Windows Analysis Report
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Overview

General Information

Sample name:	You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
Analysis ID:	1541192
MD5:	f6848b922ea78a6582896cca49e9d8bf
SHA1:	66d492a3f548739248082c4a43ab408bb3a690a7
SHA256:	952107ccd505be86bdf04bc82d064489848f9de524e3adc1afbb769bc9ee31f6
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com

HTTP Parser: chall@networkhealth.com

HTML title does not match URL

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com

HTTP Parser: Title: Optum Payer Monthly PPS PRS Webinar does not match URL

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No favicon
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No favicon
Source: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665	HTTP Parser: No favicon

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="author".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="author".. found

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="copyright".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.10:62623 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:62624 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62625 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62626 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.10:62630 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:62660 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 45MB

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.10:55635 -> 162.159.36.2:53

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: email.sg.on24event.com to https://event.on24.com/wcc/r/4722034/261f9aaf3c393fca6149db1f700ca1e1?mode=login&email=chall@networkhealth.com

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP/1.1Host: event.on24.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000c0123a6c2e1cb281b891377116f166183016dfbff44055e9812c0ff9daeeee8108718604a6113000b72c6dab8b831e09077cd53248d2fbef9ac9b9123747a99580ea162b97f63d4f7c81faafa762e165e54974af4dcf7795
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; TS0af49cbe027=082972b052ab20005137f6ca95c95cdec5df4a09d371fe90f2f9bcaf687352971d91fe01e82fe879087fc3f8fa1130007d1197670b6cdd83329c23d9877bfe904cbb2540330aab9b8d99a4abf58ecd6cb156739f2081060cbd7f4c354fef63a0
Source: global traffic	HTTP traffic detected: GET /eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://event.on24.com/eventRegistration/eventRegistrationServletAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000dba2a11af68d4e2f32f1adbcda0e6daa8c29ed6b6710618e155fe021a830b90108ac42c211113000298cc264162aaed2a1d9d22f40a8014be6935cf93eac09adbec8d3de650dd5764c386f1765e92155f9fa1f7bf3f28e12
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1

Source: global traffic	DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: email.sg.on24event.com
Source: global traffic	DNS traffic detected: DNS query: event.on24.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com

Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://bitmovin.com
Source: chromecache_121.10.dr	String found in binary or memory: http://event.on24.com/event/47/22/03/4/rt/1/images/socialsharing/optum_avatar_400x400.jpg
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_142.10.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_142.10.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://github.com/kenwheeler/slick
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://github.com/kenwheeler/slick/issues
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://jfbastien.github.io/papers/Math.signbit.html
Source: chromecache_142.10.dr	String found in binary or memory: http://jira.on24.com/browse/ELITE-13641
Source: chromecache_135.10.dr, chromecache_140.10.dr, chromecache_142.10.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_142.10.dr	String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://jsperf.lnkit.com/fast-apply/5
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://kenwheeler.github.io
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://kenwheeler.github.io/slick
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://stackoverflow.com/a/28210364/1070244
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.fyneworks.com/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.fyneworks.com/jquery/xml-to-json/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.matts411.com/post/internet-explorer-9-oninput/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.aadrm.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.onedrive.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.scheduler.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://app.powerbi.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://augloop.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=1049982
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3334
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=773687
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://canary.designerapp.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.entity.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://code.google.com/p/v8/issues/detail?id=3509
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cortana.ai/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cr.office.com
Source: chromecache_142.10.dr	String found in binary or memory: https://creativemarket.com/blog/the-missing-guide-to-font-formats)
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://d.docs.live.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://developer.apple.com/library/content/documentation/AudioVideo/Conceptual/Using_HTML5_Audio_Vi
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://directory.services.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ecs.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg, ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg, ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.qPsCj0VSKBRlbXwk4CZaT1VjLeyp2VLEfjNu-2B0nZu-2Fxqd7J
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg	String found in binary or memory: https://email.sg.on24event.com/wf/open?upn=u001.A5yEPtj12O0Rov549oufKdd5QVwxt2sqbjvCJL5K0mE5B9Ipzn84
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://event.on24.com/event/47/22/03/4/rt/rt/323e63d6-e59d-4fd9-9669-4f11bc87f7f1.optum_email_image
Source: chromecache_108.10.dr	String found in binary or memory: https://event.on24.com/eventRegistration/EventCalendarServlet.ics?reminder=15&start=20241107T180000Z
Source: chromecache_108.10.dr	String found in binary or memory: https://event.on24.com/eventRegistration/EventCalendarServlet?reminder=15&start=20241107T180000Z&end
Source: chromecache_115.10.dr	String found in binary or memory: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessio
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg	String found in binary or memory: https://event.on24.com/utilApp/webapi/el/static/img/RXAyZ1lpQmtHeWhiM0tBSThaRCtZaXFXY3YzR1BtTkVJQWJT
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://flow.org/blog/2017/05/07/Strict-Function-Call-Arity/).
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_140.10.dr	String found in binary or memory: https://gist.github.com/BrendanEich/4294d5c212a6d2254703
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/DavidBruant/Map-Set.prototype.toJSON
Source: 32483553004.ttf.0.dr, 26205970649.ttf.0.dr, 26395700251.ttf.0.dr, 31638818185.ttf.0.dr, 27970306811.ttf.0.dr, 30153066857.ttf.0.dr, 25576969643.ttf.0.dr, 30169865670.ttf.0.dr, 25065980124.ttf.0.dr, 28903934312.ttf.0.dr, 32677218994.ttf.0.dr, 29867269125.ttf.0.dr	String found in binary or memory: https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/benjamingr/RexExp.escape
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/es-shims.
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/es-shims/es5-shim/issues/150
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/facebook/flow/issues/285
Source: chromecache_142.10.dr	String found in binary or memory: https://github.com/kenwheeler/slick/issues/1158
Source: chromecache_142.10.dr	String found in binary or memory: https://github.com/kenwheeler/slick/issues/3662
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/kitcambridge/es5-shim/commit/4f738ac066346
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/ljharb/proposal-is-error
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/mathiasbynens/String.prototype.at
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/nfriend/ts-keycode-enum/blob/master/Key.enum.ts
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/paldepind/snabbdom/blob/master/LICENSE
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/rwaldron/tc39-notes/blob/master/es6/2014-09/sept-25.md#510-globalasap-for-enqueui
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/sebmarkbage/ecmascript-string-left-right-trim
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/Array.prototype.includes
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-array-filtering
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-global
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-object-getownpropertydescriptors
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-object-values-entries
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-promise-finally
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-promise-try
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-string-pad-start-end
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/vuejs/vue-devtools
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/vuejs/vue/pull/7730
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/vuejs/vuex/issues/1505
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1008
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1128
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1130
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/280
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/306
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/339
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/475
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/677
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.windows.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.windows.net/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://hacks.mozilla.org/2013/04/detecting-touch-its-the-why-not-the-how/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/dom.html#phrasing-content
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/indices.html#elements-3
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://invites.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows.local
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://management.azure.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://management.azure.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messageuserer.mobile.m365.svc.cloud.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://mss.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officeapps.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: chromecache_108.10.dr	String found in binary or memory: https://on24static.akamaized.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://onedrive.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: chromecache_140.10.dr	String found in binary or memory: https://rwaldron.github.io/proposal-math-extensions/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://service.powerapps.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://settings.outlook.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: chromecache_114.10.dr, chromecache_102.10.dr	String found in binary or memory: https://sketchapp.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: chromecache_142.10.dr	String found in binary or memory: https://stackoverflow.com/questions/16443642/scroll-bars-showing-up-when-not-expecting-them-line-hei
Source: chromecache_142.10.dr	String found in binary or memory: https://stackoverflow.com/questions/35111090/text-in-a-flex-container-doesnt-wrap-in-ie11
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://tasks.office.com
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-advancestringindex
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.every
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.filter
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.find
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.findIndex
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.foreach
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.includes
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.indexof
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.map
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.reduce
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.reduceright
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.some
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-arrayspeciescreate
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-function-instances-name
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-get-regexp.prototype.flags
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getmethod
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getsubstitution
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-hasownproperty
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isarray
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-iscallable
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isconstructor
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-lengthofarraylike
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-math.trunc
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.assign
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.create
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperties
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperty
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertynames
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.keys
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-ordinarytoprimitive
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-parseint-string-radix
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-regexp.prototype-
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-regexp.prototype.exec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-regexpexec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-requireobjectcoercible
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.codepointat
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.match
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trim
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimend
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimstart
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tointegerorinfinity
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tolength
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toobject
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toprimitive
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-topropertykey
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/String.prototype.matchAll/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-advancestringindex
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexp.prototype-
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexpexec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.match
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.search
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-toindex
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatMap
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatten
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-FlattenIntoArray
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-map.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-map.of
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-set.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-set.of
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.of
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.of
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/guide/deployment.html
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/guide/list.html#key
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/v2/api/#data
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/v2/guide/reactivity.html#Declaring-Reactive-Properties.
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://w.on24.com/view/eventregistration/images/google_calendar.png
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://w.on24.com/view/eventregistration/images/outlook_calendar.png
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: chromecache_123.10.dr, chromecache_136.10.dr	String found in binary or memory: https://www.on24.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62675
Source: unknown	Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62645
Source: unknown	Network traffic detected: HTTP traffic on port 62663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62649
Source: unknown	Network traffic detected: HTTP traffic on port 62657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62657
Source: unknown	Network traffic detected: HTTP traffic on port 62687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62658
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62694
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62654
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown	Network traffic detected: HTTP traffic on port 62686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown	Network traffic detected: HTTP traffic on port 62661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown	Network traffic detected: HTTP traffic on port 62682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62663
Source: unknown	Network traffic detected: HTTP traffic on port 62630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.10:62623 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:62624 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62625 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62626 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.10:62630 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:62660 version: TLS 1.2

Source: classification engine

Classification label: sus24.winMSG@19/106@6/5

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: Google Drive.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
199.83.44.71	r-event.on24.com	United States	18742	ON24-SACUS	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
199.83.44.68	r-email.sg.on24event.com	United States	18742	ON24-SACUS	false

Name	IP	Active
www.google.com	142.250.185.164	true
r-email.sg.on24event.com	199.83.44.68	true
r-event.on24.com	199.83.44.71	true
event.on24.com	unknown	unknown
241.42.69.40.in-addr.arpa	unknown	unknown
email.sg.on24event.com	unknown	unknown

Name	Malicious	Antivirus Detection	Reputation
https://event.on24.com/apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436	false		unknown
https://event.on24.com/favicon.ico	false		unknown

ID:	1541192
Product:	CloudBasic
Start time:	15:05:45
Start date:	24.10.2024
Sample:	You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f6848b922ea78a6582896cca49e9d8bf
SHA1:	66d492a3f548739248082c4a43ab408bb3a690a7
SHA256:	952107ccd505be86bdf04bc82d064489848f9de524e3adc1afbb769bc9ee31f6
Filetype:	Outlook Message (71009/1) 58.92%

Windows Analysis Report You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg