Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2

Overview

General Information

Sample URL:https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPX
Analysis ID:1540580

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

  • System is w10x64_ra
  • chrome.exe (PID: 5948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1992,i,3339243644608925066,14939050128665229828,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2gO6OgqIjiVOuiOKdJ54uR6vKH6LxoJmXaYyDP06FLnyx33hmQsw-2FTLIWM0L17txasliYDS453bsTnKeaNAz2-2FJ-2B-2Byfa5Q-2B2vvSWAbdf9Dl2Z5wdwGUCwGK20TRyCfKegt6U47bTw4aNEK1lPSfdulvmXnziT-2B8RrRELZp74sw7DYTpX78Y58LbZ84Gai2-2BvpeTXGo5H-2B9KDMXCdG73osLK2H707FMBLYtaJM-2BRceDdTow55LEk3Ze7e8rmRBE3P-2FDHlXbbgNe3pQzEVX-2FHWSTwKIEaHg-3D-3D" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: erica.meyer@vailhealth.org
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: Title: Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program does not match URL
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: No favicon
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: No favicon
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: No <meta name="author".. found
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: No <meta name="author".. found
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: No <meta name="copyright".. found
Source: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.185:443 -> 192.168.2.18:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.18:49741 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: email.sg.on24event.com
Source: global trafficDNS traffic detected: DNS query: event.on24.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.18:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.18:49728 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.185:443 -> 192.168.2.18:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.18:49741 version: TLS 1.2
Source: classification engineClassification label: clean1.win@18/25@8/140
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1992,i,3339243644608925066,14939050128665229828,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2gO6OgqIjiVOuiOKdJ54uR6vKH6LxoJmXaYyDP06FLnyx33hmQsw-2FTLIWM0L17txasliYDS453bsTnKeaNAz2-2FJ-2B-2Byfa5Q-2B2vvSWAbdf9Dl2Z5wdwGUCwGK20TRyCfKegt6U47bTw4aNEK1lPSfdulvmXnziT-2B8RrRELZp74sw7DYTpX78Y58LbZ84Gai2-2BvpeTXGo5H-2B9KDMXCdG73osLK2H707FMBLYtaJM-2BRceDdTow55LEk3Ze7e8rmRBE3P-2FDHlXbbgNe3pQzEVX-2FHWSTwKIEaHg-3D-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1992,i,3339243644608925066,14939050128665229828,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
172.217.16.196
truefalse
    unknown
    r-email.sg.on24event.com
    199.83.44.68
    truefalse
      unknown
      r-event.on24.com
      199.83.44.71
      truefalse
        unknown
        event.on24.com
        unknown
        unknownfalse
          unknown
          email.sg.on24event.com
          unknown
          unknownfalse
            unknown
            NameMaliciousAntivirus DetectionReputation
            https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.orgfalse
              unknown
              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs
              IPDomainCountryFlagASNASN NameMalicious
              142.250.186.78
              unknownUnited States
              15169GOOGLEUSfalse
              2.16.238.162
              unknownEuropean Union
              20940AKAMAI-ASN1EUfalse
              1.1.1.1
              unknownAustralia
              13335CLOUDFLARENETUSfalse
              2.16.164.96
              unknownEuropean Union
              20940AKAMAI-ASN1EUfalse
              64.233.166.84
              unknownUnited States
              15169GOOGLEUSfalse
              239.255.255.250
              unknownReserved
              unknownunknownfalse
              199.83.44.71
              r-event.on24.comUnited States
              18742ON24-SACUSfalse
              216.58.212.163
              unknownUnited States
              15169GOOGLEUSfalse
              142.250.184.206
              unknownUnited States
              15169GOOGLEUSfalse
              199.83.44.68
              r-email.sg.on24event.comUnited States
              18742ON24-SACUSfalse
              172.217.16.196
              www.google.comUnited States
              15169GOOGLEUSfalse
              172.217.16.195
              unknownUnited States
              15169GOOGLEUSfalse
              216.58.212.170
              unknownUnited States
              15169GOOGLEUSfalse
              IP
              192.168.2.18
              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1540580
              Start date and time:2024-10-23 23:13:18 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Sample URL:https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2gO6OgqIjiVOuiOKdJ54uR6vKH6LxoJmXaYyDP06FLnyx33hmQsw-2FTLIWM0L17txasliYDS453bsTnKeaNAz2-2FJ-2B-2Byfa5Q-2B2vvSWAbdf9Dl2Z5wdwGUCwGK20TRyCfKegt6U47bTw4aNEK1lPSfdulvmXnziT-2B8RrRELZp74sw7DYTpX78Y58LbZ84Gai2-2BvpeTXGo5H-2B9KDMXCdG73osLK2H707FMBLYtaJM-2BRceDdTow55LEk3Ze7e8rmRBE3P-2FDHlXbbgNe3pQzEVX-2FHWSTwKIEaHg-3D-3D
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:17
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Detection:CLEAN
              Classification:clean1.win@18/25@8/140
              • Exclude process from analysis (whitelisted): svchost.exe
              • Excluded IPs from analysis (whitelisted): 172.217.16.195, 64.233.166.84, 142.250.186.78, 34.104.35.123, 2.16.238.162, 2.16.238.156
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, a744.dscw10.akamai.net, clientservices.googleapis.com, on24static.akamaized.net, clients.l.google.com
              • Not all processes where analyzed, report is missing behavior information
              • VT rate limit hit for: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiEPaEHJJFgiYXplLAcJlrHdy76l2h27xHZp5eIOOCTKE9AqS-2BsutjmvUi4loAaZ10inxPsZL2n-2Fn4ygPw-2F6fF0Fzgy-2BxjcWCB1aUPXBvUGF5GOSTWCjRuSi4ljDPHPHRxw-3D0wBZ_4VIg6VJN1oGMejs7X4BG-2B8Dx7zlW0DqHdFIQA-2FbNUlbN2-2BhKLCjq9fMbE2gO6OgqIjiVOuiOKdJ54uR6vKH6LxoJmXaYyDP06FLnyx33hmQsw-2FTLIWM0L17txasliYDS453bsTnKeaNAz2-2FJ-2B-2Byfa5Q-2B2vvSWAbdf9Dl2Z5wdwGUCwGK20TRyCfKegt6U47bTw4aNEK1lPSfdulvmXnziT-2B8RrRELZp74sw7DYTpX78Y58LbZ84Gai2-2BvpeTXGo5H-2B9KDMXCdG73osLK2H707FMBLYtaJM-2BRceDdTow55LEk3Ze7e8rmRBE3P-2FDHlXbbgNe3pQzEVX-2FHWSTwKIEaHg-3D-3D
              InputOutput
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307
              ```json
              {
                "contains_trigger_text": true,
                "trigger_text": "If you have previously registered for this event, please login below:",
                "prominent_button_name": "LOGIN",
                "text_input_field_labels": [
                  "Email"
                ],
                "pdf_icon_visible": false,
                "has_visible_captcha": false,
                "has_urgent_text": false,
                "has_visible_qrcode": false
              }
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307
              ```json
              {
                "contains_trigger_text": false,
                "trigger_text": "unknown",
                "prominent_button_name": "REGISTER",
                "text_input_field_labels": [
                  "Title*",
                  "Email*",
                  "Industry*",
                  "Country*",
                  "State*",
                  "Postal Code*"
                ],
                "pdf_icon_visible": false,
                "has_visible_captcha": false,
                "has_urgent_text": false,
                "has_visible_qrcode": false
              }
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307
              ```json
              {
                "brands": [
                  "ON24"
                ]
              }
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307
              ```json
              {
                "brands": [
                  "ON24"
                ]
              }
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: gpt-4o
              ```json{  "legit_domain": "on24.com",  "classification": "known",  "reasons": [    "The URL 'event.on24.com' is a subdomain of 'on24.com', which is the legitimate domain for ON24.",    "ON24 is a known brand that provides webcasting and virtual event services.",    "The use of a subdomain 'event' is consistent with the services offered by ON24, as it relates to events and webcasts.",    "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.",    "The presence of an email input field is typical for event registration pages, which aligns with ON24's services."  ],  "riskscore": 2}
              URL: event.on24.com
                          Brands: ON24
                          Input Fields: Email
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: gpt-4o
              ```json{  "legit_domain": "on24.com",  "classification": "known",  "reasons": [    "The URL 'event.on24.com' is a subdomain of 'on24.com', which is the legitimate domain for ON24.",    "ON24 is a known brand that provides webcasting and virtual event services.",    "The URL does not contain any suspicious elements such as misspellings or unusual domain extensions.",    "The input fields are typical for event registration, which aligns with ON24's services."  ],  "riskscore": 2}
              URL: event.on24.com
                          Brands: ON24
                          Input Fields: Title*, Email*, Industry*, Country*, State*, Postal Code*
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307
              ```json
              {
                "contains_trigger_text": true,
                "trigger_text": "Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program",
                "prominent_button_name": "unknown",
                "text_input_field_labels": [
                  "First Name",
                  "Last Name",
                  "Company",
                  "Title",
                  "Email",
                  "Industry",
                  "Country"
                ],
                "pdf_icon_visible": false,
                "has_visible_captcha": false,
                "has_urgent_text": false,
                "has_visible_qrcode": false
              }
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: claude-3-haiku-20240307
              ```json
              {
                "brands": [
                  "Metrasens"
                ]
              }
              URL: https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org Model: gpt-4o
              ```json{  "legit_domain": "metrasens.com",  "classification": "unknown",  "reasons": [    "The URL 'event.on24.com' does not directly match the brand 'Metrasens'.",    "ON24 is a known platform for webinars and virtual events, which could be used by various brands including Metrasens.",    "The URL 'event.on24.com' is a subdomain of 'on24.com', which is a legitimate domain for ON24.",    "The brand 'Metrasens' is not widely recognized, hence classified as 'unknown'.",    "The input fields are typical for event registration forms, which aligns with ON24's services."  ],  "riskscore": 3}
              URL: event.on24.com
                          Brands: Metrasens
                          Input Fields: First Name, Last Name, Company, Title, Email, Industry, Country
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 20:13:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):3.9764241418319894
              Encrypted:false
              SSDEEP:
              MD5:5BDC5C76E6FB8CBBA8C4DB2B1CA86EE6
              SHA1:68FD28977804A4F3ED7ECE5056567216AC3D61D8
              SHA-256:7C942697C74B51118320AC471DC5CDB93173D717EF8C5D2EDE29A910D82E8D10
              SHA-512:31C2D518FDE6E992B55203E2218A3EBDFD8084BC4ED9F9AABD7F0D60F86F9E8482C18E1DC72EEA4DB67C4C4337D4BF59B850A97630B26B18FAD3D32AFE87151D
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,......Ls.%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY......M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~.V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 20:13:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.990461614623504
              Encrypted:false
              SSDEEP:
              MD5:C47DEEBF446337E56D5C50F0DF038F63
              SHA1:B6AEB816CA7F48BDDB1B2D539DAB0E5187860B34
              SHA-256:341F5FA5DF09E42A290A9AE0CBB66F9AB01859689ACEE681124891F621BE6939
              SHA-512:9584EA83CD5FB71FF0F8C65E196B99A16BF72CDE6742C351714AB77DD8CB70A7306588421A14BDBEF392127916CDB7A4105FF2DCA17090E70C393A7887D58409
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....f>s.%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY......M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~.V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2691
              Entropy (8bit):4.00114613158096
              Encrypted:false
              SSDEEP:
              MD5:4CED6CDEBA1B667A45A14FC19F035F10
              SHA1:73D1546A99C0FA74ECB1BD483F6FA83F4A154275
              SHA-256:337FDCE69D62C5925912A8FD31CFAFF85089784B6743A73FA70EF98E106ADA4F
              SHA-512:175CF53DE45A1E50CF15EF31BF40EB208ADE7F554C66E4E2F7E7C00EF17103A5EDBEE48767497083765DF829AC8FC42229EF27031B29EE3A98E91A86B6F76E40
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY......M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~.V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 20:13:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.988498632394872
              Encrypted:false
              SSDEEP:
              MD5:D9BD1C7458D50E1B0629983A5F947AF8
              SHA1:DE278CA258B618045D2D07EE6CBF21AB8AA2B940
              SHA-256:2B12C17124B73F7E625830E8347C902636F6D6AB330A4965EF1802A529EE2AC3
              SHA-512:5CC851FF8BAB5DA4BF4F45B8D9F47DD13B29C76962739808877C2918F482546A9247989EF0540216732ED511BD1A5BA16E2054D3508CF871F1A16576A75A8766
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....#.8s.%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY......M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~.V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 20:13:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.978002011674605
              Encrypted:false
              SSDEEP:
              MD5:86E8B69E56E55C9B179AE7ED1E266028
              SHA1:F58F098521A8D3808835D0D58C837F10D80D040F
              SHA-256:85C9FE13E769D7E179C9CFA7EF351F33021DCECDB3B46559F96B3FEE80F54F73
              SHA-512:9672A523C8BA79EC794FC16C56BA41BCB09E20474198D2ACC987C5FEE3919E348261A378FC03701DD03F70B4601B63B3E58C620EAE415B7A424401F48ABD8294
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....|Fs.%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY......M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~.V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 20:13:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2681
              Entropy (8bit):3.9855268476080883
              Encrypted:false
              SSDEEP:
              MD5:6A175843E32108D40A47762EEE9FDEAB
              SHA1:7405FD025F2C75230FC83402A4E570B73CCDE67C
              SHA-256:BD806C35A9AAB996A3339DA0083D4FAB7F9B52B80E1F335ECCA503649CB93E8E
              SHA-512:FDA5867F92C1DF21F6382347782EED63691535FCB725A2D0A02A102BB8C4CE8427D48BC9BD300DEE82FE4FB021391685B586EEE4E3782A3F1B20C8C73DE0734F
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....x.-s.%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IWY......B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VWY......M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VWY.............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............~.V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format, TrueType, length 235472, version 0.0
              Category:downloaded
              Size (bytes):235472
              Entropy (8bit):7.995452823016873
              Encrypted:true
              SSDEEP:
              MD5:A1F67B3626AA6C1DDE47A21214A2BACD
              SHA1:FB5BFEF666DB079A581438CAFA4990A72CF60EF1
              SHA-256:4DE12927BA915B8E2C311F0F99DE411118D7C8143513CE3F78068F6F44B0C4B2
              SHA-512:223D1AD1B1BA7B4D267430F758F6DCC9DE618452A8EC68F7A4C4F3B81443B4757D66328CCCAAD6A0F236A6CA5A7B9E9855E667A0DDB4884FD17DAE13A9E84C58
              Malicious:false
              Reputation:unknown
              URL:https://on24static.akamaized.net/view/eventregistration/fonts/font-segoe_ui/segoeui.woff
              Preview:wOFF........................................FFTM............6...GDEF..,....y.......tGPOS..6|..a8.....v.GSUB...4...H......Z%OS/2.......`...`RUJ.cmap............X...cvt ..&....]....^lG.fpgm.......D.....<*.glyf..D.........=.1Phead.......1...6....hhea.......!...$... hmtx...X......-PH.e.loca..(X...1..-T.t.maxp....... ... .}..name...X........8...post......3...w .5..prep..!............Hx.c`d```e....E(...+.4.........z......$.:.P..&...x.c`d`.X...#/....+..1.E..w.....Z........T....._......./.e.............i.........3.......3.....f................"........)....MS .@.......Q......`........... . ..x...pU.u.._O..(X..+"B.XP.d.....R..XQe..UEa.JT.0.J..+.bF!..+...*.f.e.eL)}.l...P.RJ..2....L..X......x.!<e...w...s...r.JB..;...J.t.a..zg..9..[#.._..qYo.5`.=S*.r6..1v..B...i.../......[@S.n........X...n...-...0.M..e..C.K.>+Iw...$i.....;[../..x..J..YNsH..)..)..w.lu....R.....e..*E...N..3v.{.-5.P.svH..b.;.xi.V.D.^%..E.{...f...$....{~.....2..).x.j..!.A.nw......;....s......G.G>..<
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 698x698, components 3
              Category:dropped
              Size (bytes):84352
              Entropy (8bit):7.988901137195488
              Encrypted:false
              SSDEEP:
              MD5:962E5E46D2E26971E766E8536364C700
              SHA1:FF86A58C3D581A851A62A2DAE19FD21385F3532D
              SHA-256:1C0F4A9A39C707C1177F88B2515094D9932B0874C676D731FD714C3410094623
              SHA-512:EBBA8E6AB558CEF23378D1FB55339EB0E589AD7DE02FB60898C8DCF40D62C595CEC897C18B45F17A3601386A19F0C256743FF60C36136A39DCA8E16E7370CC0E
              Malicious:false
              Reputation:unknown
              Preview:......JFIF.............C....................................................................C............................................................................"...............................................................................f./.~;3..... ...x7D..6......dL.a......f..l.....".o.....~.............QO..Vc.`.&;..V4.../vd.Yd.. jl..F...F.;.hR...B..qU.'.k.%.w....f....[N.f..F4..)._{..Q.}.7....9....`.Oi..Xugf.=.$.....$l.A...w0! >..r.....k.....r..90.Z.DG4A.T......rx...r:...bwX..S.p..Y..gU....y.%...........LV.M.&Pa...mG.):mN.8.....).Cu,.W.j....<..>..p^.~2...R.x...d..?.......Q..v.cY...W......k.}....jA...O......X`6y.SD..k.t....,V.6.E...x...5..1...*'...i2Z...{\K...Ou..D.4.5v...z.u.....ts.?.....{'....G....N.`e...d.:.#\.=..g.C..GO..E.s.{..L..>.o..G...M....V...m..B|.2tq....5..w.r.9t.).e.Z.za.....q.O..Rg-r.u..,.7jRh...s=.7...a....F...8..!F+]..Z...{L...8_q....ru.....OOa.2.N?H.....K.9..|.RLt.RT.).....l...X..m..<.;....E...p..y}/..]
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 86 x 38, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):1454
              Entropy (8bit):7.7959366611713214
              Encrypted:false
              SSDEEP:
              MD5:6CBF43F3AE1D079B7D7C90F1F73E9C97
              SHA1:6F51609F2F11FDE6C663AFFD85924DC01D4CC85C
              SHA-256:EE3F6AEC6430D78E4189049F3C4523D5448EF71759860BAA62A8202ED89F679C
              SHA-512:9684B3FF73075B1AB1893CDA345E6C9B126C1ED7C352EC36849E13179DE084255E9307F7B007E47DBF216A70BF663A41BA4E866A9F2416930792EF1B75BE0ADC
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR...V...&.....^tl6....pHYs................`IDATx...M+;..S..6....B.4..@..@. ...}..^S...;"....?..\.koB...HVv....f<.{a2.L&''''].v]..u].L.X..`91.?....y?.N.z?vL.k.P>.K..y.\....../...f.....xx....................i..=..=.wvv....l....||l..oT..i.v... _e......z..Cjs>......{...> :I....U..q.... ...K1$.R._.7.......V......b.U...V{p.....).qq..Pj0X.y.B...V..=.#..)._.u..9.*...........0..a..8..].t...Vyt.rt...,...<..4....<mz..Xw?..:.\....U..a:J....,S].S..U..q...5....W....f...m. py..E.V..j...3@..^V....<..|..u|a.Q`..i6."....Ku.5.=.2.F...K.*...;(....&.Q.E...H.....V!G.'..{i..M....VI,p^....'....Y.Z....&....K#1..%:[+].[.K.}PJJb\.J...|.8....`cl...h.s...}}}e-15P.}...............(.)....x.+p@..".7.V..].....rs}.q...!..e.. .v.....V..:..R..%.[.K...e.Y.osa!...6.(..N.+y6.vc.K....!.E..S...s.&#i..Z...*..A......W..)V.}..A.W...l<.(i.u.]....KE.)..O.....K...W.#..4.....6.....N.b..o...].CK-.Q..`}p.q.Z.s.%b....HX.w..Z.<.H..f.1...[j..k..N..x.........8.S.@Jv.....
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (546)
              Category:dropped
              Size (bytes):38950
              Entropy (8bit):4.718834055394851
              Encrypted:false
              SSDEEP:
              MD5:0F042782BB77E05BAC5C67683712C17F
              SHA1:9B0DE34D75DC5448AC773D3DFFFE40DF496F72D7
              SHA-256:33C1EBC20F0BAAEE7475FD82A3F1CE7307EBFCF166010A9C4C9140A48D427C88
              SHA-512:D2518269F917086C2EC2388EC6EABF53987B6472865ABB516E7F00E8F87D2E2FDA222D5822942C70304410992836A69961052751042FF56F0D6AA35C5BF44C2E
              Malicious:false
              Reputation:unknown
              Preview:<div id="vueTpl">. <div id="banner" v-if="!!bannerSrc">. <img id="bannerImg" :src="bannerSrc" :alt="bannerAlt" tabindex="0" />. </div>.. <div id="contentWrapper">. <overview :d="overviewData"></overview>.. <div id="layout-container" class="flex-container". :class="registerData.is2ColLayout && registerData.isRightAlign === false ? 'swapLR' : ''">. <div id="contentLeft" v-if="!hideLeftCol">. <div id="realLeftContent" class="realContent">. <summary2 v-if="registerData.is2ColLayout" ref="summaryy" :d="summaryData"></summary2>. <summaryy v-else ref="summaryy" :d="summaryData"></summaryy>. </div>. </div>. <div id="contentRight" :class="isHybridMode() && !isLobby && urlPara.showqrcode=='y'?'showQRcode large':''">. <div id="realRightContent" class="realContent">. <register v-if="errorData.errorCode=='loginlocked' && !nee
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):28
              Entropy (8bit):4.039148671903071
              Encrypted:false
              SSDEEP:
              MD5:0EAD5290EE11F36AF6A907C4EC3CBCBD
              SHA1:B69C0BE568E823942C78FAA0BFCCAE6E4AFF8EA2
              SHA-256:2584F4618A9A3901536BF4CDCB3B16C28E18D959AB406867605150F511880DD1
              SHA-512:9452486ADD12BE32791DD9C3DDF4DF48E4737A0B6CC1BC40918789F00CFBD4638AB07D1E8E30949133C722D1F24059671B16C186E48F77DCB8B3FC3AED387B08
              Malicious:false
              Reputation:unknown
              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwk82t7xfyZZSxIFDb6WR8YSBQ2z2vek?alt=proto
              Preview:ChIKBw2+lkfGGgAKBw2z2vekGgA=
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x800, components 3
              Category:dropped
              Size (bytes):112779
              Entropy (8bit):7.98536103191422
              Encrypted:false
              SSDEEP:
              MD5:8775D874266F0F1741B6DDC016A7B554
              SHA1:A78ADCB5385A6D0CF04A74EA63037B81993AB68E
              SHA-256:97DF91F31B44F30593E5D5249F2A429B20745EFDC95CF1B67D48145E833B41E7
              SHA-512:02FC8453F1E9ADA8BE76898A4982A42727021D434248869B5594700C4692B3ECBF953912E6582661A2381EFD43DAE24AFE40F2381166B2BFA6B627CA96C639E5
              Malicious:false
              Reputation:unknown
              Preview:......JFIF.............C....................................................................C....................................................................... . .."................................................................................s3...%...rRHI........p.e..s...d..D.Z.q...&.,.,......'7..w..b........xITl..f..5...30.,.C..(dp.....a..c..dK...d.&d..`...K.....T..W..pq...C.0Q(..Bd.M.1.1....I...b..P.I.R.7%@9h.b.#0..f.C(.H..K%....d...*..*..J.`aRr.'..b.L,.2........0..P.p.(#&b&KPfe#3.....kh6.8.\....x,_`..Hsb2us&H..s32..H...fFe)......g6$...0.<J.....G$.d...-..F0.S.~.N.9..mF.....E..J.lj.<D.F.-.......U..S.."...DJ....A,"'&#'-..I..."cX.0.kz.b..xN..}o.;.....a...[.1.fdL.h..L5......2U.x.-.H.!Jx..."...\..u...y..n.T4}..\j...RUj....|z..Gc.4Ni@.....U..T5v.....BA.D..I......).. p..........-.t.!d8n...'&.[.+).$pI..`Hss"-)..`...=.j...aD...d....S.2..........ZMY..l...t4.e.U.iN..F.HF,Ymk .FW.......b...B*....`..T..........H8mF6$.fX.8..b&%g'7...E..$Z.....`......`
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JSON data
              Category:downloaded
              Size (bytes):12596
              Entropy (8bit):4.757176782653038
              Encrypted:false
              SSDEEP:
              MD5:CDC1DD374F940116BA63A86691394DBC
              SHA1:69D17B6099FC7C4362F793E3754D248852793FB0
              SHA-256:A901D54EDD59210C4FDAF72EA6FADF828C1FC0385A671487E7A7A98CE6BF10F1
              SHA-512:93EBC808EBC1E4CF98A79B726BA8AF4B73210796BDE911FE93217A2BE463EA96F056BDDA9A0979C71A41F79C867B101CAA51B3E231108E4EF5E51412CA4F8F1F
              Malicious:false
              Reputation:unknown
              URL:https://on24static.akamaized.net/view/eventregistration/24.4.1/dictionary/dictionary.en.js?b=0007823747865
              Preview:{."add.event.to.calendar": "Add this event to your calendar",."add.event.to.google.calendar.html": "Google Calendar",."add.event.to.google.calendar.image.text": "Add Event to Google Calendar",."add.event.to.google.calendar.text": "To add this event to your Google calendar, please go to this URL:",."add.event.to.outlook.calendar.html": "Outlook/iCal",."add.event.to.outlook.calendar.image.text": "Add Event to Outlook/ICal Calendar",."add.event.to.outlook.calendar.text": "To add this event to your Outlook/iCal calendar, please go to this URL:",."already.registered": "If you have previously registered for this event, please login below:",."apply.coupons": "Please apply coupons before submitting",."best_webcast_experience": "For the best webcast experience, please use",."check.box.continue": "Please check the box to continue",."chrome_browser": "Chrome Browser",."company.banner.image.text": "Company Banner",."computer.speakers.image.active": "Listen With Computer Speakers",."computer.speake
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (65451)
              Category:downloaded
              Size (bytes):5211175
              Entropy (8bit):5.506986422528907
              Encrypted:false
              SSDEEP:
              MD5:6D3B47EE2826BCA50572424CF77343E1
              SHA1:9F4930F72E80A98196743997333D9E669620C773
              SHA-256:48E5B8657138ECBB3D10EDFBC68E1636131B2160CC29E2554007078272D49155
              SHA-512:2A1E3B1EAD9D98995C801A8437FEB69776FA03A4DC3F654AEBF2CFCD47CD5169E80D0791DD5CBE553DFE203A364565FAFDD15E4B43F7E52BCF7995232CEB2583
              Malicious:false
              Reputation:unknown
              URL:https://on24static.akamaized.net/view/eventregistration/24.4.1/dist/reg30BundleJS-0007823747865.gz.js
              Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):7339
              Entropy (8bit):4.760431624744836
              Encrypted:false
              SSDEEP:
              MD5:466D3024C46ECCFE5B1F471F534B529D
              SHA1:EE2E2B5BBCF3C848EE8A01584EB04D80357BBB76
              SHA-256:103A279906DA60547BC801C8D132F94BC7915F615EBA2459007C1E70E041F234
              SHA-512:028C01B29AFE271E49E7CB0B22FAC0F61CC263B23A1605F12A67EAE600CD05BA21E9ED0B2D1BAD93DEDDB82ED3078D391EB47CF1928FD998286FE65BCEBAE86D
              Malicious:false
              Reputation:unknown
              Preview:{"event":4737373,"session":1,"success":true,"errorMessage":null,"displayelement":[{"displayElementID":"240875332","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#ffffff","displayElementValueCode":"lobby_bg_color","validationTypeCode":"none","displaySequence":"0","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"-1","index":"0","bottomPadding":5,"displaytypecode":"lobby","displayelementoptioninfo":{"event":"4737373","session":"1"}},{"displayElementID":"240875333","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"Y","displayElementValueCode":"event_logo","validationTypeCode":"none","displaySequence":"1","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"329642391","index":"1","bottomPadding":5,"displaytypecode":"lobby","displayelementoptioninfo":{"event":"4737373","session":"1"}},{"displayElementID":"24
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (2363)
              Category:downloaded
              Size (bytes):110903
              Entropy (8bit):5.193631501736866
              Encrypted:false
              SSDEEP:
              MD5:2304E9C7BCB3CDF51B65AA8A2C9F8919
              SHA1:0CB026033AC28E683724F87925D299E3ECFC60C2
              SHA-256:009EA457FF3FF823D24E01032A8725E573018B35DDFBB7F28C67F6F58998E502
              SHA-512:35884C1F2F5A9EEA674630019F670B43453199961F3DACC25ACD8FEE5B2CF16CF8090154353D48D883080DC1ECD1CF6B0CF59CC008A775EA5999910F4585CDA3
              Malicious:false
              Reputation:unknown
              URL:https://on24static.akamaized.net/view/eventregistration/24.4.1/dist/reg30BundleCSS-0007823747865.gz.css
              Preview:/*! jQuery UI - v1.12.1 - 2018-06-10.* http://jqueryui.com.* Includes: draggable.css, core.css, resizable.css, selectable.css, sortable.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, progressbar.css, selectmenu.css, slider.css, spinner.css, tabs.css, tooltip.css, theme.css.* To view and modify this theme, visit http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&offsetTopShadow=0px&thicknessShadow=5px&opacityShadow=30&bgImgOpacityShadow=0&bgTextureShadow=flat&bgColorShadow=666666&opacityOverlay=30&bgImgOpacityOverlay=0&bgTextureOverlay=flat&bgColorOverlay=aaaaaa&iconColorError=cc0000&fcError=5f3f3f&borderColorError=f1a899&bgTextureError=flat&bgColorError=fddfdf&iconColorHighlight=777620&fcHighlight=777620&borderColorHighlight=dad55e&bgTextureHighlight=flat&bgColorHighlight=fffa90&iconColorActive=ffffff&fcActive=ffffff&borderColorActive=003eff&bgTextureActive=fla
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 1920 x 250, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):87138
              Entropy (8bit):7.975278915547102
              Encrypted:false
              SSDEEP:
              MD5:AAF3D49A203EB809CF3434A350391934
              SHA1:48F40448174D71F335C34C844069BBE8761B63F1
              SHA-256:6FC7457E2588AD26391B032E2C24F93E167CB0D340FE2DA4BE514516F218EEE7
              SHA-512:F4339ACFC69D80D61B8EAB845A8A6FB399BDE91720C8F8A598980271397B21D45ED186FFB85E91D8DA691CD0BEDD0CB08E6E8CCB0BB9959BB7BEDCBB9B851766
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR.............@.Z.....pHYs..........+.....;tEXtComment.xr:d:DAF42yfEdYU:4,j:3062862103631042213,t:24010319p.}.....iTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x='adobe:ns:meta/'>. <rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>.. <rdf:Description rdf:about=''. xmlns:dc='http://purl.org/dc/elements/1.1/'>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang='x-default'>Webinar Series (1920 x 250 px) - 1</rdf:li>. </rdf:Alt>. </dc:title>. </rdf:Description>.. <rdf:Description rdf:about=''. xmlns:Attrib='http://ns.attribution.com/ads/1.0/'>. <Attrib:Ads>. <rdf:Seq>. <rdf:li rdf:parseType='Resource'>. <Attrib:Created>2024-01-03</Attrib:Created>. <Attrib:ExtId>87b85b57-712c-42a7-bd6a-d143e847437d</Attrib:ExtId>. <Attrib:FbId>525265914179580</Attrib:FbId>. <Attrib:TouchType>2</Attrib:TouchType>. </rdf:li>. </rdf:Seq>. </Attrib:A
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
              Category:downloaded
              Size (bytes):1150
              Entropy (8bit):5.212499153364691
              Encrypted:false
              SSDEEP:
              MD5:4EAAF322533442A7BEC61B0D8619999F
              SHA1:1BA08B6357930A6C98FE358029D51D7380F5C246
              SHA-256:9480A6181B9AA45EC64B615336B9EF5A970EE640E29D8A6C361B59F474E4E31C
              SHA-512:3CD01BF1625A8E46A1E02679F1B9E878ACC24E9CE715F157519833D6DF1A1D017F8D83ECFEC842F5720FBC3125AD07170CB0733771E19D6D3806B729B442AA13
              Malicious:false
              Reputation:unknown
              URL:https://event.on24.com/favicon.ico
              Preview:............ .h.......(....... ..... ..........................@0..@0..@0..A1..?/..2!..&...........&...2!..?/..A1..@0..@0..@0..@0..@0..C3..3"..$...OA...x...........w..O@..$...5$..C3..@0..@0..@0..C3..-...6&..................................1 ../...C3..@0..B2../...;*..........................................0...3"..B2..=,..(...............u...u..............................$...>/..'...nb..........yn..;*..................................cV..*...#...........................VG..#...#...,...~.............."...4$..........~..(.......h[......=-..?/..6&................3"..9(..........}r..1 ..|q..6%..>...@0..@0..A1..4#..6%..........6%..)...................7&..=-..A1..@0..@0..@0..;+..$...........'...!.............6%..(...C3..@0..@0..B2..3"..:)..-........$...6%..;+..............$.......2!..3"......M>...t..K<......H8..9)..B2..%...fY..............sf..L=..I:..}......pd..G7..[M..1...B2..@0..@1..$...fY.............................%...@0..7'..A1..@0..@0..A1..@0..%...=,..~............N?..%
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):16
              Entropy (8bit):3.875
              Encrypted:false
              SSDEEP:
              MD5:903747EA4323C522742842A52CE710C9
              SHA1:9F806EA4288867A31A4AD53AC171AA4029DF182B
              SHA-256:4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
              SHA-512:EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
              Malicious:false
              Reputation:unknown
              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAkOx02xpAbBNxIFDYOoWz0=?alt=proto
              Preview:CgkKBw2DqFs9GgA=
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JSON data
              Category:downloaded
              Size (bytes):24541
              Entropy (8bit):5.025691456904745
              Encrypted:false
              SSDEEP:
              MD5:BFBCE9012F05015AD4CD831A394BE342
              SHA1:684973BE74B720CA7884DBC7D9EEF4672344DCD8
              SHA-256:52F1382D7C8B7123934985DB264E4DF9C55F9B359FBCD5EFBB6EB567BB0BE2FD
              SHA-512:1EB21BB17D9A47011A8F2A00B73ED0EADD8451B1951C1BA96BA4AE89BAEC5DDAC6ABFBDE8D9CD22DCF40F66D1809FB576760EB81F24BB0DB6AA65DE90CF49FE1
              Malicious:false
              Reputation:unknown
              URL:https://event.on24.com/apic/eventRegistration/webapi/regPage/displayElements?eventid=4737373&sessionid=1&key=DE825BDFED59806FCF6781B41684F83E&code=registration&mode=login&random=0.765010095560483
              Preview:{"event":4737373,"session":1,"success":true,"errorMessage":null,"displayelement":[{"displayElementID":"240875348","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#ffffff","displayElementValueCode":"reg_bg_color","validationTypeCode":"none","displaySequence":"0","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"-1","index":"0","bottomPadding":12,"displaytypecode":"registration","displayelementoptioninfo":{"event":"4737373","session":"1"}},{"displayElementID":"240875349","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"Y","displayElementValueCode":"event_logo","validationTypeCode":"none","displaySequence":"1","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"329642391","index":"1","bottomPadding":12,"displaytypecode":"registration","displayelementoptioninfo":{"event":"4737373","session":"1"}},{"display
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):57031
              Entropy (8bit):5.173583627836858
              Encrypted:false
              SSDEEP:
              MD5:C17F13673459A5A36CBA916D25871832
              SHA1:AA5F71DF6E9771D158DCC2499E193E49D86CA3BD
              SHA-256:CB9EB01B060B4ACE9CB6ACD6BAEC94B801879F935F31DE21A26B6642EA3FABD6
              SHA-512:3B444ED08D6F4E6D7063999881A6B8CD9F10CB412787A160FB09F4675799209D05A0FB317D4272D2182C0B46A2E7A022166AFAAAEC89A0E0FE3605A48A5CA54D
              Malicious:false
              Reputation:unknown
              Preview:{"event":{"id":"4737373","name":"null","description":"Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program","localelanguagecode":"en","localecountrycode":"null","clientid":"29301","clientname":"elitemetrasens","displaytimezone":"Central Daylight Time","displaytimezoneshort":"CDT","goodafter":"1729695600000","playerurl":"https://event.on24.com/eventRegistration/console/EventConsoleNG.jsp?uimode=nextgeneration","registrationurl":"https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg30.jsp","campaignCode":"null","itemsOfInterest":"null","formattedeventdate":"Wednesday, October 23, 2024 - 10:00 AM Central Daylight Time","localizedeventdate":"Available On Demand","localizedeventtime":"","lockRegScheduleOn":"true","isinarchiveperiod":"true","localizedarchivestartdate":"Wednesday, October 23, 2024","localizedarchivestarttime":"11:30 AM Central Daylight Time","localizedarchiveenddate":"Thursday, October 23, 2025","localizedarchiveendtime":"11:30
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):172
              Entropy (8bit):5.173169733255691
              Encrypted:false
              SSDEEP:
              MD5:BB2E31A4BC2985165676B5067EE87BB6
              SHA1:99CFF9168AF319097669B3F3C58AEB16DA687834
              SHA-256:36BCFA5CA247E17D48F98538CD1FA376A511FC6CBB102FBAB8467725D80D47D9
              SHA-512:5F2377B7F0BE4F98FE3544D7898FF4234F02E53489A8F769C75A3453D3FFF3A1942A0F1B70E24EC922108325C530E27AFDD13478B90BC4F8D998DA9E6B766D75
              Malicious:false
              Reputation:unknown
              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSVgkB8Mok0WJz5xIFDXrhT-ASBQ2cTkrQEgUNkgVUzhIFDTwri1USBQ2DqFs9EgUNJK5YDRIFDaB52aYSBQ1Vu_VvEgUNY67tIRIFDb6WR8YSBQ2z2vek?alt=proto
              Preview:Cn8KCw164U/gGgQIAxgBCgsNnE5K0BoECAUYAQoLDZIFVM4aBAg8GAEKBw08K4tVGgAKCw2DqFs9GgQICRgBCgcNJK5YDRoACgsNoHnZphoECCQYAQoLDVW79W8aBAgiGAEKCw1jru0hGgQIIxgBCgcNvpZHxhoACgcNs9r3pBoA
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Unicode text, UTF-8 text
              Category:dropped
              Size (bytes):6359
              Entropy (8bit):4.5925789503655885
              Encrypted:false
              SSDEEP:
              MD5:A2E1E696F9109C439C21C7525B5B86A5
              SHA1:1EB49E7AE5848C9C6D240EB94448824D7B5610B0
              SHA-256:811B943E9281304989EBAA1B1227EA4A6384E933A30035B6B5E208096BE43FE2
              SHA-512:8F4392936FA4C3BF1670D3D503252DCBD16AAAC0A1FA2F22C8B14E2C7C9CC866017B012DB9F72030C399D69BCD0EC0F576C39A800A9316C9D4EAB172B33C0E5D
              Malicious:false
              Reputation:unknown
              Preview:var globalRegCountries={. "Afghanistan": [],. "Albania": [],. "Algeria": [],. "American Samoa": [],. "Andorra": [],. "Angola": [],. "Anguilla": [],. "Antarctica": [],. "Antigua and Barbuda": [],. "Argentina": [],. "Armenia": [],. "Aruba": [],. "Ashmore and Cartier Islands": [],. "Australia": [],. "Austria": [],. "Azerbaijan": [],. "Bahamas, The": [],. "Bahrain": [],. "Baker Island": [],. "Bangladesh": [],. "Barbados": [],. "Bassas da India": [],. "Belarus": [],. "Belgium": [],. "Belize": [],. "Benin": [],. "Bermuda": [],. "Bhutan": [],. "Bolivia": [],. "Bosnia and Herzegovina": [],. "Botswana": [],. "Bouvet Island": [],. "Brazil": [],. "British Indian Ocean Territory": [],. "British Virgin Islands": [],. "Brunei": [],. "Bulgaria": [],. "Burkina Faso": [],. "Burundi": [],. "Cambodia": [],. "Cameroon": [],. "Canada": [. "Alberta",. "British Columbia",. "Manitoba",. "New Brunswick",. "Newfoundland and Labrador",. "Northwest Terri
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text
              Category:downloaded
              Size (bytes):3058
              Entropy (8bit):4.997070268333825
              Encrypted:false
              SSDEEP:
              MD5:19039B5BF07844500970D2E6629598E6
              SHA1:75A11DF260CCD2D97DD0FDD4E0F7A8A2943AA5B9
              SHA-256:AA7F210F48ED63F281CAA944F3CE4DFC16367012295593D3334F7209759BEA00
              SHA-512:FC318D8ED4C8610CB06958AE7122B28AF8C4EE77D6CC10699678B2207E9AFDAFA63E8A8C5C25C8D00B06B0481609E9ADB504F87E3137FAD79091500EC1C26FEE
              Malicious:false
              Reputation:unknown
              URL:https://event.on24.com/wcc/r/4737373/DE825BDFED59806FCF6781B41684F83E?mode=login&email=erica.meyer@vailhealth.org
              Preview:...........<!doctype html>.<html lang="en">..<head>...<meta charset="utf-8">...<meta http-equiv="X-UA-Compatible" content="IE=edge">...<title>Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program</title>.. . ...........<meta name="viewport" content="width=device-width, initial-scale=1">........<base href="https://on24static.akamaized.net">..... ... <meta name="twitter:card" content="summary"/><meta name="twitter:title" content="Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program" />... <meta property="og:title" content="Evidence-Based Empowerment and Financial Support for a System-Wide MRI Safety Program" />... .. .. ... <meta name="description" content="Wednesday, October 23, 2024 at 10:00 AM Central Daylight Time. " >... <meta name="twitter:description" content="Wednesday, October 23, 2024 at 10:00 AM Central Daylight Time. " />... <meta property="og:description" content="Wedn
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
              Category:downloaded
              Size (bytes):77160
              Entropy (8bit):7.996509451516447
              Encrypted:true
              SSDEEP:
              MD5:AF7AE505A9EED503F8B8E6982036873E
              SHA1:D6F48CBA7D076FB6F2FD6BA993A75B9DC1ECBF0C
              SHA-256:2ADEFCBC041E7D18FCF2D417879DC5A09997AA64D675B7A3C4B6CE33DA13F3FE
              SHA-512:838FEFDBC14901F41EDF995A78FDAC55764CD4912CCB734B8BEA4909194582904D8F2AFDF2B6C428667912CE4D65681A1044D045D1BC6DE2B14113F0315FC892
              Malicious:false
              Reputation:unknown
              URL:https://on24static.akamaized.net/view/eventregistration/fonts/font-awesome_4.7/fonts/fontawesome-webfont.woff2?v=4.7.0
              Preview:wOF2......-h..........-.........................?FFTM.. .`..r.....(..X.6.$..p..... .....u[R.rGa...*...'.=.:..&..=r.*.......].t..E.n.......1F...@....|....f.m.`.$..@d[BQ.$([U<+(..@P.5..`....>.P..;.(..1..l..h...)..Yy..Ji......|%..^..G..3..n........D..p\Yr .L.P.....t.)......6R.^"S.L~.YR.CXR...4...F.y\[..7n..|.s.q..M..%K......,.....L.t.'....M.,..c..+b....O.s.^.$...z...m...h&gb...v.....'..6.:....s.m.b.1.m0"....*V.....c.$,0ATPT.1.....<..;...`..'.H.?.s.:..ND.....I..$..T..[..b4........,....bl6...IL.i}.&.4.m,'....#....Rw..bu..,K......v....m_-...\H....HH.......?...m..9P...)9.J..$.....8......~.;.r..n.=$.....Nddn.!'....;...8..'.N...!.-..J.........X.=.,......"`:....... {......K!'...-FH....#$~.Z_.......N5VU8F....%.P..........Cp..$.Q.......r.....k.k...3...:R.%....2{.....h%.)8..........ILK.6v.#......,;.6..N.2.hv...........OO..t#....xT..Bf....q^.#....?{.5b.I..%-WZ..b.A...^.1..n5.....NQ.Y'.........S.....!t" .`b3..%....35....fv;....l..9.:jgf?gr..p.x. ..|.. $. e.
              No static file info