C12647F
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/ HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/css/hover.css HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"Origin: https://lakeviewanimalsanctuary.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://lakeviewanimalsanctuary.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/adobe.jpg HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/outlook1.png HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/office3651.png HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/other1.png HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/gmail.png HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/8.jpg HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"Origin: https://lakeviewanimalsanctuary.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://lakeviewanimalsanctuary.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/adobe.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.org
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/outlook1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.org
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/office3651.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.org
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/other1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.org
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/gmail.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.org
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/ HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/adobe.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Tue, 21 Jan 2020 14:44:54 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/outlook1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Sat, 18 Jan 2020 23:38:46 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/office3651.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Tue, 21 Jan 2020 16:30:14 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/other1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Sun, 19 Jan 2020 00:01:38 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/gmail.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Tue, 14 Jan 2020 00:06:14 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/adobe.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Tue, 21 Jan 2020 14:44:54 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/outlook1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Sat, 18 Jan 2020 23:38:46 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/office3651.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Tue, 21 Jan 2020 16:30:14 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/other1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Sun, 19 Jan 2020 00:01:38 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/gmail.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: lakeviewanimalsanctuary.orgIf-Modified-Since: Tue, 14 Jan 2020 00:06:14 GMT
Source: global traffic HTTP traffic detected: GET /dallas/rm/hundred/images/othermail.ico HTTP/1.1Host: lakeviewanimalsanctuary.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 27 Sep 2021 18:12:26 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: History-journal.0.dr, Favicons-journal.0.dr, History Provider Cache.0.dr, Favicons.0.dr String found in binary or memory: https://1drv.ms/u/s
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=dfr6GGSEJG3jfF0Ir4G4B8RnRQt9Btr6H%2Fh4IBSMmVCFEggjyLLxihkTV
Source: Reporting and NEL.2.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=m%2B%2BETSmyrlT5R%2BLj9OHfFRPD%2Ba93zbgjt3i49Y1Z4YY91Kq9OPS
Source: manifest.json0.0.dr, f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: 93a3fa42e61c139b_0.0.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js
Source: 7444ea2da1317cfb_0.0.dr String found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.1.3.min.js
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://ajax.googleapis.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://ajax.googleapis.com/
Source: 254e8887241da11f_0.0.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: 68f288d8342d8d7d_0.0.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsa
Source: 68f288d8342d8d7d_0.0.dr String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsaD
Source: f7dd50aa7b62010a_0.0.dr String found in binary or memory: https://amcdn.msftauth.net/me?partner=OneNoteOnline&version=10.21153.1&market=EN-US&wrapperId=suites
Source: manifest.json0.0.dr, f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: 02d4aaf953a2f242_0.0.dr String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161451741026_App_Scripts/Feedback/latest/Intl/en/officeb
Source: 65947caaf1db9298_0.0.dr String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161451741026_App_Scripts/Feedback/latest/officebrowserfe
Source: 4faa0455d4039afa_0.0.dr String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/161451741026_App_Scripts/wacairspaceanimationlibrary.js
Source: fa1d01002fa990ce_0.0.dr String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h4DDC354F0F9CEFBE_App_Scripts/MicrosoftAjax.js
Source: 2f093249a8f8bca4_0.0.dr String found in binary or memory: https://c1-officeapps-15.cdn.office.net/o/s/h86134E806FB32D83_App_Scripts/1033/CommonIntl.js
Source: Favicons.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/resources/1033/FavIcon_OneNote.ico
Source: 0e9db8ca960fef70_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/1033/OneNoteSimplified.Wac.TellMeM
Source: 1273ab226cd7fd25_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/1033/onenote-intl-mlr.min.js
Source: 97f512e7491a7456_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/1033/onenote-navpane-strings.min.j
Source: 12609919983ee517_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/1033/onenote-ribbon-intl.min.js
Source: 9bee922fc98a1fe8_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/1033/onenote-ribbon-sprite-lazy.mi
Source: f8454b9b69153474_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/1033/osfruntime_strings.js
Source: 2e60a340af51fb52_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/OfficeExtension.WacRuntime.js
Source: 1bff270e32b0ba8c_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/OneNote.box4.dll2.js
Source: 41925020bae877cf_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/OneNoteSimplified.Wac.TellMeSugges
Source: 941b06fb8478e48f_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/OsfRuntimeOneNoteWAC.js
Source: 6c5096a78a4a9b6d_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/appChrome.min.js
Source: 1fd1d25d46212c70_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/appChromeLazy.min.js
Source: ae91f4d35288cc27_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/appIconsLazy.min.js
Source: f3d7599b2ef11517_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/common.min.js
Source: 9e03917aff818da1_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/common50.min.js
Source: 9b678471d0290a69_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/navigation.min.js
Source: a29dc5bca0d7f772_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/onenoteloadingspinner.min.js
Source: 9ef530ac8e11a4d2_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/oreolazy.min.js
Source: 9ed2fcd8165ac8a3_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/oreonavpane.min.js
Source: b67b6a74d56845ce_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/oreonotebookpane.min.js
Source: d83685a8009852e3_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/oreosearchpane.min.js
Source: 3a0931e6eb23e5a7_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/otelFull.min.js
Source: 04c181100cdfb9a2_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/suiteux-shell/js/suiteux.shell.con
Source: 7627f51e9323d3c1_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/suiteux-shell/js/suiteux.shell.cor
Source: 9a25d4617c36f111_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/suiteux-shell/js/suiteux.shell.plu
Source: c2a8b1231073fa2a_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/uiFabricLazy.min.js
Source: 4a0fdcbc7d76ecf2_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/161451741026_App_Scripts/uiSlice20.min.js
Source: 7cd4eb7d184ef6b5_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h06FE78141D1F3A43_App_Scripts/Compat.js
Source: timesi.ttf.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h207E6AA8E669E1DB_App_Scripts/common.min.js
Source: 387591b72ede2a53_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h29DB8AD8C3F08967_App_Scripts/1033/WoncaIntl.js
Source: 1bc1b686e63f82ff_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h343F8D452E239C63_App_Scripts/onenoteSync.min.js
Source: 047447b274c22c54_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h4553A1519A41E5EA_App_Scripts/1033/OneNoteIntl.js
Source: af5c3b38004ce8f5_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/h5277160D6043DE10_App_Scripts/OneNote.js
Source: 8e1634acc9edb463_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hB4C30F06EFC8E468_App_Scripts/OneNote.box4.dll1.js
Source: 3da036a9ad3ac2b3_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCBE3A397F2722612_App_Scripts/wacBoot.min.js
Source: 089da834c75847e1_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hCF8E38AF39F430EA_App_Scripts/jSanity.js
Source: a4e4f981b679f738_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hDDF49EC81121027B_App_Scripts/1033/Box4Intl.js
Source: 3cea4a09fd476ccb_0.0.dr String found in binary or memory: https://c1-onenote-15.cdn.office.net/o/s/hF3AC95D9C5F18E11_App_Scripts/onenote-boot.min.js
Source: 9353779ee6ffff87_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/BrowserUls.js
Source: 494f0b1321cc8f5a_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/CommonDiagnostics.js
Source: 8db287ed550f8594_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/ExternalResources/js-cookie.js
Source: faa473b89c4cb6d5_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/Instrumentation.js
Source: dc791ca3e3d643d6_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/LearningTools/LearningTools.js
Source: cbc4c2abcb8aa92a_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/aria-web-telemetry-2.9.0.min.js
Source: 621b14f10032e8ca_0.0.dr String found in binary or memory: https://cdn.onenote.net/officeaddins/161452140454_Scripts/pickadate.min.js
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://cdnjs.cloudflare.com
Source: cb2363910694cc97_0.0.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: cb2363910694cc97_0.0.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsaD
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://code.jquery.com/
Source: e086e20a4544416f_0.0.dr, 78aa54cc66311898_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: 78aa54cc66311898_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.jsaD
Source: 88f296436c4e3508_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: d9e7fedc2d930b19_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.jsa
Source: d9e7fedc2d930b19_0.0.dr String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.jsaD
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr, Reporting and NEL-journal.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL-journal.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/externalu
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi/external
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: Reporting and NEL.2.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushersu
Source: manifest.json0.0.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://fonts.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.googleapis.com;
Source: manifest.json0.0.dr String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr String found in binary or memory: https://hangouts.google.com/
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://ka-f.fontawesome.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://ka-f.fontawesome.com/
Source: Network Action Predictor.0.dr String found in binary or memory: https://kit.fontawesome.com/
Source: e4db85a58b045986_0.0.dr String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: e086e20a4544416f_0.0.dr, e4db85a58b045986_0.0.dr, Network Action Predictor.0.dr, 8c0a87f73cfc83c3_0.0.dr String found in binary or memory: https://lakeviewanimalsanctuary.org/
Source: Session_13277272323915037.0.dr, Tabs_13277272324294110.0.dr String found in binary or memory: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/
Source: History Provider Cache.0.dr String found in binary or memory: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/2
Source: History-journal.0.dr String found in binary or memory: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/Share
Source: Session_13277272323915037.0.dr String found in binary or memory: https://lakeviewanimalsanctuary.org/dallas/rm/hundred/b
Source: Favicons-journal.0.dr, History Provider Cache.0.dr String found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f1drv.ms%2fu%2fs%21AkodBYHyG1DWb7SSY7m8YBUEyng%3f
Source: 8a281a193daaab2f_0.0.dr, 1fd1d25d46212c70_0.0.dr, f3d7599b2ef11517_0.0.dr, 2f093249a8f8bca4_0.0.dr String found in binary or memory: https://live.com/
Source: 09f2c706fbeaa761_0.0.dr String found in binary or memory: https://live.com/)
Source: a5534787ec2d07e5_0.0.dr String found in binary or memory: https://live.com/2
Source: 02d4aaf953a2f242_0.0.dr String found in binary or memory: https://live.com/3
Source: 65947caaf1db9298_0.0.dr String found in binary or memory: https://live.com/5
Source: 9ef530ac8e11a4d2_0.0.dr String found in binary or memory: https://live.com/G
Source: 1ab14149c9b37915_0.0.dr String found in binary or memory: https://live.com/P
Source: 7cd4eb7d184ef6b5_0.0.dr String found in binary or memory: https://live.com/R
Source: 4a0fdcbc7d76ecf2_0.0.dr String found in binary or memory: https://live.com/Sf
Source: 5bde89341a061de0_0.0.dr String found in binary or memory: https://live.com/Vw
Source: f7dd50aa7b62010a_0.0.dr String found in binary or memory: https://live.com/Zc
Source: timesi.ttf.0.dr String found in binary or memory: https://live.com/f
Source: d83685a8009852e3_0.0.dr String found in binary or memory: https://live.com/j
Source: 93a3fa42e61c139b_0.0.dr String found in binary or memory: https://live.com/s
Source: a4e4f981b679f738_0.0.dr String found in binary or memory: https://live.com/uh
Source: b67b6a74d56845ce_0.0.dr String found in binary or memory: https://live.com/~
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com
Source: Network Action Predictor.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 8c0a87f73cfc83c3_0.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: 8c0a87f73cfc83c3_0.0.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsaD
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: Session_13277272323915037.0.dr String found in binary or memory: https://onedrive.live.com
Source: Session_13277272323915037.0.dr String found in binary or memory: https://onedrive.live.com/
Source: 09f2c706fbeaa761_0.0.dr String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=GroupFolders&v=19.725.0719.2003&
Source: 1ab14149c9b37915_0.0.dr String found in binary or memory: https://onedrive.live.com/handlers/clientstring.mvc?mkt=en-US&group=Office&v=19.725.0719.2003&useReq
Source: History-journal.0.dr, Favicons-journal.0.dr, History Provider Cache.0.dr, Session_13277272323915037.0.dr String found in binary or memory: https://onedrive.live.com/redir?resid=D6501BF281051D4A
Source: Session_13277272323915037.0.dr String found in binary or memory: https://onedrive.live.com/redir?resid=D6501BF281051D4A%21111&authkey=%21ALSSY7m8YBUEyng&page=View&wd
Source: Session_13277272323915037.0.dr String found in binary or memory: https://onedrive.live.com/view.aspx?resid=D6501BF281051D4A
Source: 137716cf-f47a-42a9-9067-e5bab8b3f4fd.tmp.0.dr, 7cefa909-7758-47a7-9b45-b3a7c9ebec10.tmp.0.dr String found in binary or memory: https://onedrive.live.com:443
Source: e96383cd4fdf8308_0.0.dr, 7444ea2da1317cfb_0.0.dr, 9353779ee6ffff87_0.0.dr String found in binary or memory: https://onenote.com/
Source: faa473b89c4cb6d5_0.0.dr String found in binary or memory: https://onenote.com/%n
Source: 810e53cf61aed9ba_0.0.dr String found in binary or memory: https://onenote.com/4
Source: 511f06892f5a721b_0.0.dr String found in binary or memory: https://onenote.com/Dq
Source: 621b14f10032e8ca_0.0.dr String found in binary or memory: https://onenote.com/_p
Source: Session_13277272323915037.0.dr String found in binary or memory: https://onenote.officeapps.live.com
Source: Session_13277272323915037.0.dr, index.txt.tmp.0.dr String found in binary or memory: https://onenote.officeapps.live.com/
Source: QuotaManager.0.dr String found in binary or memory: https://onenote.officeapps.live.com/default
Source: QuotaManager.0.dr String found in binary or memory: https://onenote.officeapps.live.com/default/
Source: Session_13277272323915037.0.dr String found in binary or memory: https://onenote.officeapps.live.com/o/onenoteframe.aspx?edit=0&ui=en-US&rs=en-US&hid=UCrnFM1QLU23%2F
Source: a5534787ec2d07e5_0.0.dr String found in binary or memory: https://p.sfx.ms//storage/aria-2.5.0.min.js
Source: manifest.json.0.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: manifest.json.0.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: Session_13277272323915037.0.dr String found in binary or memory: https://skyapi.onedrive.live.com/api/proxy?v=3
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://spoprod-a.akamaihd.net
Source: af47f16bd7610af9_0.0.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210729.001/jquery-1.7.2-
Source: 8a281a193daaab2f_0.0.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210729.001/wac0-efa56458
Source: a63ea7b972ca7cfa_0.0.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210729.001/wac1-cdc297b4
Source: 6307df8c1ac7f419_0.0.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210729.001/wac2-bf8b3319
Source: 5bde89341a061de0_0.0.dr String found in binary or memory: https://spoprod-a.akamaihd.net/files/onedrive-website-release-prod_master_20210729.001/wac_s_office-
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json42.0.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json42.0.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://update.googleapis.com
Source: manifest.json0.0.dr, f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.google.com;
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: f0a94a05-b9a6-405f-a10f-2dee02a4276f.tmp.2.dr, 08979ffb-1863-4526-a17a-5ba30ca36ba4.tmp.2.dr, b288d7a5-d417-4061-94a4-faad86891955.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr String found in binary or memory: https://www.gstatic.com;
Source: Session_13277272323915037.0.dr String found in binary or memory: https://www.onenote.com/officeaddins/learningtools/?et=
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; NID=216=I6CuWiAsd2lH6AC5CO2TTw5MCN3WWkiNu-mYvTNujL88oxXy0UK9yalWvycRtySss8iWRiXfqARAdC7BsJaQ5W2cFT6FG6GyJ7HcSQqS8phAgJWdy36gJyljNdy2GR3YUXNQwNkuHyOssVfrbdvpM5caJcSYKuRYB2ICYiL3C7s
Source: unknown HTTPS traffic detected: 176.57.150.65:443 -> 192.168.2.3:50242 version: TLS 1.2
Source: unknown HTTPS traffic detected: 176.57.150.65:443 -> 192.168.2.3:50243 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\f50d8071-aa53-4f6c-8e38-55e4692dfa32.tmp Jump to behavior
Source: classification engine Classification label: mal76.phis.win@34/290@23/16
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation --single-argument https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f1drv.ms%2fu%2fs%21AkodBYHyG1DWb7SSY7m8YBUEyng%3fe%3dblm7w0&c=E,1,Dj7Q4HmkOZ3qXMDHZ2zgLPoWv5nD5C7gYieOiNzOl6PJxbzRL-piJW1ktBB1FWAVlQzkemDRZ_VpojdssWKzejgaAiAkyqkwM7TzzAiKoAHyfEn6Ln1QDoba8A,,&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,11051325782549474695,12488764856173818770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,11051325782549474695,12488764856173818770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61528801-1EC4.pma Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 518 URL: https://linkprotect.cudasvc... Startdate: 27/09/2021 Architecture: WINDOWS Score: 76 13 prda.aadg.msidentity.com 2->13 15 lakeviewanimalsanctuary.org 2->15 29 Antivirus detection for URL or domain 2->29 31 Phishing site detected (based on shot template match) 2->31 33 Yara detected HtmlPhish10 2->33 35 2 other signatures 2->35 7 chrome.exe 19 501 2->7         started        signatures3 process4 dnsIp5 17 169.254.68.153 USDOSUS Reserved 7->17 19 192.168.2.1 unknown unknown 7->19 21 2 other IPs or domains 7->21 10 chrome.exe 95 7->10         started        process6 dnsIp7 23 1drv.ms 13.107.42.12, 443, 53190 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->23 25 i-dub01p-cor001.api.p001.1drv.com 40.90.128.17, 443, 60914 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 10->25 27 31 other IPs or domains 10->27
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.16.18.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
13.107.42.12
 1drv.ms United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
239.255.255.250
 unknown Reserved
unknown unknown false
169.254.68.153
 unknown Reserved
6966 USDOSUS false
176.57.150.65
 lakeviewanimalsanctuary.org Germany
56876 GPORTALDE false
142.250.74.141
 accounts.google.com United States
15169 GOOGLEUS false
104.18.10.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
3.122.46.253
 linkprotect.cudasvc.com United States
16509 AMAZON-02US false
142.250.181.238
 clients.l.google.com United States
15169 GOOGLEUS false
142.250.74.193
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
142.250.181.227
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
40.90.128.17
 i-dub01p-cor001.api.p001.1drv.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
40.90.136.180
 i-db3p-cor002.api.p001.1drv.com United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false

Private
IP
192.168.2.1
192.168.2.3
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 142.250.181.227 true
i-dub01p-cor001.api.p001.1drv.com 40.90.128.17 true
i-db3p-cor002.api.p001.1drv.com 40.90.136.180 true
accounts.google.com 142.250.74.141 true
cdnjs.cloudflare.com 104.16.18.94 true
maxcdn.bootstrapcdn.com 104.18.10.207 true
clients.l.google.com 142.250.181.238 true
linkprotect.cudasvc.com 3.122.46.253 true
googlehosted.l.googleusercontent.com 142.250.74.193 true
lakeviewanimalsanctuary.org 176.57.150.65 true
1drv.ms 13.107.42.12 true
onenoteonlinesync.onenote.com unknown unknown
ka-f.fontawesome.com unknown unknown
kit.fontawesome.com unknown unknown
messaging.office.com unknown unknown
c.live.com unknown unknown
ajax.aspnetcdn.com unknown unknown
storage.live.com unknown unknown
skyapi.onedrive.live.com unknown unknown
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
code.jquery.com unknown unknown
onedrive.live.com unknown unknown
p.sfx.ms unknown unknown
amcdn.msftauth.net unknown unknown
spoprod-a.akamaihd.net unknown unknown
www.onenote.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ true
  • SlashNext: Fake Login Page type: Phishing & Social Engineering
 unknown
https://lakeviewanimalsanctuary.org/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://lakeviewanimalsanctuary.org/dallas/rm/hundred/images/outlook1.png true
  • Avira URL Cloud: safe
 unknown
https://onedrive.live.com/view.aspx?resid=D6501BF281051D4A!111&authkey=!ALSSY7m8YBUEyng false
    		high
    https://lakeviewanimalsanctuary.org/dallas/rm/hundred/ true
    • SlashNext: Fake Login Page type: Phishing & Social Engineering
    		 unknown
    https://1drv.ms/u/s!AkodBYHyG1DWb7SSY7m8YBUEyng?e=blm7w0 false
      		high
      https://lakeviewanimalsanctuary.org/dallas/rm/hundred/images/office3651.png true
      • Avira URL Cloud: safe
      		 unknown
      https://lakeviewanimalsanctuary.org/dallas/rm/hundred/images/gmail.png true
      • Avira URL Cloud: safe
      		 unknown
      https://lakeviewanimalsanctuary.org/dallas/rm/hundred/images/othermail.ico true
      • Avira URL Cloud: safe
      		 unknown
      https://lakeviewanimalsanctuary.org/dallas/rm/hundred/css/hover.css true
      • Avira URL Cloud: safe
      		 unknown
      https://lakeviewanimalsanctuary.org/dallas/rm/hundred/images/other1.png true
      • Avira URL Cloud: safe
      		 unknown
      https://lakeviewanimalsanctuary.org/dallas/rm/hundred/images/adobe.jpg true
      • Avira URL Cloud: safe
      		 unknown
      https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f1drv.ms%2fu%2fs%21AkodBYHyG1DWb7SSY7m8YBUEyng%3fe%3dblm7w0&c=E,1,Dj7Q4HmkOZ3qXMDHZ2zgLPoWv5nD5C7gYieOiNzOl6PJxbzRL-piJW1ktBB1FWAVlQzkemDRZ_VpojdssWKzejgaAiAkyqkwM7TzzAiKoAHyfEn6Ln1QDoba8A,,&typo=1 false
        		unknown
        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=92.0.4515.107&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
          		high
          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
            		high
            https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css false
              		high
              https://skyapi.onedrive.live.com/api/proxy?v=3 false
                		high
                https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js false
                  		high