Windows Analysis Report
Duo Security Enrollment.eml

Overview

General Information

Sample name: Duo Security Enrollment.eml
Analysis ID: 1523559
MD5: a823771b83c9451ab6b1c3b57e15edeb
SHA1: 5957ec904005784156339142e6f1305f0d56792a
SHA256: 5edce20c3c33e8f7b2f4f0f1c0b9c08ec6cf464c1bfe88851574b43a2871d200
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Creates a window with clipboard capturing capabilities
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Office Macro File Download
Stores files to the Windows start menu directory

Classification

Source: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYV HTTP Parser: No favicon
Source: https://api-5092fa72.duosecurity.com/frame/enroll?sid=frameless HTTP Parser: No favicon
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.16:49710 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.68
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KzKDlhYekoLUXpa&MD=gPr39eHA HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYV HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /frame/static/v4/Portal.css HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/js/errors.js?v=d10d2 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/v4/Portal.js?v=cfaf2 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/js/errors.js?v=d10d2 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/v4/Portal.js?v=cfaf2 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/css/normalize.css?v=a674e HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/fonts/ss-standard/ss-standard.css?v=a8885 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/css/fonts/duo-admin.css?v=50a8a HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/css/v3/base.css?v=9a14c HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/css/tipsy.css?v=4217a HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/jquery/jquery-prologue.js?v=400dc HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/img/duo-cisco-logo-green.png?v=437f1 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/fonts/duo-admin/duo-admin.woff HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://api-5092fa72.duosecurity.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://api-5092fa72.duosecurity.com/frame/static/css/fonts/duo-admin.css?v=50a8aAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/jquery/jquery.min.js?v=ff152 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/jquery/jquery-prologue.js?v=400dc HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/he/he.min.js?v=aaa33 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/lib/jquery-postmessage.min.js?v=98c73 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/lodash/lodash.min.js?v=6585f HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/img/duo-cisco-logo-green.png?v=437f1 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/backbone/backbone-min.js?v=e0ff6 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/lib/jquery-postmessage.min.js?v=98c73 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/frame.js?v=aaf8c HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/base.js?v=fff81 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/jquery/jquery.min.js?v=ff152 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/validator/validator.min.js?v=9a068 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/jquery/jquery-epilogue.js?v=c4ac5 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/he/he.min.js?v=aaa33 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/lodash/lodash.min.js?v=6585f HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/trigger-endpointhealth-verification.js?v=e90e7 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/lib/jquery.tipsy.js?v=c0432 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/backbone/backbone-min.js?v=e0ff6 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/frame.js?v=aaf8c HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/prompt.js?v=69acc HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/validator/validator.min.js?v=9a068 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/shared/lib/jquery/jquery-epilogue.js?v=c4ac5 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/base.js?v=fff81 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/lib/jquery.tipsy.js?v=c0432 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/trigger-endpointhealth-verification.js?v=e90e7 HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/static/js/page/v3/prompt.js?v=69acc HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /frame/enroll?sid=frameless HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYVAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: api-5092fa72.duosecurity.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://api-5092fa72.duosecurity.com/frame/enroll?sid=framelessAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid="YjhiMWQxYTMwYzAzNDg2NmJiNDNiMGVjMjU3NmRlN2Q=|1727802239|f1db4176e144da872509c0de057da1a5bc6c1637"; _xsrf="ZDZkY2NiMjEwYTU2NGEwOGIzMWZlZTI2OTcyNThjYTQ=|1727802239|db5758f8232b0e33402da314bd9ae81a29e55ef4"
Source: global traffic DNS traffic detected: DNS query: api-5092fa72.duosecurity.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: Duo/1.0Date: Tue, 01 Oct 2024 17:04:00 GMTContent-Type: text/htmlContent-Length: 550Connection: close
Source: chromecache_157.12.dr, chromecache_189.12.dr String found in binary or memory: http://benalman.com/about/license/
Source: chromecache_157.12.dr, chromecache_189.12.dr String found in binary or memory: http://benalman.com/projects/jquery-postmessage-plugin/
Source: chromecache_186.12.dr String found in binary or memory: http://nicolasgallagher.com/micro-clearfix-hack/
Source: chromecache_168.12.dr, chromecache_178.12.dr String found in binary or memory: http://underscorejs.org/LICENSE
Source: Duo Security Enrollment.eml, ~WRS{AC2E539E-9AB7-437E-89C7-6EA6311180E7}.tmp.0.dr String found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: Duo Security Enrollment.eml String found in binary or memory: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?c=
Source: ~WRS{AC2E539E-9AB7-437E-89C7-6EA6311180E7}.tmp.0.dr String found in binary or memory: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54
Source: Duo Security Enrollment.eml String found in binary or memory: https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3D3183a500=
Source: chromecache_186.12.dr String found in binary or memory: https://css-tricks.com/snippets/css/retina-display-media-query/
Source: chromecache_160.12.dr, chromecache_173.12.dr String found in binary or memory: https://github.com/jaz303/tipsy/pull/169
Source: Duo Security Enrollment.eml String found in binary or memory: https://guide.duo.com/enrol=
Source: ~WRS{AC2E539E-9AB7-437E-89C7-6EA6311180E7}.tmp.0.dr String found in binary or memory: https://guide.duo.com/enrollment
Source: chromecache_168.12.dr, chromecache_178.12.dr String found in binary or memory: https://lodash.com/
Source: chromecache_168.12.dr, chromecache_178.12.dr String found in binary or memory: https://lodash.com/license
Source: chromecache_168.12.dr, chromecache_178.12.dr String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: chromecache_168.12.dr, chromecache_178.12.dr String found in binary or memory: https://openjsf.org/
Source: Duo Security Enrollment.eml String found in binary or memory: https://www.cisco.com/c/en/=
Source: Duo Security Enrollment.eml, ~WRS{AC2E539E-9AB7-437E-89C7-6EA6311180E7}.tmp.0.dr String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy.html
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.16:49710 version: TLS 1.2
Creates a window with clipboard capturing capabilities
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: classification engine Classification label: clean3.winEML@17/92@6/6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T1303450010-1540.etl Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Duo Security Enrollment.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D425C529-60C1-490C-80E7-D928799F2E41" "042A5341-4343-4029-B74A-D1D0E548CAF2" "1540" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYV
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,8083216875807871860,9760922534198285399,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D425C529-60C1-490C-80E7-D928799F2E41" "042A5341-4343-4029-B74A-D1D0E548CAF2" "1540" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYV Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,8083216875807871860,9760922534198285399,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.10.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1523559 Sample: Duo Security Enrollment.eml Startdate: 01/10/2024 Architecture: WINDOWS Score: 3 6 OUTLOOK.EXE 127 134 2->6         started        process3 8 chrome.exe 8 6->8         started        11 ai.exe 6->11         started        dnsIp4 16 192.168.2.16, 443, 49696, 49697 unknown unknown 8->16 18 239.255.255.250 unknown Reserved 8->18 13 chrome.exe 8->13         started        process5 dnsIp6 20 www.google.com 142.250.186.164, 443, 49738 GOOGLEUS United States 13->20 22 3.145.240.82, 443, 49718, 49719 AMAZON-02US United States 13->22 24 2 other IPs or domains 13->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
3.145.240.82
 unknown United States
16509 AMAZON-02US false
52.32.63.141
 api-5092fa72.duosecurity.com United States
16509 AMAZON-02US false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.186.164
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16
127.0.0.1

Contacted Domains

Name IP Active
api-5092fa72.duosecurity.com 52.32.63.141 true
www.google.com 142.250.186.164 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://api-5092fa72.duosecurity.com/frame/portal/v4/enroll?code=3183a500b32b7883&akey=DA8L8ISEKSU54RQH2KYV false
    		unknown
    https://api-5092fa72.duosecurity.com/frame/static/css/normalize.css?v=a674e false
      		unknown
      https://api-5092fa72.duosecurity.com/frame/static/shared/js/errors.js?v=d10d2 false
        		unknown
        https://api-5092fa72.duosecurity.com/frame/static/shared/lib/he/he.min.js?v=aaa33 false
          		unknown
          https://api-5092fa72.duosecurity.com/frame/static/shared/lib/lodash/lodash.min.js?v=6585f false
            		unknown
            https://api-5092fa72.duosecurity.com/favicon.ico false
              		unknown
              https://api-5092fa72.duosecurity.com/frame/static/shared/lib/validator/validator.min.js?v=9a068 false
                		unknown
                https://api-5092fa72.duosecurity.com/frame/static/js/lib/jquery.tipsy.js?v=c0432 false
                  		unknown
                  https://api-5092fa72.duosecurity.com/frame/static/js/page/v3/prompt.js?v=69acc false
                    		unknown
                    https://api-5092fa72.duosecurity.com/frame/static/shared/lib/jquery/jquery-epilogue.js?v=c4ac5 false
                      		unknown
                      https://api-5092fa72.duosecurity.com/frame/static/css/v3/base.css?v=9a14c false
                        		unknown
                        https://api-5092fa72.duosecurity.com/frame/static/fonts/duo-admin/duo-admin.woff false
                          		unknown
                          https://api-5092fa72.duosecurity.com/frame/static/img/duo-cisco-logo-green.png?v=437f1 false
                            		unknown
                            https://api-5092fa72.duosecurity.com/frame/static/shared/lib/jquery/jquery.min.js?v=ff152 false
                              		unknown
                              https://api-5092fa72.duosecurity.com/frame/static/js/page/v3/base.js?v=fff81 false
                                		unknown
                                https://api-5092fa72.duosecurity.com/frame/static/v4/Portal.js?v=cfaf2 false
                                  		unknown
                                  https://api-5092fa72.duosecurity.com/frame/static/v4/Portal.css false
                                    		unknown
                                    https://api-5092fa72.duosecurity.com/frame/static/fonts/ss-standard/ss-standard.css?v=a8885 false
                                      		unknown
                                      https://api-5092fa72.duosecurity.com/frame/static/js/page/v3/frame.js?v=aaf8c false
                                        		unknown
                                        https://api-5092fa72.duosecurity.com/frame/static/css/fonts/duo-admin.css?v=50a8a false
                                          		unknown
                                          https://api-5092fa72.duosecurity.com/frame/static/shared/lib/backbone/backbone-min.js?v=e0ff6 false
                                            		unknown
                                            https://api-5092fa72.duosecurity.com/frame/static/css/tipsy.css?v=4217a false
                                              		unknown
                                              https://api-5092fa72.duosecurity.com/frame/static/js/page/v3/trigger-endpointhealth-verification.js?v=e90e7 false
                                                		unknown
                                                https://api-5092fa72.duosecurity.com/frame/static/shared/lib/jquery/jquery-prologue.js?v=400dc false
                                                  		unknown
                                                  https://api-5092fa72.duosecurity.com/frame/static/js/lib/jquery-postmessage.min.js?v=98c73 false
                                                    		unknown
                                                    https://api-5092fa72.duosecurity.com/frame/enroll?sid=frameless false
                                                      		unknown