Windows Analysis Report
https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9

Overview

General Information

Sample URL: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bff
Analysis ID: 1541191
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Source: unknown HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49720 version: TLS 1.0
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:59895 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:59898 version: TLS 1.2
Source: global traffic TCP traffic: 192.168.2.9:59893 -> 162.159.36.2:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: email.sg.on24event.com to https://event.on24.com/eventregistration/eventcalendarservlet.ics?token=kftt50zsj17t2p9m38%2fn8wkm3iwib%2bqqrdfa4nwk4u3u0lazoob6jrby7waexx8g668bxath15qd32xtlryyow%3d%3d
Source: unknown HTTPS traffic detected: 23.206.229.209:443 -> 192.168.2.9:49720 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global traffic HTTP traffic detected: GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /eventRegistration/EventCalendarServlet.ics?token=kFTT50zSJ17t2P9m38%2FN8wKm3IwiB%2BqqrDFA4nWK4U3U0lAzoOb6Jrby7waexx8G668BXath15Qd32XtlryYow%3D%3D HTTP/1.1Host: event.on24.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPtZpdrxCupbKwW&MD=Rc5Ru4Zk HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CPtZpdrxCupbKwW&MD=Rc5Ru4Zk HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic DNS traffic detected: DNS query: email.sg.on24event.com
Source: global traffic DNS traffic detected: DNS query: event.on24.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109008071X-BM-CBT: 1696497265X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 3967AB70E8E74431908B580AED7E67B3X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109008071X-MSEdge-ExternalExp: bfbwsbghf928t,bfbwsbrs0830tf,d-thshldspcl40,fliptrac6,optfsc,spofglclickserpf2,wsbqfasmsall_t,wsbqfminiserp600,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=507B984BF29F418EA13B8912FCE289B0&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696497029183&IPMH=5c67ba25&IPMID=1696497265539&HV=1696497179; MUID=531305E83CE64DE088676FE94B9682C4; _SS=SID=3314E043C3866D730FEDF3E2C2436C30&CPID=1696497266478&AC=1&CPH=c11e7441; _EDGE_S=SID=3314E043C3866D730FEDF3E2C2436C30; MUIDB=531305E83CE64DE088676FE94B9682C4
Source: chromecache_61.1.dr, 097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp.0.dr String found in binary or memory: http://event.on24.com/utils/test/testYourSystem.html?eventid=4722034&sessionid=1&key=261F9AAF3C393FC
Source: chromecache_61.1.dr, 097ea4c4-1015-45b1-b3db-829d6f27e0bd.tmp.0.dr String found in binary or memory: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1
Source: unknown Network traffic detected: HTTP traffic on port 59949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59926 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59942
Source: unknown Network traffic detected: HTTP traffic on port 59898 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59944
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59950
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59912 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59951
Source: unknown Network traffic detected: HTTP traffic on port 59929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59969 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59958
Source: unknown Network traffic detected: HTTP traffic on port 59952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59957
Source: unknown Network traffic detected: HTTP traffic on port 59917 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59953
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59956
Source: unknown Network traffic detected: HTTP traffic on port 59895 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59955
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59960
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59962
Source: unknown Network traffic detected: HTTP traffic on port 59938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59955 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 59947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59972 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59953 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59969
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59968
Source: unknown Network traffic detected: HTTP traffic on port 59930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59971
Source: unknown Network traffic detected: HTTP traffic on port 59908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59974
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59973
Source: unknown Network traffic detected: HTTP traffic on port 59956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59970
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 59927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59925 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59975
Source: unknown Network traffic detected: HTTP traffic on port 59936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 59922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59907
Source: unknown Network traffic detected: HTTP traffic on port 59968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59974 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59906
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59909
Source: unknown Network traffic detected: HTTP traffic on port 59945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59903
Source: unknown Network traffic detected: HTTP traffic on port 59916 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59902
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59905
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59901
Source: unknown Network traffic detected: HTTP traffic on port 59954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59939 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59902 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59917
Source: unknown Network traffic detected: HTTP traffic on port 59948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59919
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59914
Source: unknown Network traffic detected: HTTP traffic on port 59965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59916
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59915
Source: unknown Network traffic detected: HTTP traffic on port 59931 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59910
Source: unknown Network traffic detected: HTTP traffic on port 59913 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59912
Source: unknown Network traffic detected: HTTP traffic on port 59934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59929
Source: unknown Network traffic detected: HTTP traffic on port 59918 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59928
Source: unknown Network traffic detected: HTTP traffic on port 59943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59925
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59927
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59926
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59921
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59920
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59922
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59895
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59930
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59897
Source: unknown Network traffic detected: HTTP traffic on port 59937 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59939
Source: unknown Network traffic detected: HTTP traffic on port 59946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59938
Source: unknown Network traffic detected: HTTP traffic on port 59915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59937
Source: unknown Network traffic detected: HTTP traffic on port 59897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59898
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59934
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59933
Source: unknown Network traffic detected: HTTP traffic on port 59909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59940
Source: unknown Network traffic detected: HTTP traffic on port 59932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59901 -> 443
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.9:59895 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.9:59898 version: TLS 1.2
Source: classification engine Classification label: clean2.win@18/12@6/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\ Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D"
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Downloads\EventCalendarServlet.ics"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1936,i,17094413292302700489,7076371066922537553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs