Windows Analysis Report
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Overview

General Information

Sample name: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
Analysis ID: 1541192
MD5: f6848b922ea78a6582896cca49e9d8bf
SHA1: 66d492a3f548739248082c4a43ab408bb3a690a7
SHA256: 952107ccd505be86bdf04bc82d064489848f9de524e3adc1afbb769bc9ee31f6
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

AI detected landing page (webpage, office document or email)
Detected hidden input values containing email addresses (often used in phishing pages)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML title does not match URL
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: chall@networkhealth.com
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: Title: Optum Payer Monthly PPS PRS Webinar does not match URL
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: No favicon
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: No favicon
Source: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 HTTP Parser: No favicon
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: No <meta name="author".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: No <meta name="author".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: No <meta name="copyright".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.10:62623 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:62624 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62625 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62626 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.10:62630 version: TLS 1.2
Source: unknown HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:62660 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 1MB later: 45MB
Source: global traffic TCP traffic: 192.168.2.10:55635 -> 162.159.36.2:53
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: email.sg.on24event.com to https://event.on24.com/wcc/r/4722034/261f9aaf3c393fca6149db1f700ca1e1?mode=login&email=chall@networkhealth.com
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP/1.1Host: event.on24.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000c0123a6c2e1cb281b891377116f166183016dfbff44055e9812c0ff9daeeee8108718604a6113000b72c6dab8b831e09077cd53248d2fbef9ac9b9123747a99580ea162b97f63d4f7c81faafa762e165e54974af4dcf7795
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; TS0af49cbe027=082972b052ab20005137f6ca95c95cdec5df4a09d371fe90f2f9bcaf687352971d91fe01e82fe879087fc3f8fa1130007d1197670b6cdd83329c23d9877bfe904cbb2540330aab9b8d99a4abf58ecd6cb156739f2081060cbd7f4c354fef63a0
Source: global traffic HTTP traffic detected: GET /eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://event.on24.com/eventRegistration/eventRegistrationServletAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000dba2a11af68d4e2f32f1adbcda0e6daa8c29ed6b6710618e155fe021a830b90108ac42c211113000298cc264162aaed2a1d9d22f40a8014be6935cf93eac09adbec8d3de650dd5764c386f1765e92155f9fa1f7bf3f28e12
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: email.sg.on24event.com
Source: global traffic DNS traffic detected: DNS query: event.on24.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://bitmovin.com
Source: chromecache_121.10.dr String found in binary or memory: http://event.on24.com/event/47/22/03/4/rt/1/images/socialsharing/optum_avatar_400x400.jpg
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_142.10.dr String found in binary or memory: http://fontawesome.io
Source: chromecache_142.10.dr String found in binary or memory: http://fontawesome.io/license
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://github.com/kenwheeler/slick
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://github.com/kenwheeler/slick/issues
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://jfbastien.github.io/papers/Math.signbit.html
Source: chromecache_142.10.dr String found in binary or memory: http://jira.on24.com/browse/ELITE-13641
Source: chromecache_135.10.dr, chromecache_140.10.dr, chromecache_142.10.dr String found in binary or memory: http://jqueryui.com
Source: chromecache_142.10.dr String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://jsperf.lnkit.com/fast-apply/5
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://kenwheeler.github.io
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://kenwheeler.github.io/slick
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://stackoverflow.com/a/28210364/1070244
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://www.fyneworks.com/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://www.fyneworks.com/jquery/xml-to-json/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://www.matts411.com/post/internet-explorer-9-oninput/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.aadrm.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.aadrm.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.addins.store.office.com/app/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.microsoftstream.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.microsoftstream.com/api/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.onedrive.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://api.scheduler.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://apis.live.net/v5.0/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://app.powerbi.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://augloop.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://augloop.office.com/v2
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=1049982
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3334
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=773687
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://canary.designerapp.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.entity.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://code.google.com/p/v8/issues/detail?id=3509
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cortana.ai/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://cr.office.com
Source: chromecache_142.10.dr String found in binary or memory: https://creativemarket.com/blog/the-missing-guide-to-font-formats)
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://d.docs.live.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dataservice.o365filtering.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dataservice.o365filtering.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://designerapp.azurewebsites.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://designerappservice.officeapps.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dev.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://developer.apple.com/library/content/documentation/AudioVideo/Conceptual/Using_HTML5_Audio_Vi
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://devnull.onenote.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://directory.services.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ecs.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://edge.skype.com/registrar/prod
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://edge.skype.com/rps
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg, ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg, ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.qPsCj0VSKBRlbXwk4CZaT1VjLeyp2VLEfjNu-2B0nZu-2Fxqd7J
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg String found in binary or memory: https://email.sg.on24event.com/wf/open?upn=u001.A5yEPtj12O0Rov549oufKdd5QVwxt2sqbjvCJL5K0mE5B9Ipzn84
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://entitlement.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr String found in binary or memory: https://event.on24.com/event/47/22/03/4/rt/rt/323e63d6-e59d-4fd9-9669-4f11bc87f7f1.optum_email_image
Source: chromecache_108.10.dr String found in binary or memory: https://event.on24.com/eventRegistration/EventCalendarServlet.ics?reminder=15&start=20241107T180000Z
Source: chromecache_108.10.dr String found in binary or memory: https://event.on24.com/eventRegistration/EventCalendarServlet?reminder=15&start=20241107T180000Z&end
Source: chromecache_115.10.dr String found in binary or memory: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessio
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg String found in binary or memory: https://event.on24.com/utilApp/webapi/el/static/img/RXAyZ1lpQmtHeWhiM0tBSThaRCtZaXFXY3YzR1BtTkVJQWJT
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://flow.org/blog/2017/05/07/Strict-Function-Call-Arity/).
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_140.10.dr String found in binary or memory: https://gist.github.com/BrendanEich/4294d5c212a6d2254703
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/DavidBruant/Map-Set.prototype.toJSON
Source: 32483553004.ttf.0.dr, 26205970649.ttf.0.dr, 26395700251.ttf.0.dr, 31638818185.ttf.0.dr, 27970306811.ttf.0.dr, 30153066857.ttf.0.dr, 25576969643.ttf.0.dr, 30169865670.ttf.0.dr, 25065980124.ttf.0.dr, 28903934312.ttf.0.dr, 32677218994.ttf.0.dr, 29867269125.ttf.0.dr String found in binary or memory: https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/benjamingr/RexExp.escape
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/es-shims.
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/es-shims/es5-shim/issues/150
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/facebook/flow/issues/285
Source: chromecache_142.10.dr String found in binary or memory: https://github.com/kenwheeler/slick/issues/1158
Source: chromecache_142.10.dr String found in binary or memory: https://github.com/kenwheeler/slick/issues/3662
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/kitcambridge/es5-shim/commit/4f738ac066346
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/ljharb/proposal-is-error
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/mathiasbynens/String.prototype.at
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/nfriend/ts-keycode-enum/blob/master/Key.enum.ts
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/paldepind/snabbdom/blob/master/LICENSE
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/rwaldron/tc39-notes/blob/master/es6/2014-09/sept-25.md#510-globalasap-for-enqueui
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/sebmarkbage/ecmascript-string-left-right-trim
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/Array.prototype.includes
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-array-filtering
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-global
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-object-getownpropertydescriptors
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-object-values-entries
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-promise-finally
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-promise-try
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/tc39/proposal-string-pad-start-end
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/vuejs/vue-devtools
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/vuejs/vue/pull/7730
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/vuejs/vuex/issues/1505
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/1008
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/1128
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/1130
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/280
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/306
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/339
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/475
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/677
Source: chromecache_140.10.dr String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://graph.ppe.windows.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://graph.ppe.windows.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://graph.windows.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://graph.windows.net/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://hacks.mozilla.org/2013/04/detecting-touch-its-the-why-not-the-how/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/dom.html#phrasing-content
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://html.spec.whatwg.org/multipage/indices.html#elements-3
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ic3.teams.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://incidents.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://invites.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://lifecycle.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.microsoftonline.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.microsoftonline.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.microsoftonline.com/organizations
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.windows.local
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://make.powerautomate.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://management.azure.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://management.azure.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messageuserer.mobile.m365.svc.cloud.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.action.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.engagement.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.lifecycle.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://messaging.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://mss.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ncus.contentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ncus.pagecontentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://officeapps.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://officepyservice.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: chromecache_108.10.dr String found in binary or memory: https://on24static.akamaized.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://onedrive.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://onedrive.live.com/embed?
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://otelrules.azureedge.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://otelrules.svc.static.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office365.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office365.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://outlook.office365.com/connectors
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://pages.store.office.com/review/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://powerlift.acompli.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://pushchannel.1drv.ms
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://res.cdn.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: chromecache_140.10.dr String found in binary or memory: https://rwaldron.github.io/proposal-math-extensions/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://service.powerapps.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://settings.outlook.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://shell.suite.office.com:1443
Source: chromecache_114.10.dr, chromecache_102.10.dr String found in binary or memory: https://sketchapp.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://skyapi.live.net/Activity/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: chromecache_142.10.dr String found in binary or memory: https://stackoverflow.com/questions/16443642/scroll-bars-showing-up-when-not-expecting-them-line-hei
Source: chromecache_142.10.dr String found in binary or memory: https://stackoverflow.com/questions/35111090/text-in-a-flex-container-doesnt-wrap-in-ie11
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://staging.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://store.office.cn/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://store.office.de/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://substrate.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://tasks.office.com
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-advancestringindex
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.every
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.filter
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.find
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.findIndex
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.foreach
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.includes
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.indexof
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.map
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.reduce
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.reduceright
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.some
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-arrayspeciescreate
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-function-instances-name
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-get-regexp.prototype.flags
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-getmethod
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-getsubstitution
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-hasownproperty
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-isarray
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-iscallable
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-isconstructor
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-lengthofarraylike
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-math.trunc
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.assign
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.create
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperties
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperty
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertynames
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.keys
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-ordinarytoprimitive
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-parseint-string-radix
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-regexp.prototype-
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-regexp.prototype.exec
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-regexpexec
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-requireobjectcoercible
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.codepointat
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.match
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trim
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimend
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimstart
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-tointegerorinfinity
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-tolength
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-toobject
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-toprimitive
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.es/ecma262/#sec-topropertykey
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/String.prototype.matchAll/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/ecma262/#sec-advancestringindex
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexp.prototype-
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexpexec
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.match
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.search
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/ecma262/#sec-toindex
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatMap
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatten
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-FlattenIntoArray
Source: chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-map.from
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-map.of
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-set.from
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-set.of
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.from
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.of
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.from
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.of
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://templatesmetadata.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://vuejs.org/guide/deployment.html
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://vuejs.org/guide/list.html#key
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://vuejs.org/v2/api/#data
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function
Source: chromecache_135.10.dr, chromecache_140.10.dr String found in binary or memory: https://vuejs.org/v2/guide/reactivity.html#Declaring-Reactive-Properties.
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr String found in binary or memory: https://w.on24.com/view/eventregistration/images/google_calendar.png
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr String found in binary or memory: https://w.on24.com/view/eventregistration/images/outlook_calendar.png
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://web.microsoftstream.com/video/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://webshell.suite.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://wus2.contentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://wus2.pagecontentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://www.odwebp.svc.ms
Source: chromecache_123.10.dr, chromecache_136.10.dr String found in binary or memory: https://www.on24.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr String found in binary or memory: https://www.yammer.com
Source: unknown Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62662 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62685 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62656 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62630
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62675
Source: unknown Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62645
Source: unknown Network traffic detected: HTTP traffic on port 62663 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62649
Source: unknown Network traffic detected: HTTP traffic on port 62657 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62684 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62683
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62684
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62685
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62686
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62687
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62649 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62645 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62656
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62657
Source: unknown Network traffic detected: HTTP traffic on port 62687 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62658
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62660 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62658 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62683 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62668 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62654 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62694
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62695
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62696
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62654
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown Network traffic detected: HTTP traffic on port 62686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62668
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown Network traffic detected: HTTP traffic on port 62661 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown Network traffic detected: HTTP traffic on port 62682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62660
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62661
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62662
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62663
Source: unknown Network traffic detected: HTTP traffic on port 62630 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.10:62623 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:62624 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62625 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62626 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.10:62630 version: TLS 1.2
Source: unknown HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:62660 version: TLS 1.2
Source: classification engine Classification label: sus24.winMSG@19/106@6/5
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C2654150-6C0A-4E67-BABD-349B56794A53 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0907070270-7308.etl Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32 Jump to behavior
Source: Google Drive.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior

Persistence and Installation Behavior

barindex
Source: Email LLM: Email contains prominent button: 'click here to enter webinar'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 0 Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File Volume queried: C:\Windows\SysWOW64 FullSizeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs