IOC Report
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bW1oiK-2Fg70N9FV1Dojzh5ZJ6gm2282iFGsrZaX-2FqjVmp1sEnvqhOeeCCHf5DhbI384zbSao3Tph9lcoJuvF0MGr5FmUUfNaJWYnOyMwOmbl6_jHo_VAdWm5g1Y0U-2Bo3iUtCCTbabS-2BY8KRKfU-2Fjw6ULpvr7pyaTVMKjBf4EPA3H5RiX72YEplZSfXTnomvJKRsuorYVEKZ5vhLtPXq-2F8pfrfiv7

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 101
JSON data
dropped
Chrome Cache Entry: 102
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 103
JSON data
downloaded
Chrome Cache Entry: 104
Unicode text, UTF-8 text, with very long lines (65480), with no line terminators
downloaded
Chrome Cache Entry: 105
JSON data
dropped
Chrome Cache Entry: 106
JSON data
dropped
Chrome Cache Entry: 107
JSON data
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (4383), with no line terminators
downloaded
Chrome Cache Entry: 109
JSON data
downloaded
Chrome Cache Entry: 110
JSON data
dropped
Chrome Cache Entry: 111
ASCII text, with very long lines (65465)
downloaded
Chrome Cache Entry: 112
TrueType Font data, 14 tables, 1st "FFTM", 17 names, Microsoft, language 0x409, Copyright Dave Gandy 2016. All rights reserved.FontAwesomeRegularFONTLAB:OTFEXPORTFontAwesome Re
downloaded
Chrome Cache Entry: 113
JSON data
dropped
Chrome Cache Entry: 114
JSON data
downloaded
Chrome Cache Entry: 115
PNG image data, 480 x 320, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 116
JSON data
downloaded
Chrome Cache Entry: 117
ASCII text, with very long lines (1243), with no line terminators
dropped
Chrome Cache Entry: 118
TrueType Font data, 20 tables, 1st "GDEF", 41 names, Macintosh, \251 2021 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
downloaded
Chrome Cache Entry: 119
PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 120
ASCII text, with very long lines (1243), with no line terminators
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (65424), with CRLF line terminators
downloaded
Chrome Cache Entry: 122
JSON data
downloaded
Chrome Cache Entry: 123
JSON data
downloaded
Chrome Cache Entry: 124
JSON data
downloaded
Chrome Cache Entry: 125
JSON data
dropped
Chrome Cache Entry: 126
PNG image data, 160 x 60, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 127
JSON data
downloaded
Chrome Cache Entry: 128
JSON data
downloaded
Chrome Cache Entry: 129
TrueType Font data, 20 tables, 1st "GDEF", 37 names, Macintosh, \251 2021 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
downloaded
Chrome Cache Entry: 130
JSON data
downloaded
Chrome Cache Entry: 131
JSON data
downloaded
Chrome Cache Entry: 132
JSON data
dropped
Chrome Cache Entry: 133
JSON data
dropped
Chrome Cache Entry: 134
JSON data
dropped
Chrome Cache Entry: 135
JSON data
downloaded
Chrome Cache Entry: 136
JSON data
dropped
Chrome Cache Entry: 137
JSON data
dropped
Chrome Cache Entry: 138
JSON data
downloaded
Chrome Cache Entry: 139
JSON data
downloaded
Chrome Cache Entry: 140
JSON data
dropped
Chrome Cache Entry: 64
JSON data
dropped
Chrome Cache Entry: 65
JSON data
dropped
Chrome Cache Entry: 66
PNG image data, 480 x 320, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 67
PNG image data, 160 x 60, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 68
JSON data
downloaded
Chrome Cache Entry: 69
PNG image data, 220 x 80, 8-bit/color RGBA, interlaced
dropped
Chrome Cache Entry: 70
TrueType Font data, digitally signed, 22 tables, 1st "DSIG", 36 names, Microsoft, language 0x403, type 2 string, Normaloby
downloaded
Chrome Cache Entry: 71
JSON data
dropped
Chrome Cache Entry: 72
PNG image data, 112 x 36, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 73
ASCII text, with very long lines (65424), with CRLF line terminators
dropped
Chrome Cache Entry: 74
PNG image data, 160 x 60, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 75
JSON data
downloaded
Chrome Cache Entry: 76
JSON data
dropped
Chrome Cache Entry: 77
PNG image data, 1920 x 1080, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 78
JSON data
downloaded
Chrome Cache Entry: 79
TrueType Font data, 20 tables, 1st "GDEF", 41 names, Macintosh, \251 2021 Microsoft Corporation. All Rights Reserved. The "kern" table of this font was develope
downloaded
Chrome Cache Entry: 80
PNG image data, 160 x 60, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 81
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 82
JSON data
downloaded
Chrome Cache Entry: 83
PNG image data, 220 x 80, 8-bit/color RGBA, interlaced
downloaded
Chrome Cache Entry: 84
ASCII text, with very long lines (65465)
dropped
Chrome Cache Entry: 85
JSON data
dropped
Chrome Cache Entry: 86
JSON data
dropped
Chrome Cache Entry: 87
JSON data
dropped
Chrome Cache Entry: 88
PNG image data, 160 x 60, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 89
HTML document, ASCII text, with very long lines (640)
downloaded
Chrome Cache Entry: 90
JSON data
dropped
Chrome Cache Entry: 91
PNG image data, 112 x 36, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 92
PNG image data, 160 x 60, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 93
JSON data
downloaded
Chrome Cache Entry: 94
ASCII text, with very long lines (4383), with no line terminators
dropped
Chrome Cache Entry: 95
JSON data
downloaded
Chrome Cache Entry: 96
PNG image data, 200 x 80, 8-bit/color RGBA, interlaced
downloaded
Chrome Cache Entry: 97
Unicode text, UTF-8 text, with very long lines (65480), with no line terminators
dropped
Chrome Cache Entry: 98
PNG image data, 200 x 80, 8-bit/color RGBA, interlaced
dropped
Chrome Cache Entry: 99
JSON data
dropped
There are 68 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=2008,i,8517968984090429785,15401990405586789260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bW1oiK-2Fg70N9FV1Dojzh5ZJ6gm2282iFGsrZaX-2FqjVmp1sEnvqhOeeCCHf5DhbI384zbSao3Tph9lcoJuvF0MGr5FmUUfNaJWYnOyMwOmbl6_jHo_VAdWm5g1Y0U-2Bo3iUtCCTbabS-2BY8KRKfU-2Fjw6ULpvr7pyaTVMKjBf4EPA3H5RiX72YEplZSfXTnomvJKRsuorYVEKZ5vhLtPXq-2F8pfrfiv7HzFUVVc07VbFX3lJ9KnDp55AdQT0J8PA3Thc8nABXBhiu-2FoDG1-2F4sWT-2B4n2efFW2Ufl3TGYkEBAC7si8HhTbJZjjh5FFRrL0GAhh6-2FWV70JSK12dAYsbjR1vJLW5eQLq28Knfko6dJmGDawyVsVIpUNgluC6OLMZbYJCqKUCz0euGToDSC-2FrEdjjggHdroU09CwOT-2BZmkDed0OvWqieqTxjdqj60SBHCkTNTn6n9m6jA-3D-3D"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4184 --field-trial-handle=2008,i,8517968984090429785,15401990405586789260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=2008,i,8517968984090429785,15401990405586789260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bW1oiK-2Fg70N9FV1Dojzh5ZJ6gm2282iFGsrZaX-2FqjVmp1sEnvqhOeeCCHf5DhbI384zbSao3Tph9lcoJuvF0MGr5FmUUfNaJWYnOyMwOmbl6_jHo_VAdWm5g1Y0U-2Bo3iUtCCTbabS-2BY8KRKfU-2Fjw6ULpvr7pyaTVMKjBf4EPA3H5RiX72YEplZSfXTnomvJKRsuorYVEKZ5vhLtPXq-2F8pfrfiv7HzFUVVc07VbFX3lJ9KnDp55AdQT0J8PA3Thc8nABXBhiu-2FoDG1-2F4sWT-2B4n2efFW2Ufl3TGYkEBAC7si8HhTbJZjjh5FFRrL0GAhh6-2FWV70JSK12dAYsbjR1vJLW5eQLq28Knfko6dJmGDawyVsVIpUNgluC6OLMZbYJCqKUCz0euGToDSC-2FrEdjjggHdroU09CwOT-2BZmkDed0OvWqieqTxjdqj60SBHCkTNTn6n9m6jA-3D-3D
https://gateway.on24.com/wcc/eh/4557503/category/138150/certification-week-for-microsoft-al-cloud-pa
unknown
http://www.imagemagick.org
unknown
https://vshow.on24.com/vshow/FY24_SCWeek?rc=Default
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek
unknown
https://vshow.on24.com/vshow/FY24_SCWeek/?command=rsrc&action=getAllUiResourcesByTradeshowId&f=json&tradeshowId=3852970&displayJobListings=N&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/assets/on24_logo_new.png
199.83.44.48
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/fonts/fonts/fontawesome-webfont.ttf
199.83.44.48
https://vshow.on24.com/clients/elite/fonts/segoe/SegoeUI.ttf
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=booth&action=getBoothsByTradeshowId&f=json&currentTradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=userRole&action=getUserRoles&f=json&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=test&action=getAllTests&f=json&sponsorTests=Y&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=rsrc&action=getResourceCategories&f=json&currentTradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=hotspots&action=getAll&f=json&currentTradeshowId=3852970&viewCode=booth&boothId=4664248&includeOmnipresent=Y&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek?command=util&action=getCookieValue&name=locale3852970&isPreLogin=Y
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=sponsor&action=getAll&f=json&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek?rc
unknown
https://vshow.on24.com/vshow/FY24_SCWeek/?command=navigation&action=getAll&f=json&currentTradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).
unknown
https://vshow.on24.com/vshow/FY24_SCWeek/?command=chat&action=getGroupChatsByTradeshowId&f=json&tradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://event.on24.com/interface/registration/autoreg/index.html?eventid
unknown
https://prext.on24.com
unknown
https://vshow.on24.com/vshow/FY24_SCWeek/?command=trade&action=getCustomFonts&f=json&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=view&action=getAll&f=json&currentTradeshowId=3852970&l=en&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/clients/elite/fonts/49759/Segoe-Sans-Text-Semibold.ttf
199.83.44.48
https://vsstatic.on24.com/event/47/10/32/0/rt/1/resources/Thank_you_CW_Security-78D3.html
unknown
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bW1oiK-2Fg70N9FV1Dojzh5ZJ6gm2282iFGsrZaX-2FqjVmp1sEnvqhOeeCCHf5DhbI384zbSao3Tph9lcoJuvF0MGr5FmUUfNaJWYnOyMwOmbl6_jHo_VAdWm5g1Y0U-2Bo3iUtCCTbabS-2BY8KRKfU-2Fjw6ULpvr7pyaTVMKjBf4EPA3H5RiX72YEplZSfXTnomvJKRsuorYVEKZ5vhLtPXq-2F8pfrfiv7HzFUVVc07VbFX3lJ9KnDp55AdQT0J8PA3Thc8nABXBhiu-2FoDG1-2F4sWT-2B4n2efFW2Ufl3TGYkEBAC7si8HhTbJZjjh5FFRrL0GAhh6-2FWV70JSK12dAYsbjR1vJLW5eQLq28Knfko6dJmGDawyVsVIpUNgluC6OLMZbYJCqKUCz0euGToDSC-2FrEdjjggHdroU09CwOT-2BZmkDed0OvWqieqTxjdqj60SBHCkTNTn6n9m6jA-3D-3D
199.83.44.68
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/workers/realtime_worker.js
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek?rc=Default#exhibits/SecurityLive
https://vshow.on24.com/vshow/FY24_SCWeek?cacheBash=1729694141975&command=time&action=getAllTimezones&f=json
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=rsrc&action=getTrackList&f=json&currentTradeshowId=3852970&tradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?action=getTime&command=time&f=json&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=sponsor&action=getKeywords&f=json&tradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/clients/elite/fonts/49759/Segoe-Sans-Display-Semibold.ttf
199.83.44.48
http://#VSHOW_DOMAIN#/vshow/#SHOW_CODE#/register.jsp?target
unknown
https://vshow.on24.com/clients/elite/fonts/49759/Segoe-Sans-Display.ttf
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=marquee&action=getByTradeshowId&f=json&currentTradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/favicon.ico
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=trade&action=get&f=json&tradeshowId=3852970&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=surveyandpoll&action=getAllSurveys&f=json&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/workers/logging_worker.js
199.83.44.48
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/version.json
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek?command=util&action=getCookieValue&nocache=54417596&name=loginId3852970&isPreLogin=Y
199.83.44.48
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/production-js.js.map
unknown
https://vshow.on24.com/vshow/FY24_SCWeek/?command=navigation&action=getAll&f=json&currentTradeshowId=3852970&l=en&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
https://vshow.on24.com/view/vsplatform/vsdesktop/dist/vbc_templates_data.json
199.83.44.48
https://vshow.on24.com/vshow/FY24_SCWeek/?command=user&action=getAllModuleFields&f=json&l=en&isPreLogin=Y&cacheBash=1729694141975
199.83.44.48
http://fontawesome.iohttp://fontawesome.io/license/Webfont
unknown
https://vshow.on24.com/view/vts/supporteddata/supported-locales.json
199.83.44.48
There are 38 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
s-part-0044.t-0009.fb-t-msedge.net
13.107.253.72
s-part-0017.t-0009.t-msedge.net
13.107.246.45
www.google.com
142.250.186.164
r-email.sg.on24event.com
199.83.44.68
r-vshow.on24.com
199.83.44.48
fp2e7a.wpc.phicdn.net
192.229.221.95
email.sg.on24event.com
unknown
vshow.on24.com
unknown

IPs

IP
Domain
Country
Malicious
239.255.255.250
unknown
Reserved
142.250.186.164
www.google.com
United States
199.83.44.48
r-vshow.on24.com
United States
199.83.44.68
r-email.sg.on24event.com
United States
192.168.2.4
unknown
unknown

DOM / HTML

URL
Malicious
https://vshow.on24.com/vshow/FY24_SCWeek?rc=Default#exhibits/SecurityLive
https://vshow.on24.com/vshow/FY24_SCWeek?rc=Default#exhibits/SecurityLive
https://vshow.on24.com/vshow/FY24_SCWeek?rc=Default#exhibits/SecurityLive
https://vshow.on24.com/vshow/FY24_SCWeek?rc=Default#exhibits/SecurityLive