Edit tour

Windows Analysis Report
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Overview

General Information

Sample name:	You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
Analysis ID:	1541192
MD5:	f6848b922ea78a6582896cca49e9d8bf
SHA1:	66d492a3f548739248082c4a43ab408bb3a690a7
SHA256:	952107ccd505be86bdf04bc82d064489848f9de524e3adc1afbb769bc9ee31f6
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

Detected suspicious crossdomain redirect

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Process Tree

System is w10x64

OUTLOOK.EXE (PID: 7308 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 5512 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 6636 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4762Host: login.live.com

Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://bitmovin.com
Source: chromecache_121.10.dr	String found in binary or memory: http://event.on24.com/event/47/22/03/4/rt/1/images/socialsharing/optum_avatar_400x400.jpg
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: chromecache_142.10.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_142.10.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://github.com/kenwheeler/slick
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://github.com/kenwheeler/slick/issues
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://jfbastien.github.io/papers/Math.signbit.html
Source: chromecache_142.10.dr	String found in binary or memory: http://jira.on24.com/browse/ELITE-13641
Source: chromecache_135.10.dr, chromecache_140.10.dr, chromecache_142.10.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_142.10.dr	String found in binary or memory: http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://jsperf.lnkit.com/fast-apply/5
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://kenwheeler.github.io
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://kenwheeler.github.io/slick
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://stackoverflow.com/a/28210364/1070244
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.fyneworks.com/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.fyneworks.com/jquery/xml-to-json/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.matts411.com/post/internet-explorer-9-oninput/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.aadrm.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.aadrm.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.store.office.com/app/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.microsoftstream.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.microsoftstream.com/api/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.onedrive.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://api.scheduler.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://apis.live.net/v5.0/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://app.powerbi.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://augloop.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://augloop.office.com/v2
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=1049982
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3334
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=773687
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://canary.designerapp.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.entity.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://code.google.com/p/v8/issues/detail?id=3509
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cortana.ai/api
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://cr.office.com
Source: chromecache_142.10.dr	String found in binary or memory: https://creativemarket.com/blog/the-missing-guide-to-font-formats)
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://d.docs.live.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.o365filtering.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://designerapp.azurewebsites.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://designerappservice.officeapps.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dev.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://developer.apple.com/library/content/documentation/AudioVideo/Conceptual/Using_HTML5_Audio_Vi
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://devnull.onenote.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://directory.services.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ecs.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://edge.skype.com/registrar/prod
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://edge.skype.com/rps
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg, ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg, ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://email.sg.on24event.com/ls/click?upn=u001.qPsCj0VSKBRlbXwk4CZaT1VjLeyp2VLEfjNu-2B0nZu-2Fxqd7J
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg	String found in binary or memory: https://email.sg.on24event.com/wf/open?upn=u001.A5yEPtj12O0Rov549oufKdd5QVwxt2sqbjvCJL5K0mE5B9Ipzn84
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://entitlement.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://event.on24.com/event/47/22/03/4/rt/rt/323e63d6-e59d-4fd9-9669-4f11bc87f7f1.optum_email_image
Source: chromecache_108.10.dr	String found in binary or memory: https://event.on24.com/eventRegistration/EventCalendarServlet.ics?reminder=15&start=20241107T180000Z
Source: chromecache_108.10.dr	String found in binary or memory: https://event.on24.com/eventRegistration/EventCalendarServlet?reminder=15&start=20241107T180000Z&end
Source: chromecache_115.10.dr	String found in binary or memory: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessio
Source: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg	String found in binary or memory: https://event.on24.com/utilApp/webapi/el/static/img/RXAyZ1lpQmtHeWhiM0tBSThaRCtZaXFXY3YzR1BtTkVJQWJT
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://flow.org/blog/2017/05/07/Strict-Function-Call-Arity/).
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: chromecache_140.10.dr	String found in binary or memory: https://gist.github.com/BrendanEich/4294d5c212a6d2254703
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/DavidBruant/Map-Set.prototype.toJSON
Source: 32483553004.ttf.0.dr, 26205970649.ttf.0.dr, 26395700251.ttf.0.dr, 31638818185.ttf.0.dr, 27970306811.ttf.0.dr, 30153066857.ttf.0.dr, 25576969643.ttf.0.dr, 30169865670.ttf.0.dr, 25065980124.ttf.0.dr, 28903934312.ttf.0.dr, 32677218994.ttf.0.dr, 29867269125.ttf.0.dr	String found in binary or memory: https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/benjamingr/RexExp.escape
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/es-shims.
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/es-shims/es5-shim/issues/150
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/facebook/flow/issues/285
Source: chromecache_142.10.dr	String found in binary or memory: https://github.com/kenwheeler/slick/issues/1158
Source: chromecache_142.10.dr	String found in binary or memory: https://github.com/kenwheeler/slick/issues/3662
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/kitcambridge/es5-shim/commit/4f738ac066346
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/ljharb/proposal-is-error
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/mathiasbynens/String.prototype.at
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/nfriend/ts-keycode-enum/blob/master/Key.enum.ts
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/paldepind/snabbdom/blob/master/LICENSE
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/rwaldron/tc39-notes/blob/master/es6/2014-09/sept-25.md#510-globalasap-for-enqueui
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/sebmarkbage/ecmascript-string-left-right-trim
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/Array.prototype.includes
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-array-filtering
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-global
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-object-getownpropertydescriptors
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-object-values-entries
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-promise-finally
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-promise-try
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/tc39/proposal-string-pad-start-end
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/vuejs/vue-devtools
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/vuejs/vue/pull/7730
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/vuejs/vuex/issues/1505
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.38.1/LICENSE
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1008
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1128
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/1130
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/280
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/306
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/339
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/475
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/677
Source: chromecache_140.10.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.ppe.windows.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.ppe.windows.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.windows.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://graph.windows.net/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://hacks.mozilla.org/2013/04/detecting-touch-its-the-why-not-the-how/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/dom.html#phrasing-content
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/indices.html#elements-3
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ic3.teams.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://incidents.diagnostics.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://invites.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://lifecycle.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.microsoftonline.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.microsoftonline.com/organizations
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows.local
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://make.powerautomate.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://management.azure.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://management.azure.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messageuserer.mobile.m365.svc.cloud.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.action.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.engagement.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://messaging.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://mss.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ncus.contentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ncus.pagecontentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officeapps.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officepyservice.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: chromecache_108.10.dr	String found in binary or memory: https://on24static.akamaized.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://onedrive.live.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://onedrive.live.com/embed?
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://otelrules.azureedge.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://otelrules.svc.static.microsoft
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://outlook.office365.com/connectors
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pages.store.office.com/review/query
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://powerlift.acompli.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://pushchannel.1drv.ms
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.cdn.office.net
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: chromecache_140.10.dr	String found in binary or memory: https://rwaldron.github.io/proposal-math-extensions/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://service.powerapps.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://settings.outlook.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://shell.suite.office.com:1443
Source: chromecache_114.10.dr, chromecache_102.10.dr	String found in binary or memory: https://sketchapp.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://skyapi.live.net/Activity/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: chromecache_142.10.dr	String found in binary or memory: https://stackoverflow.com/questions/16443642/scroll-bars-showing-up-when-not-expecting-them-line-hei
Source: chromecache_142.10.dr	String found in binary or memory: https://stackoverflow.com/questions/35111090/text-in-a-flex-container-doesnt-wrap-in-ie11
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://staging.cortana.ai
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://store.office.cn/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://store.office.de/addinstemplate
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://tasks.office.com
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-aec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-advancestringindex
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.every
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.filter
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.find
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.findIndex
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.foreach
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.includes
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.indexof
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.map
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.reduce
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.reduceright
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-array.prototype.some
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-arrayspeciescreate
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-function-instances-name
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-get-regexp.prototype.flags
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getmethod
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-getsubstitution
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-hasownproperty
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isarray
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-iscallable
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-isconstructor
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-lengthofarraylike
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-math.trunc
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.assign
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.create
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperties
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.defineproperty
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertydescriptor
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.getownpropertynames
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.keys
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-object.prototype.propertyisenumerable
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-ordinarytoprimitive
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-parseint-string-radix
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-regexp.prototype-
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-regexp.prototype.exec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-regexpexec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-requireobjectcoercible
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.codepointat
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.match
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trim
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimend
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-string.prototype.trimstart
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tointegerorinfinity
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-tolength
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toobject
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-toprimitive
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.es/ecma262/#sec-topropertykey
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/String.prototype.matchAll/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-advancestringindex
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexp.prototype-
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexpexec
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.match
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.search
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-toindex
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatMap
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatten
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-flatMap/#sec-FlattenIntoArray
Source: chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-map.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-map.of
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-set.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-set.of
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.of
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.from
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.of
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://templatesmetadata.office.net/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/guide/deployment.html
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/guide/list.html#key
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/v2/api/#data
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function
Source: chromecache_135.10.dr, chromecache_140.10.dr	String found in binary or memory: https://vuejs.org/v2/guide/reactivity.html#Declaring-Reactive-Properties.
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://w.on24.com/view/eventregistration/images/google_calendar.png
Source: ~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	String found in binary or memory: https://w.on24.com/view/eventregistration/images/outlook_calendar.png
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://web.microsoftstream.com/video/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://webshell.suite.office.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://wus2.contentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://wus2.pagecontentsync.
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://www.odwebp.svc.ms
Source: chromecache_123.10.dr, chromecache_136.10.dr	String found in binary or memory: https://www.on24.com
Source: C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	String found in binary or memory: https://www.yammer.com

Source: unknown	Network traffic detected: HTTP traffic on port 62624 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62662 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62630
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62675
Source: unknown	Network traffic detected: HTTP traffic on port 62625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62645
Source: unknown	Network traffic detected: HTTP traffic on port 62663 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62649
Source: unknown	Network traffic detected: HTTP traffic on port 62657 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62684 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62686
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62687
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62626 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62645 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62656
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62657
Source: unknown	Network traffic detected: HTTP traffic on port 62687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62658
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62660 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62658 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62668 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62654 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62694
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62695
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62654
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62623 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62623
Source: unknown	Network traffic detected: HTTP traffic on port 62686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62668
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62625
Source: unknown	Network traffic detected: HTTP traffic on port 62661 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62626
Source: unknown	Network traffic detected: HTTP traffic on port 62682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62660
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62661
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62662
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62663
Source: unknown	Network traffic detected: HTTP traffic on port 62630 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.69.42.241:443 -> 192.168.2.10:62623 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.10:62624 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62625 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.10:62626 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.67:443 -> 192.168.2.10:62630 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:62660 version: TLS 1.2

Source: classification engine

Classification label: sus24.winMSG@19/106@6/5

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C2654150-6C0A-4E67-BABD-349B56794A53

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241024T0907070270-7308.etl

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "75BF25B5-91F4-4340-A2CE-8A861B161182" "0988E0AF-E8F0-40F2-A21E-9E9BAE1DBB72" "7308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1868,i,8574729531405096744,3903186651050753263,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email

LLM: Email contains prominent button: 'click here to enter webinar'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 0

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	2 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Modify Registry	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://shell.suite.office.com:1443	0%	URL Reputation	safe
https://designerapp.azurewebsites.net	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/	0%	URL Reputation	safe
https://useraudit.o365auditrealtimeingestion.manage.office.com	0%	URL Reputation	safe
https://outlook.office365.com/connectors	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	0%	URL Reputation	safe
https://cdn.entity.	0%	URL Reputation	safe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	0%	URL Reputation	safe
https://rpsticket.partnerservices.getmicrosoftkey.com	0%	URL Reputation	safe
https://lookup.onenote.com/lookup/geolocation/v1	0%	URL Reputation	safe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	0%	URL Reputation	safe
https://api.aadrm.com/	0%	URL Reputation	safe
https://canary.designerapp.	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php	0%	URL Reputation	safe
https://www.yammer.com	0%	URL Reputation	safe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	0%	URL Reputation	safe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	0%	URL Reputation	safe
https://cr.office.com	0%	URL Reputation	safe
https://messageuserer.mobile.m365.svc.cloud.microsoft	0%	URL Reputation	safe
https://edge.skype.com/registrar/prod	0%	URL Reputation	safe
https://res.getmicrosoftkey.com/api/redemptionevents	0%	URL Reputation	safe
https://tasks.office.com	0%	URL Reputation	safe
https://officeci.azurewebsites.net/api/	0%	URL Reputation	safe
https://store.office.cn/addinstemplate	0%	URL Reputation	safe
https://edge.skype.com/rps	0%	URL Reputation	safe
https://messaging.engagement.office.com/	0%	URL Reputation	safe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	0%	URL Reputation	safe
https://www.odwebp.svc.ms	0%	URL Reputation	safe
https://api.powerbi.com/v1.0/myorg/groups	0%	URL Reputation	safe
https://web.microsoftstream.com/video/	0%	URL Reputation	safe
https://api.addins.store.officeppe.com/addinstemplate	0%	URL Reputation	safe
https://graph.windows.net	0%	URL Reputation	safe
https://consent.config.office.com/consentcheckin/v1.0/consents	0%	URL Reputation	safe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	0%	URL Reputation	safe
https://safelinks.protection.outlook.com/api/GetPolicy	0%	URL Reputation	safe
https://ncus.contentsync.	0%	URL Reputation	safe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	0%	URL Reputation	safe
http://weather.service.msn.com/data.aspx	0%	URL Reputation	safe
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot	0%	URL Reputation	safe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	0%	URL Reputation	safe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	0%	URL Reputation	safe
https://mss.office.com	0%	URL Reputation	safe
https://pushchannel.1drv.ms	0%	URL Reputation	safe
https://wus2.contentsync.	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/ios	0%	URL Reputation	safe
https://api.addins.omex.office.net/api/addins/search	0%	URL Reputation	safe
https://outlook.office365.com/api/v1.0/me/Activities	0%	URL Reputation	safe
https://clients.config.office.net/user/v1.0/android/policies	0%	URL Reputation	safe
https://entitlement.diagnostics.office.com	0%	URL Reputation	safe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	142.250.185.164	true	false	unknown
r-email.sg.on24event.com	199.83.44.68	true	false	unknown
r-event.on24.com	199.83.44.71	true	false	unknown
event.on24.com	unknown	unknown	false	unknown
241.42.69.40.in-addr.arpa	unknown	unknown	false	unknown
email.sg.on24event.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://event.on24.com/apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436	false		unknown
https://event.on24.com/favicon.ico	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mozilla/rhino/issues/346	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://shell.suite.office.com:1443	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-arrayspeciescreate	chromecache_140.10.dr	false		unknown
https://designerapp.azurewebsites.net	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
http://www.fyneworks.com/jquery/xml-to-json/	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://autodiscover-s.outlook.com/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://w.on24.com/view/eventregistration/images/google_calendar.png	~WRS{1620DFE4-9D20-4001-B671-1DA640A90F1B}.tmp.0.dr	false		unknown
https://outlook.office365.com/connectors	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-object.getownpropertydescriptor	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://github.com/zloirock/core-js	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://cdn.entity.	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://html.spec.whatwg.org/multipage/indices.html#elements-3	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://rpsticket.partnerservices.getmicrosoftkey.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://lookup.onenote.com/lookup/geolocation/v1	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
http://bitmovin.com	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://github.com/andre-fuchs/kerning-pairs/blob/master/LICENSE.md).	32483553004.ttf.0.dr, 26205970649.ttf.0.dr, 26395700251.ttf.0.dr, 31638818185.ttf.0.dr, 27970306811.ttf.0.dr, 30153066857.ttf.0.dr, 25576969643.ttf.0.dr, 30169865670.ttf.0.dr, 25065980124.ttf.0.dr, 28903934312.ttf.0.dr, 32677218994.ttf.0.dr, 29867269125.ttf.0.dr	false		unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://creativemarket.com/blog/the-missing-guide-to-font-formats)	chromecache_142.10.dr	false		unknown
https://api.aadrm.com/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://github.com/tc39/proposal-array-filtering	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://canary.designerapp.	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
http://www.opensource.org/licenses/mit-license.php	chromecache_135.10.dr, chromecache_140.10.dr	false	URL Reputation: safe	unknown
https://vuejs.org/v2/api/#data	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://www.yammer.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://api.microsoftstream.com/api/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false		unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://cr.office.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
http://jfbastien.github.io/papers/Math.signbit.html	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://tc39.es/ecma262/#sec-tointegerorinfinity	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://messageuserer.mobile.m365.svc.cloud.microsoft	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://otelrules.svc.static.microsoft	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false		unknown
https://github.com/es-shims/es5-shim/issues/150	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://tc39.github.io/proposal-setmap-offrom/#sec-set.of	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://edge.skype.com/registrar/prod	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://github.com/tc39/proposal-promise-finally	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://res.getmicrosoftkey.com/api/redemptionevents	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tasks.office.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://officeci.azurewebsites.net/api/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://hacks.mozilla.org/2013/04/detecting-touch-its-the-why-not-the-how/	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://tc39.github.io/proposal-setmap-offrom/#sec-weakset.of	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://html.spec.whatwg.org/multipage/dom.html#phrasing-content	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://my.microsoftpersonalcontent.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false		unknown
https://tc39.es/ecma262/#sec-getmethod	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://store.office.cn/addinstemplate	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://github.com/zloirock/core-js/issues/306	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://edge.skype.com/rps	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.github.io/proposal-setmap-offrom/#sec-weakmap.from	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://messaging.engagement.office.com/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://www.odwebp.svc.ms	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
http://jqueryui.com/themeroller/?scope=&folderName=base&cornerRadiusShadow=8px&offsetLeftShadow=0px&	chromecache_142.10.dr	false		unknown
https://api.powerbi.com/v1.0/myorg/groups	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://web.microsoftstream.com/video/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://api.addins.store.officeppe.com/addinstemplate	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.github.io/proposal-flatMap/#sec-Array.prototype.flatMap	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://graph.windows.net	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://github.com/vuejs/vue-devtools	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://tc39.es/ecma262/#sec-parseint-string-radix	chromecache_140.10.dr	false		unknown
https://github.com/ljharb/proposal-is-error	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://github.com/zloirock/core-js/issues/1130	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://consent.config.office.com/consentcheckin/v1.0/consents	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.map	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://tc39.es/ecma262/#sec-tolength	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://d.docs.live.net	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false		unknown
https://safelinks.protection.outlook.com/api/GetPolicy	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://ncus.contentsync.	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.github.io/String.prototype.matchAll/	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://tc39.es/ecma262/#sec-array.prototype.reduceright	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://github.com/mathiasbynens/String.prototype.at	chromecache_140.10.dr	false		unknown
https://tc39.github.io/proposal-flatMap/#sec-FlattenIntoArray	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
http://weather.service.msn.com/data.aspx	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot	chromecache_135.10.dr, chromecache_140.10.dr	false	URL Reputation: safe	unknown
https://tc39.es/ecma262/#sec-array.prototype.foreach	chromecache_140.10.dr	false		unknown
https://tc39.es/ecma262/#sec-string.prototype.trimstart	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://event.on24.com/eventRegistration/EventCalendarServlet?reminder=15&start=20241107T180000Z&end	chromecache_108.10.dr	false		unknown
https://github.com/zloirock/core-js/issues/677	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://mss.office.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://pushchannel.1drv.ms	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://wus2.contentsync.	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/ios	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://api.addins.omex.office.net/api/addins/search	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://github.com/zloirock/core-js/issues/1128	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://outlook.office365.com/api/v1.0/me/Activities	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://clients.config.office.net/user/v1.0/android/policies	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://github.com/zloirock/core-js/issues/1008	chromecache_135.10.dr, chromecache_140.10.dr	false		unknown
https://entitlement.diagnostics.office.com	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false	URL Reputation: safe	unknown
https://outlook.office.com/	C2654150-6C0A-4E67-BABD-349B56794A53.0.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
199.83.44.71	r-event.on24.com	United States	18742	ON24-SACUS	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
199.83.44.68	r-email.sg.on24event.com	United States	18742	ON24-SACUS	false

Private

IP
192.168.2.10

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541192
Start date and time:	2024-10-24 15:05:45 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
Detection:	SUS
Classification:	sus24.winMSG@19/106@6/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 184.28.90.27, 52.168.117.175, 2.19.126.151, 2.19.126.160, 142.250.186.163, 142.250.184.206, 108.177.15.84, 34.104.35.123, 2.16.164.57, 2.16.164.96, 172.217.18.10, 142.250.185.202, 142.250.185.74, 172.217.18.106, 142.250.186.74, 142.250.185.170, 142.250.186.42, 142.250.186.138, 142.250.185.234, 142.250.184.234, 216.58.206.74, 142.250.186.170, 142.250.181.234, 142.250.184.202, 142.250.186.106, 172.217.16.202, 216.58.212.170, 142.250.185.106, 216.58.206.42, 172.217.23.106, 142.250.185.138
Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, clientservices.googleapis.com, on24static.akamaized.net, weu-azsc-config.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, clients2.google.com, e16604.g.akamaiedge.net, update.googleapis.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, prod.configsvc1.live.com.akadns.net, onedscolprdeus19.eastus.cloudapp.azure.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, a744.dscw10.akamai.net, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	https://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03	Get hash	malicious	Unknown	Browse
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/	Get hash	malicious	Unknown	Browse
	setup.msi	Get hash	malicious	Unknown	Browse
	https://1drv.ms/o/c/3e563d3fb2a98d1c/Emlo5KUbYYNEvKtIF-7SS0EBYSeT3hOOGuv_MbeT-n2y4g?e=HPjqUn	Get hash	malicious	HtmlDropper	Browse
	Meridian Group Inc - Contact Submission (70.2 KB)	Get hash	malicious	Unknown	Browse
	https://railrent-railrent.powerappsportals.com/	Get hash	malicious	Unknown	Browse
	https://2007.filemail.com/api/file/get?filekey=58mKUrTMdlmzqkRvo0UdVa2TMjJTCQiSNv5rUBtsDQTNU0dM4JzppUJaOrP_mWxCym0k9l5xEDeaXunPsHq6frY8XZH_gnclw86MefA3bpAlGuDkr77-xSqrMOQIlMdW5cRjwoOSCWIlTwpC48cNKMMHhMKp&track=P8fpm4ry&pk_vid=8a8b18f03738ae4f17297703684d559d	Get hash	malicious	HTMLPhisher	Browse
	attachment(1).eml	Get hash	malicious	Unknown	Browse
	https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLg	Get hash	malicious	Unknown	Browse
	PO 635614 635613_CQDM.html	Get hash	malicious	HTMLPhisher	Browse
199.83.44.71	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiFImaGOc8X-2FzF8FDlXshHtRJ6TIRZ6EeMzJLIlgf-2Fs2kSJOxf8XTG62Elbh9rqy-2FQ2QNZGXB54Mkq5upaOHB9GHJaF-2B3b4F-2FMyEt0RGHLDpLKRhLl9mxjPD0y5Swi37OTA-3DOBST_mhsMQQwIM9hexyWqOlUPbBh1Ydv5cYoDRZfJchLEEeKy4ZjgP9CBDSdvgDFEefqBVXHw4Mv6KQHsP3gT468tApWXvWK-2FeXhqGfYYlnX46U5WmntG47XCU85W-2B7YcCKnv6RkyD-2BGsL6eKQti9UGCTMQ9mNlYRCUnfVenBdKFDHBLCSg5nmfwfVylxfV1LsL0vuEyDgr8SC57Mq-2BhfexPfdy0Rg72muov-2F70SqaHW8j0XfAmx9zQy8hYRRlnIIGbyzjoQcdYcq0btsMQpdS6jNo-2BNvozXopiqu0Jz-2B-2B25Gyoj-2FyIelIDkNiGA84aUyGyfbMNmoNmmLB38ufi9uQKhxSQ-3D-3D	Get hash	malicious	Unknown	Browse
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3D	Get hash	malicious	Unknown	Browse
199.83.44.68	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiFImaGOc8X-2FzF8FDlXshHtRJ6TIRZ6EeMzJLIlgf-2Fs2kSJOxf8XTG62Elbh9rqy-2FQ2QNZGXB54Mkq5upaOHB9GHJaF-2B3b4F-2FMyEt0RGHLDpLKRhLl9mxjPD0y5Swi37OTA-3DOBST_mhsMQQwIM9hexyWqOlUPbBh1Ydv5cYoDRZfJchLEEeKy4ZjgP9CBDSdvgDFEefqBVXHw4Mv6KQHsP3gT468tApWXvWK-2FeXhqGfYYlnX46U5WmntG47XCU85W-2B7YcCKnv6RkyD-2BGsL6eKQti9UGCTMQ9mNlYRCUnfVenBdKFDHBLCSg5nmfwfVylxfV1LsL0vuEyDgr8SC57Mq-2BhfexPfdy0Rg72muov-2F70SqaHW8j0XfAmx9zQy8hYRRlnIIGbyzjoQcdYcq0btsMQpdS6jNo-2BNvozXopiqu0Jz-2B-2B25Gyoj-2FyIelIDkNiGA84aUyGyfbMNmoNmmLB38ufi9uQKhxSQ-3D-3D	Get hash	malicious	Unknown	Browse
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3D	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
r-email.sg.on24event.com	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiFImaGOc8X-2FzF8FDlXshHtRJ6TIRZ6EeMzJLIlgf-2Fs2kSJOxf8XTG62Elbh9rqy-2FQ2QNZGXB54Mkq5upaOHB9GHJaF-2B3b4F-2FMyEt0RGHLDpLKRhLl9mxjPD0y5Swi37OTA-3DOBST_mhsMQQwIM9hexyWqOlUPbBh1Ydv5cYoDRZfJchLEEeKy4ZjgP9CBDSdvgDFEefqBVXHw4Mv6KQHsP3gT468tApWXvWK-2FeXhqGfYYlnX46U5WmntG47XCU85W-2B7YcCKnv6RkyD-2BGsL6eKQti9UGCTMQ9mNlYRCUnfVenBdKFDHBLCSg5nmfwfVylxfV1LsL0vuEyDgr8SC57Mq-2BhfexPfdy0Rg72muov-2F70SqaHW8j0XfAmx9zQy8hYRRlnIIGbyzjoQcdYcq0btsMQpdS6jNo-2BNvozXopiqu0Jz-2B-2B25Gyoj-2FyIelIDkNiGA84aUyGyfbMNmoNmmLB38ufi9uQKhxSQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
r-event.on24.com	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiFImaGOc8X-2FzF8FDlXshHtRJ6TIRZ6EeMzJLIlgf-2Fs2kSJOxf8XTG62Elbh9rqy-2FQ2QNZGXB54Mkq5upaOHB9GHJaF-2B3b4F-2FMyEt0RGHLDpLKRhLl9mxjPD0y5Swi37OTA-3DOBST_mhsMQQwIM9hexyWqOlUPbBh1Ydv5cYoDRZfJchLEEeKy4ZjgP9CBDSdvgDFEefqBVXHw4Mv6KQHsP3gT468tApWXvWK-2FeXhqGfYYlnX46U5WmntG47XCU85W-2B7YcCKnv6RkyD-2BGsL6eKQti9UGCTMQ9mNlYRCUnfVenBdKFDHBLCSg5nmfwfVylxfV1LsL0vuEyDgr8SC57Mq-2BhfexPfdy0Rg72muov-2F70SqaHW8j0XfAmx9zQy8hYRRlnIIGbyzjoQcdYcq0btsMQpdS6jNo-2BNvozXopiqu0Jz-2B-2B25Gyoj-2FyIelIDkNiGA84aUyGyfbMNmoNmmLB38ufi9uQKhxSQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.71
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.71
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.71

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ON24-SACUS	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiFImaGOc8X-2FzF8FDlXshHtRJ6TIRZ6EeMzJLIlgf-2Fs2kSJOxf8XTG62Elbh9rqy-2FQ2QNZGXB54Mkq5upaOHB9GHJaF-2B3b4F-2FMyEt0RGHLDpLKRhLl9mxjPD0y5Swi37OTA-3DOBST_mhsMQQwIM9hexyWqOlUPbBh1Ydv5cYoDRZfJchLEEeKy4ZjgP9CBDSdvgDFEefqBVXHw4Mv6KQHsP3gT468tApWXvWK-2FeXhqGfYYlnX46U5WmntG47XCU85W-2B7YcCKnv6RkyD-2BGsL6eKQti9UGCTMQ9mNlYRCUnfVenBdKFDHBLCSg5nmfwfVylxfV1LsL0vuEyDgr8SC57Mq-2BhfexPfdy0Rg72muov-2F70SqaHW8j0XfAmx9zQy8hYRRlnIIGbyzjoQcdYcq0btsMQpdS6jNo-2BNvozXopiqu0Jz-2B-2B25Gyoj-2FyIelIDkNiGA84aUyGyfbMNmoNmmLB38ufi9uQKhxSQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	PAYMENT CONFIRMATION FOR 9182024.html	Get hash	malicious	Phisher	Browse	199.83.45.77
	https://t.ac.orbitz.com/r/?id=h241b7f09,6b9c3f5,25525ea&p1=/serve?action=click&agency_id=1034&my_campaign=BRAND&my_site=GENERIC&publisher_id=229689&my_publisher=ORBITZ-US&my_adgroup=BRAND:DISPLAY.OOD&my_ad=EMLCID=ORBITZ-US.MR.BOOK.ORB_PT_XS_EARN_DEF.GENERIC&EMLDTL=DATE20230121.SID24597369.KEY2459736919682226.PAID19682226.LANGEN_US.MCIDM.TESTX.VERSX.MIDSORB_PT_XS_M_EARN.MODS&my_placement=EML-TRIGGERED&site_id_ios=103696&site_id_android=121703&url_web=https%3a%2f%2fjrsxwy.codesandbox.io?trek=andlYXZlckBoYXJ2ZXN0bWlkc3RyZWFtLmNvbQ==	Get hash	malicious	Unknown	Browse	199.83.46.169
	https://sigtn.com/utils/emt.cfm?client_id=4768014&campaign_id=888888&qid=30692089&link=aHR0cHM6Ly85MmoyNDMuY29kZXNhbmRib3guaW8vP3JzPWEyRnlaVzR1Y0c5c2EybHVaMmh2Y201bFFHNWxkSGR2Y210d1lYSjBibVZ5Y3k1amIyMD0=	Get hash	malicious	Unknown	Browse	199.83.46.169
	https://link.sylikes.com/?publisherId=637687&afCampaignId=359765a371164ed65ad7b73cbe0d015d2666cb0eMDkyMDIw&afPlacementId=24&url=http://376409.376409.lacdiabetes.cl/boehlerpYm9laGxlcnBAcmZlcmwub3Jn/Ym9laGxlcnBAcmZlcmwub3Jn	Get hash	malicious	Unknown	Browse	199.83.44.37
ON24-SACUS	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiFImaGOc8X-2FzF8FDlXshHtRJ6TIRZ6EeMzJLIlgf-2Fs2kSJOxf8XTG62Elbh9rqy-2FQ2QNZGXB54Mkq5upaOHB9GHJaF-2B3b4F-2FMyEt0RGHLDpLKRhLl9mxjPD0y5Swi37OTA-3DOBST_mhsMQQwIM9hexyWqOlUPbBh1Ydv5cYoDRZfJchLEEeKy4ZjgP9CBDSdvgDFEefqBVXHw4Mv6KQHsP3gT468tApWXvWK-2FeXhqGfYYlnX46U5WmntG47XCU85W-2B7YcCKnv6RkyD-2BGsL6eKQti9UGCTMQ9mNlYRCUnfVenBdKFDHBLCSg5nmfwfVylxfV1LsL0vuEyDgr8SC57Mq-2BhfexPfdy0Rg72muov-2F70SqaHW8j0XfAmx9zQy8hYRRlnIIGbyzjoQcdYcq0btsMQpdS6jNo-2BNvozXopiqu0Jz-2B-2B25Gyoj-2FyIelIDkNiGA84aUyGyfbMNmoNmmLB38ufi9uQKhxSQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2BscSWac3BuupWFH6VNOvVWTJC9zO-2BHJCietQ-2FJZFwQgpHI-3D-lRS_d2mIoWmaHN9uElWsaXGXS4tx0xN0zdn5dS-2BOd7-2Fl3QSVFRRmw1zxHoUF8IFkv0vPmX9e-2FpcJrwktm83M8wunod8BspGgLLPEF1if2HBchZeffUo4j9EJFkeG71k3QLUGbt-2BPOzOXmt4QJd92N-2FZHTYo2XD8iUgnUizXXtivzF3d3iwCm-2B4LgJBsV4Xj2wRfUmVe-2BZzLNjzm9yfKXdaFtrYnt3SwNpb5k3iumV8n5Skx7pt7Un0CDOQuxQvoQfT71JluCxsB4NeK-2Fb76-2BFnzVpaElc921KXwzYV6gy0TRcRMyq5WidmSlSRF6xkfJgLjfEzUFzNEG7kEBleVDqxb6JQ-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGKhz4oV3PFLo8UDeLKYv23KHw-2BibCQbosx-2BrYm8YSguIMuXvCpYeqDDvEw6xfy3Div01ANz8r2e-2FhGLQvDi-2Bsc6FaIlcwFy323lwaarteGjoXmAWZ77DlZFrOHhjmiQr0-3DAi8m_lHclm8QYORDEd2i1pY8iiMApMxjKNwDzndXGWMwL-2FVaDLkCrIb-2FgQKm-2FutG0KO72H4SwpKalRDTUzZfsGO863iRy8WKrdz16mk5ZOGquq7bqjhyuPTPBO-2B-2FobhNL-2Fiw0sbfNj7OSue-2FIppdS72L8KeReKi2sYygPTTUQ6FAZhpELqizFuVYiSYb7LJ3FcFAt7VFGjIc0LjDO04TCb7Kr3RXi3OZtFXZptudql-2F9FGONhK9uxyg17fFjiwf-2FcA9HXVgOgmHDjs4LDrNR-2BYyJF8UalpN336eGaZthgfCiWJNcRv5lq5bxuf1619fxrkzY38vtDNJAVjrDOY4sJJgNY5A-3D-3D	Get hash	malicious	Unknown	Browse	199.83.44.68
	PAYMENT CONFIRMATION FOR 9182024.html	Get hash	malicious	Phisher	Browse	199.83.45.77
	https://t.ac.orbitz.com/r/?id=h241b7f09,6b9c3f5,25525ea&p1=/serve?action=click&agency_id=1034&my_campaign=BRAND&my_site=GENERIC&publisher_id=229689&my_publisher=ORBITZ-US&my_adgroup=BRAND:DISPLAY.OOD&my_ad=EMLCID=ORBITZ-US.MR.BOOK.ORB_PT_XS_EARN_DEF.GENERIC&EMLDTL=DATE20230121.SID24597369.KEY2459736919682226.PAID19682226.LANGEN_US.MCIDM.TESTX.VERSX.MIDSORB_PT_XS_M_EARN.MODS&my_placement=EML-TRIGGERED&site_id_ios=103696&site_id_android=121703&url_web=https%3a%2f%2fjrsxwy.codesandbox.io?trek=andlYXZlckBoYXJ2ZXN0bWlkc3RyZWFtLmNvbQ==	Get hash	malicious	Unknown	Browse	199.83.46.169
	https://sigtn.com/utils/emt.cfm?client_id=4768014&campaign_id=888888&qid=30692089&link=aHR0cHM6Ly85MmoyNDMuY29kZXNhbmRib3guaW8vP3JzPWEyRnlaVzR1Y0c5c2EybHVaMmh2Y201bFFHNWxkSGR2Y210d1lYSjBibVZ5Y3k1amIyMD0=	Get hash	malicious	Unknown	Browse	199.83.46.169
	https://link.sylikes.com/?publisherId=637687&afCampaignId=359765a371164ed65ad7b73cbe0d015d2666cb0eMDkyMDIw&afPlacementId=24&url=http://376409.376409.lacdiabetes.cl/boehlerpYm9laGxlcnBAcmZlcmwub3Jn/Ym9laGxlcnBAcmZlcmwub3Jn	Get hash	malicious	Unknown	Browse	199.83.44.37

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://app.writesonic.com/share/writing-assistant/d140c48b-3642-43bf-a085-e258c1fb4f03	Get hash	malicious	Unknown	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL/	Get hash	malicious	Unknown	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	Meridian Group Inc - Contact Submission (70.2 KB)	Get hash	malicious	Unknown	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	https://2007.filemail.com/api/file/get?filekey=58mKUrTMdlmzqkRvo0UdVa2TMjJTCQiSNv5rUBtsDQTNU0dM4JzppUJaOrP_mWxCym0k9l5xEDeaXunPsHq6frY8XZH_gnclw86MefA3bpAlGuDkr77-xSqrMOQIlMdW5cRjwoOSCWIlTwpC48cNKMMHhMKp&track=P8fpm4ry&pk_vid=8a8b18f03738ae4f17297703684d559d	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLg	Get hash	malicious	Unknown	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	PO 635614 635613_CQDM.html	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	http://74.248.121.8/d/msdownload/update/software/defu/2024/10/updateplatform.amd64fre_d3f6f8300855e56b8ed00da6dac55a3c4cbf8c20.exe?cacheHostOrigin=au.download.windowsupdate.com	Get hash	malicious	Unknown	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	https://landsmith.ae/continue.html	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	https://is.gd/6NgVrQ	Get hash	malicious	HTMLPhisher	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50
	1863415243647.exe	Get hash	malicious	AgentTesla	Browse	20.109.210.53 40.69.42.241 40.126.31.67 173.222.162.55 20.12.23.50

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	118
Entropy (8bit):	3.5700810731231707
Encrypted:	false
SSDEEP:	3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
MD5:	573220372DA4ED487441611079B623CD
SHA1:	8F9D967AC6EF34640F1F0845214FBC6994C0CB80
SHA-256:	BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
SHA-512:	F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No favicon
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No favicon
Source: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665	HTTP Parser: No favicon

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="author".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="author".. found

Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="copyright".. found
Source: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 40.69.42.241
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67

Source: global traffic	DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: email.sg.on24event.com
Source: global traffic	DNS traffic detected: DNS query: event.on24.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 12:08:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9839026210405364
Encrypted:	false
SSDEEP:	48:8vPbdgTM3LHPidAKZdA1uehwiZUklqehEJy+3:8vGA32/y
MD5:	176F32CF239DB1B2F0596A03B9E1AAE6
SHA1:	63EE58D484AEC46100D886CE9173DB2A88B12512
SHA-256:	591C70E305EE1D8CE65EE368D17823802B47E64C1CB6F26D1EF67546736B5C5A
SHA-512:	84C8845CF731BB680AE4AAB12F917D35EDA733E8E575D302EA894897589DF7D40798A93D21C37178FCDEE829503521E905207289EBF99E2787A6AFA65CF1B4ED
Malicious:	false
Preview:	L..................F.@.. ...$+.,.........&......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW$O..PROGRA~1..t......O.IXY.h....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.i....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.L..Chrome..>......CW.VXY.i....M......................k..C.h.r.o.m.e.....`.1.....EW.L..APPLIC~1..H......CW.VXY.i...........................k..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VXY.i....N.......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............E.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	4.599449490371528
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg
File size:	56'320 bytes
MD5:	f6848b922ea78a6582896cca49e9d8bf
SHA1:	66d492a3f548739248082c4a43ab408bb3a690a7
SHA256:	952107ccd505be86bdf04bc82d064489848f9de524e3adc1afbb769bc9ee31f6
SHA512:	1d45f373b6e2ad9417fec45cc50a6ea9b88331555960e6562b3c6641d377d7540ba8500eab1379961dbcb275f350b63623dc28c8258f9b8c2786e816373d8972
SSDEEP:	768:wYq42IWKdU+7XYqZ+zX/UZAMOJWsKAWsKDC9SZQMQB+t0U:wYt2Iq8YKZALJWYWSSZQMm+
TLSH:	B943751435FA5209F277EF324EE5A497852ABD92AD149A8F31D0330F0571981FDA2F3A
File Content Preview:	........................>......................................................................................................................................................................................................................................

Subject:	You are confirmed for Optum Payer Monthly PPS PRS Webinar
From:	Optum <do_not_reply@on24event.com>
To:	chall@networkhealth.com
Cc:
BCC:
Date:	Wed, 23 Oct 2024 17:55:04 +0200
Communications:	<https://event.on24.com/event/47/22/03/4/rt/rt/323e63d6-e59d-4fd9-9669-4f11bc87f7f1.optum_email_image.jpg> Dear Carol, Thank you for registering for our upcoming webinar: Topic: Optum Payer Monthly PPS PRS Webinar Date: November 07, 2024 Time: 01:00 PM EST Duration: 60 minutes <https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9LJ8v_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAm0KRHK5DZxbLZXwRSAi2HvKkRAkS4ExDfdJKwjKyt3ReSzg6TVQ898-2By7xUQV1pIwshg-2F-2Bncddui5HC-2BE0IS3cQfWdnMKDgnwfJOOcn2DhnLlZGvHqtZNwQbEBo9pG2PBjEXM-2FOHRcZvEeGE1Rj-2FAUCEabeNGiskKYYlktlhHkJWsHpN6cq9-2FK8kP3JeTGEyw-3D-3D> <https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubXwxmIHQZ2do2nzugRpbj8sUIyYzpDanWvq7P7z1EpKTPjZaQ17RfT2I6bffLl1cUmW6IXY8sBm4hS0cPKlWgRuxqGjwy0qdMIj2uo7RKLVPTc5m88FmikypbWSgrztyTuYtBQPwWw3ebheZakxyc7FFr5S44Hw9rLCjHUvOPofo9kbFG_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAoIy3MzG3kdrru9Yvxu0ygDfWuzlgjcvrxqBlkV4BY2mkCzwA5jBN5rjxz-2F-2BsyMnQfHWkNxjMIZv6IBWkL8j0xWgvEID-2F-2FdgkC79m6T4CLF4Ru4slCqOKEuK45ntF4FGnfu-2BxNk2Yj1VxgsHmsl4jo7NJJbvAyMZAVVI0boEhoqSUrvJbAEVFWFdB3lpZlsfcw-3D-3D> <https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubX8BMV-2FoEQl2996tScjFNtgXhds7d5Ci86rJAE2TeBwWq1YpwAF1BwFLymyfCbPO1OXFxkTweVxFVMilbAhmhrnniMNTRvj1IuSiqgfhIQExB7r0ursgIgt0jVtxkx59m5LcumnBpFua2T9LlR9stZ7yh4nC1WJUN3JGd3n49ylf7QDAQ_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAuXlJ6wMEfoqdOnzeoMpgPc32YGvFJT43IQdQaW7oJ0sw4db16xyfe27wdKAByEYVFHQwcVRSO81ofH0Gyo6TH-2FCcuY-2FsPmH38p-2BRn2DOyKplm8H4xLFFfoXGFbRIpPAZX4Mw9eRzZcgwllTXY0xe1nTykNRe-2FodD37FIMg0-2FdFEwXdBYaWFfxYS7alHRZ9Niw-3D-3D> <https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiHjX8DoCw-2F6wUeQ27RvG2-2F-2FyOCUgAe-2BapJJCrwiDoubX8BMV-2FoEQl2996tScjFNtgXhds7d5Ci86rJAE2TeBwWq1YpwAF1BwFLymyfCbPO1OXFxkTweVxFVMilbAhmhrnniMNTRvj1IuSiqgfhIQExB7r0ursgIgt0jVtxkx59m5LcumnBpFua2T9LlR9stZ7yh4nC1WJUN3JGd3n49ylf7e2UF_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAqpPVC-2B1R3dQ-2Fo3JIn13KUDTw45DGBv-2F8gTYHX0B-2BNt8GI-2BBpy1CCbhVtFpdpR2zORjbJC4ayItdHZuQ6udzN4U-2FUmBMpvX4PGPmqFBjWYxMgylsF2IgESlYjw58hdHSoLC7-2B-2BC11j66SnYmzLda8UbpVJa-2F4KUZleqfA-2FLwvXqLDAaZb5KPqfKxad0s019gSQ-3D-3D> Each person must register separately, so please don't forward or share this link. When it's time, click here to enter webinar <https://email.sg.on24event.com/ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D> . Audio will be broadcast through your computer speakers or headphones. Test Connection Requirements <https://email.sg.on24event.com/ls/click?upn=u001.qPsCj0VSKBRlbXwk4CZaT1VjLeyp2VLEfjNu-2B0nZu-2Fxqd7J7azeavYtfWIpH5s06GQEvBI0TD08CB0WWY2VsJVDcP-2FQhY1aFsKZbsJSqBsnr2NBi-2BPeIPVzN4kT2Yiqr3Tx2OpA6J1unh-2BdPxTcjVdopDFBYzE3LKGVA8F9ciCDThINs8zndcZjvQRmiF9E1AUCbhysOb9iZxTB871Z1cg-3D-3Dh0co_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAuzhj72iCz7U7FnJSXPf-2FU3578JotqIAzqs-2FHDJFXqvITkw3udISzrfJPO7QNF-2Fx-2Fm9rl1p4XXOKt-2FMBuTPiECtAiUwoUW-2BDg7Ubb-2FESvtO-2BDY-2FdkVMjH71T0gr2Vg7FEJKjllZSJh3zPd4S-2Bd32lS5HB4-2FQce27SKwCXzQAbGnh5oFB-2FUPRokomiXLQe1QcvQ-3D-3D> Experiencing problems? If you need assistance, please call 1-800-765-6092. <https://event.on24.com/utilApp/webapi/el/static/img/RXAyZ1lpQmtHeWhiM0tBSThaRCtZaXFXY3YzR1BtTkVJQWJTQ1hhQnZiOD0=.gif> <https://email.sg.on24event.com/wf/open?upn=u001.A5yEPtj12O0Rov549oufKdd5QVwxt2sqbjvCJL5K0mE5B9Ipzn84SzyCX0RRbVVYqFJnvLiQ4wJXSnKWunnQW2jizcba2O1wuf-2Bs5U0sMUJDLyKgTkvO46DpUyH0HDNDW0-2BgaJOTB95XMPdg2XuXhDPNaLxyMX3D2c-2FNlLLGqWrEkiu7B-2BnbY7lXlRX9p4zB7-2BQJai0fGYmWSKi2R7dFtn5fL0BovnRVdQgDAiSvTQhzV2oX1Rmg2ejWAcnZPWbhCqSzxdNarBaMJPCo85ZQd6k7Ujw-2FElNbRJm4EC610GGZBwzDxXf8dFif2v98JKjD-2FyAbisqZtZkmPjspMnGx9w-3D-3D>
Attachments:

Key	Value
Authentication-Results	relay.mimecast.com;
spf=pass (relay.mimecast.com	domain of "bounces+44923358-4a2b-chall=networkhealth.com@em6747.email.sg.on24event.com" designates 159.183.67.9 as permitted sender) smtp.mailfrom="bounces+44923358-4a2b-chall=networkhealth.com@em6747.email.sg.on24event.com"
Received	from NDQ5MjMzNTg (unknown)
us-mta-8-4Y-fYiaVMneC-hnHWRDXfA-1; Wed, 23 Oct 2024 11	55:06 -0400
X-MC-Unique	4Y-fYiaVMneC-hnHWRDXfA-1
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=email.sg.on24event.com;
h=content-transfer-encoding	content-type:from:mime-version:subject:
reply-to	list-unsubscribe:list-unsubscribe-post:to:cc:content-type:from:
subject	to;
2024-10-23 15	55:04.456598547 +0000 UTC m=+3535103.489763325
Wed, 23 Oct 2024 15	55:04.390 +0000 (UTC)
Date	Wed, 23 Oct 2024 15:55:04 +0000 (UTC)
From	Optum <do_not_reply@on24event.com>
Mime-Version	1.0
Message-ID	<Hf2e-G8bTz-ORcs_7hpYRA@geopod-ismtpd-12>
Subject	You are confirmed for Optum Payer Monthly PPS PRS Webinar
Reply-To	Optum <do_not_reply@on24event.com>
List-Unsubscribe	=?us-ascii?Q?=3Chttps=3A=2F=2Fevent=2Eon24=2Ecom=2FeventRegistration=2FSubscriptionServlet=3F?=
List-Unsubscribe-Post	List-Unsubscribe=One-Click
X-SG-EID	=?us-ascii?Q?u001=2ELtyhwz6gbTzORfzfQqJoiU1WHyLezH=2F5mBCqMG2nG8ik1jMMOjmwZ1dfo?=
X-SG-ID	=?us-ascii?Q?u001=2ESdBcvi+Evd=2FbQef8eZF3BuLUdC6hHCDPLITlXlY3iAZQyrTnGzQcYIdJb?=
To	chall@networkhealth.com
X-Entity-ID	u001.Lco2GrS3bpCsct2LlXIVig==
X-Mimecast-Spam-Score	1
Content-Transfer-Encoding	quoted-printable
Content-Type	text/html; charset=us-ascii
date	Wed, 23 Oct 2024 17:55:04 +0200

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 24, 2024 15:07:25.125857115 CEST	53	58799	162.159.36.2	192.168.2.10
Oct 24, 2024 15:07:26.313844919 CEST	59346	53	192.168.2.10	1.1.1.1
Oct 24, 2024 15:07:26.321728945 CEST	53	59346	1.1.1.1	192.168.2.10
Oct 24, 2024 15:07:39.483206034 CEST	138	138	192.168.2.10	192.168.2.255
Oct 24, 2024 15:08:27.620547056 CEST	54593	53	192.168.2.10	1.1.1.1
Oct 24, 2024 15:08:27.628103971 CEST	53	54593	1.1.1.1	192.168.2.10
Oct 24, 2024 15:08:28.872349024 CEST	50878	53	192.168.2.10	1.1.1.1
Oct 24, 2024 15:08:28.881793022 CEST	53	50878	1.1.1.1	192.168.2.10
Oct 24, 2024 15:08:31.544861078 CEST	60153	53	192.168.2.10	1.1.1.1
Oct 24, 2024 15:08:31.552717924 CEST	53	60153	1.1.1.1	192.168.2.10
Oct 24, 2024 15:09:31.938723087 CEST	56533	53	192.168.2.10	1.1.1.1
Oct 24, 2024 15:09:31.968628883 CEST	53	56533	1.1.1.1	192.168.2.10

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /clientwebservice/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: fe3cr.delivery.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sls/ping HTTP/1.1Connection: Keep-AliveUser-Agent: DNS resiliency checker/1.0Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D HTTP/1.1Host: email.sg.on24event.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP/1.1Host: event.on24.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000c0123a6c2e1cb281b891377116f166183016dfbff44055e9812c0ff9daeeee8108718604a6113000b72c6dab8b831e09077cd53248d2fbef9ac9b9123747a99580ea162b97f63d4f7c81faafa762e165e54974af4dcf7795
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; TS0af49cbe027=082972b052ab20005137f6ca95c95cdec5df4a09d371fe90f2f9bcaf687352971d91fe01e82fe879087fc3f8fa1130007d1197670b6cdd83329c23d9877bfe904cbb2540330aab9b8d99a4abf58ecd6cb156739f2081060cbd7f4c354fef63a0
Source: global traffic	HTTP traffic detected: GET /eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://event.on24.com/eventRegistration/eventRegistrationServletAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000dba2a11af68d4e2f32f1adbcda0e6daa8c29ed6b6710618e155fe021a830b90108ac42c211113000298cc264162aaed2a1d9d22f40a8014be6935cf93eac09adbec8d3de650dd5764c386f1765e92155f9fa1f7bf3f28e12
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1Host: event.on24.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1
Source: global traffic	HTTP traffic detected: GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1Host: event.on24.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 24, 2024 15:07:26.945277929 CEST	1.1.1.1	192.168.2.10	0x1	Name error (3)	241.42.69.40.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Oct 24, 2024 15:08:27.628103971 CEST	1.1.1.1	192.168.2.10	0x8634	No error (0)	email.sg.on24event.com	r-email.sg.on24event.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:08:27.628103971 CEST	1.1.1.1	192.168.2.10	0x8634	No error (0)	r-email.sg.on24event.com		199.83.44.68	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:08:28.881793022 CEST	1.1.1.1	192.168.2.10	0x2aea	No error (0)	event.on24.com	r-event.on24.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:08:28.881793022 CEST	1.1.1.1	192.168.2.10	0x2aea	No error (0)	r-event.on24.com		199.83.44.71	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:08:31.552717924 CEST	1.1.1.1	192.168.2.10	0xc737	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false
Oct 24, 2024 15:09:31.968628883 CEST	1.1.1.1	192.168.2.10	0x61e8	No error (0)	event.on24.com	r-event.on24.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 24, 2024 15:09:31.968628883 CEST	1.1.1.1	192.168.2.10	0x61e8	No error (0)	r-event.on24.com		199.83.44.71	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:09 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 13:07:09 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: b15d833c-6aa3-49b0-a51e-bd380d3923aa MS-RequestId: 5fd02a34-24be-4e11-9c45-0a1482ea7acf MS-CV: +dd8NZW7z0CxjBQu.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:08 GMT Connection: close Content-Length: 24490
2024-10-24 13:07:09 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-24 13:07:09 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:28 UTC	142	OUT	GET /clientwebservice/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: fe3cr.delivery.mp.microsoft.com
2024-10-24 13:07:28 UTC	234	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:27 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:29 UTC	124	OUT	GET /sls/ping HTTP/1.1 Connection: Keep-Alive User-Agent: DNS resiliency checker/1.0 Host: slscr.update.microsoft.com
2024-10-24 13:07:29 UTC	318	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Expires: -1 MS-CV: Kv6NL1BdyU+PsI7z.0 MS-RequestId: 70f5bf53-4c42-4904-937a-11dfeeef8ef6 MS-CorrelationId: f2c627fa-a6a9-431a-89c2-c35e8ba16b9e X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:28 GMT Connection: close Content-Length: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:31 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 13:07:31 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 7df8c83b-f71e-4a63-a867-199a4a6d1001 MS-RequestId: 98972fa1-b010-4670-8238-8376b5343881 MS-CV: bVQ8rBo/mk6/y7cU.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:30 GMT Connection: close Content-Length: 24490
2024-10-24 13:07:31 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-24 13:07:31 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:32 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZkUy8GzOZDur7Pz&MD=GzfRren8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-10-24 13:07:33 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 0195ef4a-64cf-4bce-954a-56edc4d9d335 MS-RequestId: bc5d9b56-de95-4b6b-a682-96f96ee5b7c7 MS-CV: Bv/0ekbmrEqVtMng.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 24 Oct 2024 13:07:32 GMT Connection: close Content-Length: 30005
2024-10-24 13:07:33 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-24 13:07:33 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:07:48 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4762 Host: login.live.com
2024-10-24 13:07:48 UTC	4762	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-10-24 13:07:48 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 24 Oct 2024 13:06:48 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C512_BAY x-ms-request-id: 374b25bd-2b80-4650-ab7e-89babb52e44e PPServer: PPV: 30 H: PH1PEPF0001B7B4 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 24 Oct 2024 13:07:48 GMT Connection: close Content-Length: 10197
2024-10-24 13:07:48 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:28 UTC	1230	OUT	GET /ls/click?upn=u001.7kf5QUY4LGF7Fzt7LGE4bbPPsSPtBC4KXSPVJqWhtiGqMeVWfa9TGN53mpNzO60CSXfDxqA1OzKkyjteGKhJXNP-2Fqhe73BqzRJ8k3vkeBM80ywN4suRgmUudd3q6XorB58yVzMED8XpqyOagf7ECUt-2FXTBt0GbG656kKIjkDZHU-3DBtZ-_yCuTUfPY6UB7yZ5VxhRUVVgisgV7CtFVrxjgs1Dx8NjmnyzpnSVIv-2F-2B-2B7j2fu-2FYCagNFZJHRH19RPwY10f0pPoVHgwnfCVfMYlFqMrHnUU6GAuAouzjqh20ONbYN2VfftLDjoqAJGBN2kft-2Bv04fAlTH5udhpMPtPnet9IHWh1cVyBrpRkdmo2ebrF0TCXbQnXaDGj9MDon9fO-2BZnr0dKxtBnMsUm81ptF155A2mgNEXZRip6r6Y3gx-2FVTvFM2OUm-2BjaLZqinwHODkJP6UYs4FYvhv8WHZd41YBAqFjU1C6m7axLQ7x9DAy1bOJPQI5YnM05uRvslE5uXj6660vm6A-3D-3D HTTP/1.1 Host: email.sg.on24event.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 13:08:28 UTC	309	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 24 Oct 2024 13:08:28 GMT Content-Type: text/html; charset=utf-8 Content-Length: 137 Connection: close Location: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com X-Robots-Tag: noindex, nofollow
2024-10-24 13:08:28 UTC	137	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 76 65 6e 74 2e 6f 6e 32 34 2e 63 6f 6d 2f 77 63 63 2f 72 2f 34 37 32 32 30 33 34 2f 32 36 31 46 39 41 41 46 33 43 33 39 33 46 43 41 36 31 34 39 44 42 31 46 37 30 30 43 41 31 45 31 3f 6d 6f 64 65 3d 6c 6f 67 69 6e 26 61 6d 70 3b 65 6d 61 69 6c 3d 63 68 61 6c 6c 40 6e 65 74 77 6f 72 6b 68 65 61 6c 74 68 2e 63 6f 6d 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com">Found</a>.

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:29 UTC	744	OUT	GET /wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com HTTP/1.1 Host: event.on24.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-24 13:08:29 UTC	1219	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:29 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 X-ORACLE-DMS-ECID: 20ccd1e4-02f9-4e6f-af93-5850de2863b5-000ac6eb X-ORACLE-DMS-RID: 0 Set-Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; Path=/; Secure; HttpOnly; SameSite=None Set-Cookie: sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; domain=.on24.com; expires=Thu, 24-Oct-2024 13:38:29 GMT; path=/; HttpOnly; SameSite=None; Secure Connection: close Set-Cookie: BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; path=/; Httponly; Secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors *.on24.com Set-Cookie: ON24_Pool=cons3_prd_wl_LNX; Path=/; Secure; Httponly; SameSite=None Set-Cookie: TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba; Path=/; SameSite=None; Secure
2024-10-24 13:08:29 UTC	3091	IN	Data Raw: 30 63 30 62 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 4f 70 74 75 6d 20 50 61 79 65 72 20 4d 6f 6e 74 68 6c 79 20 50 50 53 20 50 52 53 20 57 65 62 69 6e 61 72 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 0a 09 09 09 0a 09 09 0a 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 Data Ascii: 0c0b<!doctype html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Optum Payer Monthly PPS PRS Webinar</title> <meta name="viewport" content="wi
2024-10-24 13:08:29 UTC	8	IN	Data Raw: 30 30 30 30 0d 0a 0d 0a Data Ascii: 0000

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:33 UTC	1285	OUT	GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=login&random=0.3104642400754436 HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
2024-10-24 13:08:33 UTC	595	IN	HTTP/1.1 200 OK Server: openresty/1.21.4.1 Date: Thu, 24 Oct 2024 13:08:33 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close ProX-Cache-Status: HIT ProX-Response-Time: 0.000 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab2000aef575dbe06c7a875dce5c12ccc1fc7d3fd7d162119b8355ba79fd5103d8cd840860524950113000f602c56d5d369e2f8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3; Path=/; SameSite=None; Secure
2024-10-24 13:08:33 UTC	11365	IN	Data Raw: 35 36 64 33 0d 0a 7b 22 65 76 65 6e 74 22 3a 34 37 32 32 30 33 34 2c 22 73 65 73 73 69 6f 6e 22 3a 31 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 22 3a 5b 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 36 37 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 23 66 66 66 66 66 66 22 2c 22 64 69 73 70 6c 61 79 45 Data Ascii: 56d3{"event":4722034,"session":1,"success":true,"errorMessage":null,"displayelement":[{"displayElementID":"240028167","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#ffffff","displayE
2024-10-24 13:08:34 UTC	10875	IN	Data Raw: 70 6c 61 74 65 5f 72 65 67 5f 62 74 6e 5f 74 65 78 74 5f 63 6f 6c 6f 72 22 2c 22 76 61 6c 69 64 61 74 69 6f 6e 54 79 70 65 43 6f 64 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 69 73 70 6c 61 79 53 65 71 75 65 6e 63 65 22 3a 22 32 31 22 2c 22 74 6f 70 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 6c 65 66 74 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 68 65 69 67 68 74 22 3a 22 2d 31 22 2c 22 77 69 64 74 68 22 3a 22 2d 31 22 2c 22 6d 65 64 69 61 55 52 4c 49 44 22 3a 22 2d 31 22 2c 22 69 6e 64 65 78 22 3a 22 32 31 22 2c 22 62 6f 74 74 6f 6d 50 61 64 64 69 6e 67 22 3a 31 32 2c 22 64 69 73 70 6c 61 79 74 79 70 65 63 6f 64 65 22 3a 22 72 65 67 69 73 74 72 61 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 6f 70 74 69 6f 6e 69 6e 66 6f 22 3a 7b 22 65 76 65 6e Data Ascii: plate_reg_btn_text_color","validationTypeCode":"none","displaySequence":"21","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"-1","index":"21","bottomPadding":12,"displaytypecode":"registration","displayelementoptioninfo":{"even

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\25576969643.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\30169865670.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\31638818185.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Display\32677218994.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\25065980124.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\27970306811.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\28903934312.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos Narrow\29867269125.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\26205970649.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\26395700251.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\30153066857.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Aptos\32483553004.ttf

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C2654150-6C0A-4E67-BABD-349B56794A53

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Windows Analysis Report
You are confirmed for Optum Payer Monthly PPS PRS Webinar.msg

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:33 UTC	1279	OUT	GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=login&random=0.38885434681912456 HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
2024-10-24 13:08:33 UTC	596	IN	HTTP/1.1 200 OK Server: openresty/1.21.4.1 Date: Thu, 24 Oct 2024 13:08:33 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close ProX-Cache-Status: MISS ProX-Response-Time: 0.017 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab20005feb4d9739aaabf990d5a138b23bd2493ac8dbf2ce4f69153ea0bc428854de6e081f852667113000251ed464bd750bcb8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3; Path=/; SameSite=None; Secure
2024-10-24 13:08:33 UTC	4124	IN	Data Raw: 32 30 37 62 0d 0a 7b 22 65 76 65 6e 74 22 3a 34 37 32 32 30 33 34 2c 22 73 65 73 73 69 6f 6e 22 3a 31 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 22 3a 5b 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 34 30 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 23 66 66 66 66 66 66 22 2c 22 64 69 73 70 6c 61 79 45 Data Ascii: 207b{"event":4722034,"session":1,"success":true,"errorMessage":null,"displayelement":[{"displayElementID":"240028140","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#ffffff","displayE
2024-10-24 13:08:33 UTC	4199	IN	Data Raw: 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 6f 70 74 69 6f 6e 69 6e 66 6f 22 3a 7b 22 65 76 65 6e 74 22 3a 22 34 37 32 32 30 33 34 22 2c 22 73 65 73 73 69 6f 6e 22 3a 22 31 22 7d 7d 2c 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 34 39 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 23 48 65 6c 70 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 6c 6f 62 62 79 5f 6f 6e 6c 69 Data Ascii: "displayelementoptioninfo":{"event":"4722034","session":"1"}},{"displayElementID":"240028149","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#Help","displayElementValueCode":"lobby_onli
2024-10-24 13:08:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:33 UTC	1252	OUT	GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.026706953604296313&filter=json HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000249b9e0f6180f48fc8e5ff339523f6aa85185bb82f8cba83ffc3576c667588e608667b12b41130000b48097a4b972171929c1bbd3bb02b1b3dc697653db87068ef8b967e1ba5721d12d09ec05ccfc2fd040b6e5baddd61ba
2024-10-24 13:08:33 UTC	610	IN	HTTP/1.1 200 OK Server: openresty/1.21.4.1 Date: Thu, 24 Oct 2024 13:08:33 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close ProX-Cache-Status: HIT ProX-Response-Time: 0.000 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab200061c61d9546fc0a03de158bf9554377f033f0bbee6730930e55a7a0ea81feba9e089f008dde113000aac1495f6873d7ce8dad14cddf3750a3b9d131f8fc59a75d0fb24cd0c3e5835a4c7bfcf0d441c130fa2ff2d8edc351a3; Path=/; SameSite=None; Secure
2024-10-24 13:08:33 UTC	4110	IN	Data Raw: 37 66 65 30 0d 0a 7b 22 65 76 65 6e 74 22 3a 7b 22 69 64 22 3a 22 34 37 32 32 30 33 34 22 2c 22 6e 61 6d 65 22 3a 22 6e 75 6c 6c 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4f 70 74 75 6d 20 50 61 79 65 72 20 4d 6f 6e 74 68 6c 79 20 50 50 53 20 50 52 53 20 57 65 62 69 6e 61 72 22 2c 22 6c 6f 63 61 6c 65 6c 61 6e 67 75 61 67 65 63 6f 64 65 22 3a 22 65 6e 22 2c 22 6c 6f 63 61 6c 65 63 6f 75 6e 74 72 79 63 6f 64 65 22 3a 22 6e 75 6c 6c 22 2c 22 63 6c 69 65 6e 74 69 64 22 3a 22 32 31 37 36 30 22 2c 22 63 6c 69 65 6e 74 6e 61 6d 65 22 3a 22 65 6c 69 74 65 75 68 67 6f 70 74 75 6d 64 65 6d 61 6e 64 67 65 6e 22 2c 22 64 69 73 70 6c 61 79 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 61 73 74 65 72 6e 20 53 74 61 6e 64 61 72 64 20 54 69 6d 65 22 2c 22 64 69 73 70 6c Data Ascii: 7fe0{"event":{"id":"4722034","name":"null","description":"Optum Payer Monthly PPS PRS Webinar","localelanguagecode":"en","localecountrycode":"null","clientid":"21760","clientname":"eliteuhgoptumdemandgen","displaytimezone":"Eastern Standard Time","displ
2024-10-24 13:08:33 UTC	7240	IN	Data Raw: 67 65 6e 65 72 61 74 69 6f 6e 22 7d 2c 22 70 6d 4d 6f 64 65 22 3a 7b 22 69 64 22 3a 22 32 33 32 37 32 30 22 2c 22 74 79 70 65 63 6f 64 65 22 3a 22 70 6d 4d 6f 64 65 22 2c 22 63 61 74 65 67 6f 72 79 22 3a 22 70 6d 4d 6f 64 65 22 2c 22 76 61 6c 75 65 22 3a 22 6d 6f 64 65 31 22 7d 2c 22 70 6f 6c 6c 69 6e 67 52 65 71 75 69 72 65 64 22 3a 7b 22 69 64 22 3a 22 32 33 32 36 35 31 22 2c 22 74 79 70 65 63 6f 64 65 22 3a 22 70 6f 6c 6c 69 6e 67 52 65 71 75 69 72 65 64 22 2c 22 63 61 74 65 67 6f 72 79 22 3a 22 70 6f 6c 6c 22 2c 22 76 61 6c 75 65 22 3a 22 43 48 45 43 4b 45 44 22 7d 2c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 4d 61 6e 61 67 65 72 22 3a 7b 22 69 64 22 3a 22 32 33 37 38 39 32 22 2c 22 74 79 70 65 63 6f 64 65 22 3a 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 4d Data Ascii: generation"},"pmMode":{"id":"232720","typecode":"pmMode","category":"pmMode","value":"mode1"},"pollingRequired":{"id":"232651","typecode":"pollingRequired","category":"poll","value":"CHECKED"},"presentationManager":{"id":"237892","typecode":"presentationM
2024-10-24 13:08:34 UTC	1448	IN	Data Raw: 5f 6f 6e 6c 69 6e 65 5f 68 65 6c 70 22 3a 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 35 39 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 3c 63 6f 6e 66 69 67 3e 5c 6e 20 20 3c 70 61 72 61 6d 73 3e 5c 6e 20 20 20 20 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 64 65 73 63 72 69 70 74 69 6f 6e 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 5c 22 3e 75 6e 64 65 66 69 6e 65 64 3c 2f 70 61 72 61 6d 3e 5c 6e 20 20 20 20 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 72 65 73 69 7a 61 62 6c 65 5c 22 20 74 79 70 65 3d 5c 22 42 6f 6f 6c 65 61 6e 5c 22 3e 74 72 75 65 3c 2f 70 61 72 61 6d 3e 5c 6e 20 20 20 20 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 6d 61 78 69 6d 69 7a 61 62 6c 65 5c 22 20 74 79 70 65 Data Ascii: _online_help":{"displayElementID":"240028159","displayElementValue":"<config>\n <params>\n <param name=\"description\" type=\"String\">undefined</param>\n <param name=\"resizable\" type=\"Boolean\">true</param>\n <param name=\"maximizable\" type
2024-10-24 13:08:34 UTC	7240	IN	Data Raw: 3e 50 65 72 73 69 73 74 65 6e 63 65 53 74 61 74 65 55 70 64 61 74 65 3c 2f 70 61 72 61 6d 3e 5c 6e 20 20 20 20 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 63 75 73 74 6f 6d 49 63 6f 6e 55 72 6c 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 5c 22 3e 68 74 74 70 73 3a 2f 2f 77 63 63 2e 6f 6e 32 34 2e 63 6f 6d 2f 65 76 65 6e 74 2f 34 37 2f 32 32 2f 30 33 2f 34 2f 72 74 2f 31 2f 69 6d 61 67 65 73 2f 63 75 73 74 6f 6d 5f 69 63 6f 6e 5f 35 32 34 37 32 33 32 31 2f 6f 6e 32 34 69 63 6f 6e 68 65 6c 70 2e 70 6e 67 3c 2f 70 61 72 61 6d 3e 5c 6e 20 20 20 20 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 6c 6f 61 64 43 6f 6e 66 69 67 56 4f 46 72 6f 6d 58 4d 4c 5c 22 20 74 79 70 65 3d 5c 22 42 6f 6f 6c 65 61 6e 5c 22 3e 66 61 6c 73 65 3c 2f 70 61 72 61 6d 3e 5c 6e 20 20 20 Data Ascii: >PersistenceStateUpdate</param>\n <param name=\"customIconUrl\" type=\"String\">https://wcc.on24.com/event/47/22/03/4/rt/1/images/custom_icon_52472321/on24iconhelp.png</param>\n <param name=\"loadConfigVOFromXML\" type=\"Boolean\">false</param>\n
2024-10-24 13:08:34 UTC	7240	IN	Data Raw: 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 63 6f 6d 70 6f 6e 65 6e 74 54 79 70 65 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 5c 22 3e 70 61 6e 65 6c 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 70 65 72 73 69 73 74 65 6e 63 65 53 74 61 74 75 73 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 5c 22 3e 50 65 72 73 69 73 74 65 6e 63 65 53 74 61 74 75 73 53 61 76 65 43 6f 6d 70 6c 65 74 65 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 63 72 65 61 74 69 6f 6e 54 69 6d 65 73 74 61 6d 70 5c 22 20 74 79 70 65 3d 5c 22 4e 75 6d 62 65 72 5c 22 3e 31 34 33 36 32 39 30 36 30 38 37 33 34 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 68 61 73 43 68 72 6f 6d 65 5c 22 20 74 79 70 65 Data Ascii: </param><param name=\"componentType\" type=\"String\">panel</param><param name=\"persistenceStatus\" type=\"String\">PersistenceStatusSaveComplete</param><param name=\"creationTimestamp\" type=\"Number\">1436290608734</param><param name=\"hasChrome\" type
2024-10-24 13:08:34 UTC	5471	IN	Data Raw: 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 70 6c 61 79 65 72 5f 73 68 61 72 65 5f 74 68 69 73 22 2c 22 76 61 6c 69 64 61 74 69 6f 6e 54 79 70 65 43 6f 64 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 69 73 70 6c 61 79 53 65 71 75 65 6e 63 65 22 3a 22 38 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 74 6f 70 4f 66 66 73 65 74 22 3a 22 31 36 33 22 2c 22 6c 65 66 74 4f 66 66 73 65 74 22 3a 22 37 22 2c 22 68 65 69 67 68 74 22 3a 22 31 31 32 22 2c 22 77 69 64 74 68 22 3a 22 33 31 38 22 2c 22 6d 65 64 69 61 55 52 4c 49 44 22 3a 22 33 32 38 32 37 38 33 36 31 22 2c 22 64 69 73 70 6c Data Ascii: mentTypeCode":"freetext","displayElementValueCode":"player_share_this","validationTypeCode":"none","displaySequence":"8","isRequired":"false","isActive":"true","topOffset":"163","leftOffset":"7","height":"112","width":"318","mediaURLID":"328278361","displ

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:34 UTC	2123	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A4109007A20 X-BM-CBT: 1696501796 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: D95703EFC0844C95954C44563A05B5B6 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A4109007A20 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,d-thshldspcl40 X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 608 Connection: Keep-Alive Cache-Control: no-cache Cookie: SRCHUID=V=2&GUID=4DCD32EA63724A15B9FCA9A424F62E4E&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696499427949&IPMH=7bc3b11d&IPMID=1696501796291&HV=1696501608; MUID=985D67226D4E42EFB34FF259DA244FF8; _SS=SID=1C5CE73126DC645D35AAF490270A65A3&CPID=1696501797283&AC=1&CPH=893a1c21; _EDGE_S=SID=1C5CE73126DC645D35AAF490270A65A3; MUIDB=985D67226D4E42EFB34FF259DA244FF8
2024-10-24 13:08:34 UTC	608	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 39 38 35 44 36 37 32 32 36 44 34 45 34 32 45 46 42 33 34 46 46 32 35 39 44 41 32 34 34 46 46 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 38 41 39 43 37 41 44 39 39 36 34 34 30 31 36 41 44 42 32 42 41 45 38 41 31 30 46 36 35 39 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 Data Ascii: <ClientInstRequest><CID>985D67226D4E42EFB34FF259DA244FF8</CID><Events><E><T>Event.ClientInst</T><IG>78A9C7AD99644016ADB2BAE8A10F6594</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
2024-10-24 13:08:34 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: E3BC2B6FAA8F437AA77FA7E4828CF810 Ref B: LAX311000109023 Ref C: 2024-10-24T13:08:34Z Date: Thu, 24 Oct 2024 13:08:34 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.3ca6dc17.1729775314.148a09eb

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:36 UTC	1144	OUT	GET /favicon.ico HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; TS0af49cbe027=082972b052ab2000c0123a6c2e1cb281b891377116f166183016dfbff44055e9812c0ff9daeeee8108718604a6113000b72c6dab8b831e09077cd53248d2fbef9ac9b9123747a99580ea162b97f63d4f7c81faafa762e165e54974af4dcf7795
2024-10-24 13:08:36 UTC	833	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:36 GMT Server: Apache Last-Modified: Thu, 05 Dec 2019 23:00:06 GMT Accept-Ranges: bytes Content-Length: 1150 Content-Type: image/x-icon Connection: close Set-Cookie: BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; path=/; Httponly; Secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab20005137f6ca95c95cdec5df4a09d371fe90f2f9bcaf687352971d91fe01e82fe879087fc3f8fa1130007d1197670b6cdd83329c23d9877bfe904cbb2540330aab9b8d99a4abf58ecd6cb156739f2081060cbd7f4c354fef63a0; Path=/; SameSite=None; Secure
2024-10-24 13:08:36 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 40 30 e6 e8 40 30 f2 e8 40 30 f2 e8 41 31 f2 e8 3f 2f f2 e6 32 21 f2 e5 26 14 f2 e4 1f 0c f2 e4 1f 0d f2 e5 26 14 f2 e6 32 21 f2 e8 3f 2f f2 e8 41 31 f2 e8 40 30 f2 e8 40 30 f2 e8 40 30 e6 e8 40 30 ff e8 40 30 ff e8 43 33 ff e7 33 22 ff e5 24 11 ff ea 4f 41 ff f0 82 78 ff f4 a0 97 ff f4 9f 97 ff f0 81 77 ff ea 4f 40 ff e5 24 12 ff e7 35 24 ff e8 43 33 ff e8 40 30 ff e8 40 30 ff e8 40 30 f2 e8 43 33 ff e6 2d 1b ff e7 36 26 ff f4 a2 9a ff fe fa f9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe f6 f5 ff f4 a0 98 ff e6 31 20 ff e6 2f 1d ff e8 43 33 ff e8 40 30 f2 e8 Data Ascii: h( @0@0@0A1?/2!&&2!?/A1@0@0@0@0@0C33"$OAxwO@$5$C3@0@0@0C3-6&1 /C3@0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:08:37 UTC	1012	OUT	GET /favicon.ico HTTP/1.1 Host: event.on24.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; TS0af49cbe027=082972b052ab20005137f6ca95c95cdec5df4a09d371fe90f2f9bcaf687352971d91fe01e82fe879087fc3f8fa1130007d1197670b6cdd83329c23d9877bfe904cbb2540330aab9b8d99a4abf58ecd6cb156739f2081060cbd7f4c354fef63a0
2024-10-24 13:08:37 UTC	672	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:08:37 GMT Server: Apache Last-Modified: Thu, 05 Dec 2019 23:00:06 GMT Accept-Ranges: bytes Content-Length: 1150 Content-Type: image/x-icon Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors *.on24.com Set-Cookie: TS0af49cbe027=082972b052ab2000e071f132569cb19256f1868039dc009bc10977b29cb048af23d4b6e53580b17f089cf2a06b113000865560520f34aa390a8e46c33415e340f5c187c7006de155b3f18842f74c8cbbbaa565ae9c94279ded72807b3d062adb; Path=/; SameSite=None; Secure
2024-10-24 13:08:37 UTC	1150	IN	Data Raw: 00 00 01 00 01 00 10 10 00 00 01 00 20 00 68 04 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 40 30 e6 e8 40 30 f2 e8 40 30 f2 e8 41 31 f2 e8 3f 2f f2 e6 32 21 f2 e5 26 14 f2 e4 1f 0c f2 e4 1f 0d f2 e5 26 14 f2 e6 32 21 f2 e8 3f 2f f2 e8 41 31 f2 e8 40 30 f2 e8 40 30 f2 e8 40 30 e6 e8 40 30 ff e8 40 30 ff e8 43 33 ff e7 33 22 ff e5 24 11 ff ea 4f 41 ff f0 82 78 ff f4 a0 97 ff f4 9f 97 ff f0 81 77 ff ea 4f 40 ff e5 24 12 ff e7 35 24 ff e8 43 33 ff e8 40 30 ff e8 40 30 ff e8 40 30 f2 e8 43 33 ff e6 2d 1b ff e7 36 26 ff f4 a2 9a ff fe fa f9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe f6 f5 ff f4 a0 98 ff e6 31 20 ff e6 2f 1d ff e8 43 33 ff e8 40 30 f2 e8 Data Ascii: h( @0@0@0A1?/2!&&2!?/A1@0@0@0@0@0C33"$OAxwO@$5$C3@0@0@0C3-6&1 /C3@0

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:09:32 UTC	1619	OUT	POST /eventRegistration/eventRegistrationServlet HTTP/1.1 Host: event.on24.com Connection: keep-alive Content-Length: 248 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://event.on24.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://event.on24.com/wcc/r/4722034/261F9AAF3C393FCA6149DB1F700CA1E1?mode=login&email=chall@networkhealth.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; TS0af49cbe027=082972b052ab2000e071f132569cb19256f1868039dc009bc10977b29cb048af23d4b6e53580b17f089cf2a06b113000865560520f34aa390a8e46c33415e340f5c187c7006de155b3f18842f74c8cbbbaa565ae9c94279ded72807b3d062adb
2024-10-24 13:09:32 UTC	248	OUT	Data Raw: 65 6d 61 69 6c 3d 63 68 61 6c 6c 25 34 30 6e 65 74 77 6f 72 6b 68 65 61 6c 74 68 2e 63 6f 6d 26 6d 6f 64 65 3d 6c 6f 67 69 6e 26 65 6d 61 69 6c 3d 63 68 61 6c 6c 25 34 30 6e 65 74 77 6f 72 6b 68 65 61 6c 74 68 2e 63 6f 6d 26 69 73 4c 6f 62 62 79 3d 66 61 6c 73 65 26 68 74 74 70 70 72 6f 74 6f 63 6f 6c 3d 68 74 74 70 73 25 33 41 26 68 6f 73 74 3d 65 76 65 6e 74 2e 6f 6e 32 34 2e 63 6f 6d 26 65 76 65 6e 74 69 64 3d 34 37 32 32 30 33 34 26 73 65 73 73 69 6f 6e 69 64 3d 31 26 6b 65 79 3d 32 36 31 46 39 41 41 46 33 43 33 39 33 46 43 41 36 31 34 39 44 42 31 46 37 30 30 43 41 31 45 31 26 72 65 67 54 61 67 3d 26 73 6f 75 72 63 65 70 61 67 65 3d 72 65 67 69 73 74 65 72 26 6c 6f 67 69 6e 61 63 74 69 6f 6e 3d 79 26 72 65 63 6f 6f 6b 69 65 3d 79 Data Ascii: email=chall%40networkhealth.com&mode=login&email=chall%40networkhealth.com&isLobby=false&httpprotocol=https%3A&host=event.on24.com&eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&regTag=&sourcepage=register&loginaction=y&recookie=y
2024-10-24 13:09:32 UTC	837	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:09:32 GMT Transfer-Encoding: chunked Content-Type: text/html Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: * Set-Cookie: event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; HttpOnly; secure; domain=.on24.com; expires=Wed, 22-Jan-2025 13:09:32 GMT; path=/; SameSite=None Access-Control-Allow-Methods: * Access-Control-Allow-Origin: https://event.on24.com Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab2000dba2a11af68d4e2f32f1adbcda0e6daa8c29ed6b6710618e155fe021a830b90108ac42c211113000298cc264162aaed2a1d9d22f40a8014be6935cf93eac09adbec8d3de650dd5764c386f1765e92155f9fa1f7bf3f28e12; Path=/; SameSite=None; Secure
2024-10-24 13:09:32 UTC	684	IN	Data Raw: 30 32 61 34 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 6f 6e 6c 6f 61 64 3d 27 72 65 64 69 72 65 63 74 49 74 28 29 3b 27 3e 3c 63 65 6e 74 65 72 3e 3c 21 2d 2d 68 36 3e 54 68 61 6e 6b 20 79 6f 75 2e 20 50 6c 65 61 73 65 20 77 61 69 74 20 61 20 66 65 77 20 73 65 63 6f 6e 64 73 20 77 68 69 6c 65 20 79 6f 75 20 61 72 65 20 72 65 64 69 72 65 63 74 65 64 20 28 6f 72 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 65 76 65 6e 74 2e 6f 6e 32 34 2e 63 6f 6d 2f 65 76 65 6e 74 52 65 67 69 73 74 72 61 74 69 6f 6e 2f 45 76 65 6e 74 4c 6f 62 62 79 53 65 72 76 6c 65 74 3f 74 61 72 67 65 74 3d 6c 6f 62 62 79 33 30 2e 6a 73 70 26 65 76 65 6e 74 69 64 3d 34 37 32 32 30 33 34 26 73 65 73 73 69 6f 6e 69 64 3d 31 26 66 6f 72 6d 61 Data Ascii: 02a4<html><head></head><body onload='redirectIt();'><center>...h6>Thank you. Please wait a few seconds while you are redirected (or <a href='https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&forma
2024-10-24 13:09:32 UTC	8	IN	Data Raw: 30 30 30 30 0d 0a 0d 0a Data Ascii: 0000

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:09:32 UTC	1599	OUT	GET /eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://event.on24.com/eventRegistration/eventRegistrationServlet Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab2000dba2a11af68d4e2f32f1adbcda0e6daa8c29ed6b6710618e155fe021a830b90108ac42c211113000298cc264162aaed2a1d9d22f40a8014be6935cf93eac09adbec8d3de650dd5764c386f1765e92155f9fa1f7bf3f28e12
2024-10-24 13:09:33 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 24 Oct 2024 13:09:32 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 X-ORACLE-DMS-ECID: 20ccd1e4-02f9-4e6f-af93-5850de2863b5-000ac7ba X-ORACLE-DMS-RID: 0 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e; Path=/; SameSite=None; Secure
2024-10-24 13:09:33 UTC	1448	IN	Data Raw: 30 66 65 38 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 45 76 65 6e 74 20 4c 6f 62 62 79 20 28 45 56 45 4e 54 3a 20 34 37 32 32 30 33 34 29 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 Data Ascii: 0fe8<!doctype html><html lang="en" role="main"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Event Lobby (EVENT: 4722034)</title><meta name="viewport" content="width=device-wi
2024-10-24 13:09:33 UTC	1448	IN	Data Raw: 2e 6f 6e 32 34 2e 63 6f 6d 25 32 46 76 69 65 77 25 32 46 70 72 65 73 65 6e 74 61 74 69 6f 6e 25 32 46 66 6c 61 73 68 25 32 46 45 76 65 6e 74 43 6f 6e 73 6f 6c 65 4d 56 43 2e 68 74 6d 6c 25 33 46 75 69 6d 6f 64 65 25 33 44 6e 65 78 74 67 65 6e 65 72 61 74 69 6f 6e 22 3b 0a 09 09 09 76 61 72 20 69 73 46 6c 61 73 68 53 75 70 70 6f 72 74 65 64 4d 6f 62 69 6c 65 44 65 76 69 63 65 20 3d 20 66 61 6c 73 65 3b 0a 09 09 09 76 61 72 20 66 61 61 41 72 63 68 69 76 65 45 78 69 73 74 73 20 3d 20 66 61 6c 73 65 3b 0a 09 09 09 76 61 72 20 65 6c 69 74 65 43 6c 69 65 6e 74 20 3d 20 74 72 75 65 3b 0a 09 09 09 76 61 72 20 63 61 6c 65 6e 64 61 72 55 72 6c 20 3d 20 22 68 74 74 70 73 3a 2f 2f 65 76 65 6e 74 2e 6f 6e 32 34 2e 63 6f 6d 2f 65 76 65 6e 74 52 65 67 69 73 74 72 61 74 Data Ascii: .on24.com%2Fview%2Fpresentation%2Fflash%2FEventConsoleMVC.html%3Fuimode%3Dnextgeneration";var isFlashSupportedMobileDevice = false;var faaArchiveExists = false;var eliteClient = true;var calendarUrl = "https://event.on24.com/eventRegistrat
2024-10-24 13:09:33 UTC	1244	IN	Data Raw: 65 2f 61 70 6f 6c 6c 6f 78 2f 6d 61 69 6e 45 76 65 6e 74 22 3a 22 2f 65 76 65 6e 74 52 65 67 69 73 74 72 61 74 69 6f 6e 2f 63 6f 6e 73 6f 6c 65 2f 61 70 6f 6c 6c 6f 78 2f 6d 61 69 6e 45 76 65 6e 74 22 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 73 4c 69 76 65 50 65 72 69 6f 64 20 3d 20 74 72 75 65 3b 0a 09 09 09 76 61 72 20 69 73 48 54 4d 4c 35 43 6f 6e 73 6f 6c 65 45 6e 61 62 6c 65 64 20 3d 20 66 61 6c 73 65 3b 0a 09 09 09 76 61 72 20 69 73 4c 6f 62 62 79 4f 70 65 6e 4f 72 4c 69 76 65 54 69 6d 65 20 3d 20 66 61 6c 73 65 3b 0a 09 09 09 76 61 72 20 68 61 73 4d 6f 72 65 54 68 61 6e 4f 6e 65 4f 70 74 69 6f 6e 20 3d 20 66 61 6c 73 65 3b 0a 09 09 09 76 61 72 20 69 73 41 70 6f 6c 6c 6f 43 6f 6d 70 61 74 69 62 6c 65 20 3d 20 66 61 6c 73 65 3b 0a 09 Data Ascii: e/apollox/mainEvent":"/eventRegistration/console/apollox/mainEvent"; var isLivePeriod = true;var isHTML5ConsoleEnabled = false;var isLobbyOpenOrLiveTime = false;var hasMoreThanOneOption = false;var isApolloCompatible = false;
2024-10-24 13:09:33 UTC	8	IN	Data Raw: 30 30 30 30 0d 0a 0d 0a Data Ascii: 0000

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:09:34 UTC	1599	OUT	GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=registration&mode=&random=0.3505105758608753 HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
2024-10-24 13:09:34 UTC	595	IN	HTTP/1.1 200 OK Server: openresty/1.21.4.1 Date: Thu, 24 Oct 2024 13:09:34 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close ProX-Cache-Status: HIT ProX-Response-Time: 0.000 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab200021250418675b2b06ca4aa45cbfa58ac4989de8f08a2550354bc145b0fbe6c4fa0828b5ad29113000d6aa18a60e70c7c717e9995804c1d44a6637f76faad8f4755d8633f9fb70f87970c92ed0a4351964f876383e9225cab3; Path=/; SameSite=None; Secure
2024-10-24 13:09:34 UTC	2677	IN	Data Raw: 35 36 64 33 0d 0a 7b 22 65 76 65 6e 74 22 3a 34 37 32 32 30 33 34 2c 22 73 65 73 73 69 6f 6e 22 3a 31 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 22 3a 5b 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 36 37 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 23 66 66 66 66 66 66 22 2c 22 64 69 73 70 6c 61 79 45 Data Ascii: 56d3{"event":4722034,"session":1,"success":true,"errorMessage":null,"displayelement":[{"displayElementID":"240028167","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#ffffff","displayE
2024-10-24 13:09:34 UTC	1448	IN	Data Raw: 2d 31 22 2c 22 69 6e 64 65 78 22 3a 22 35 22 2c 22 62 6f 74 74 6f 6d 50 61 64 64 69 6e 67 22 3a 31 32 2c 22 64 69 73 70 6c 61 79 74 79 70 65 63 6f 64 65 22 3a 22 72 65 67 69 73 74 72 61 74 69 6f 6e 22 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 6f 70 74 69 6f 6e 69 6e 66 6f 22 3a 7b 22 65 76 65 6e 74 22 3a 22 34 37 32 32 30 33 34 22 2c 22 73 65 73 73 69 6f 6e 22 3a 22 31 22 7d 7d 2c 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 37 33 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 Data Ascii: -1","index":"5","bottomPadding":12,"displaytypecode":"registration","displayelementoptioninfo":{"event":"4722034","session":"1"}},{"displayElementID":"240028173","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext"
2024-10-24 13:09:34 UTC	5792	IN	Data Raw: 66 6f 22 3a 7b 22 65 76 65 6e 74 22 3a 22 34 37 32 32 30 33 34 22 2c 22 73 65 73 73 69 6f 6e 22 3a 22 31 22 7d 7d 2c 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 37 36 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 74 72 75 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 74 65 78 74 62 6f 78 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 45 6d 61 69 6c 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 65 6d 61 69 6c 22 2c 22 76 61 6c 69 64 61 74 69 6f 6e 54 79 70 65 43 6f 64 65 22 3a 22 65 6d 61 69 6c 22 Data Ascii: fo":{"event":"4722034","session":"1"}},{"displayElementID":"240028176","isRequired":"true","isActive":"true","isHidden":"false","displayElementTypeCode":"textbox","displayElementValue":"Email","displayElementValueCode":"email","validationTypeCode":"email"
2024-10-24 13:09:35 UTC	12323	IN	Data Raw: 65 6e 74 56 61 6c 75 65 22 3a 22 4e 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 74 65 6d 70 6c 61 74 65 5f 72 65 67 5f 73 70 65 61 6b 65 72 5f 62 69 6f 73 22 2c 22 76 61 6c 69 64 61 74 69 6f 6e 54 79 70 65 43 6f 64 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 69 73 70 6c 61 79 53 65 71 75 65 6e 63 65 22 3a 22 31 38 22 2c 22 74 6f 70 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 6c 65 66 74 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 68 65 69 67 68 74 22 3a 22 2d 31 22 2c 22 77 69 64 74 68 22 3a 22 2d 31 22 2c 22 6d 65 64 69 61 55 52 4c 49 44 22 3a 22 2d 31 22 2c 22 69 6e 64 65 78 22 3a 22 31 38 22 2c 22 62 6f 74 74 6f 6d 50 61 64 64 69 6e 67 22 3a 31 32 2c 22 64 69 73 70 6c 61 79 74 79 70 65 63 6f 64 65 22 3a 22 72 65 67 69 73 Data Ascii: entValue":"N","displayElementValueCode":"template_reg_speaker_bios","validationTypeCode":"none","displaySequence":"18","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"-1","index":"18","bottomPadding":12,"displaytypecode":"regis

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:09:35 UTC	1593	OUT	GET /apic/eventRegistration/webapi/regPage/displayElements?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&code=lobby&mode=&random=0.27798472848526656 HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
2024-10-24 13:09:35 UTC	595	IN	HTTP/1.1 200 OK Server: openresty/1.21.4.1 Date: Thu, 24 Oct 2024 13:09:35 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close ProX-Cache-Status: HIT ProX-Response-Time: 0.000 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab2000be7d43c1da700ecc191feca1984106f6debc4bd8a161fcf84b8709cf0fae6fbb08d33996b0113000f88d0bd510e6c0e483712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1; Path=/; SameSite=None; Secure
2024-10-24 13:09:35 UTC	4125	IN	Data Raw: 32 30 37 62 0d 0a 7b 22 65 76 65 6e 74 22 3a 34 37 32 32 30 33 34 2c 22 73 65 73 73 69 6f 6e 22 3a 31 2c 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 65 72 72 6f 72 4d 65 73 73 61 67 65 22 3a 6e 75 6c 6c 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 22 3a 5b 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 34 30 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 23 66 66 66 66 66 66 22 2c 22 64 69 73 70 6c 61 79 45 Data Ascii: 207b{"event":4722034,"session":1,"success":true,"errorMessage":null,"displayelement":[{"displayElementID":"240028140","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#ffffff","displayE
2024-10-24 13:09:35 UTC	1448	IN	Data Raw: 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 6f 70 74 69 6f 6e 69 6e 66 6f 22 3a 7b 22 65 76 65 6e 74 22 3a 22 34 37 32 32 30 33 34 22 2c 22 73 65 73 73 69 6f 6e 22 3a 22 31 22 7d 7d 2c 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 34 39 22 2c 22 69 73 52 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 23 48 65 6c 70 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 6c 6f 62 62 79 5f 6f 6e 6c 69 6e Data Ascii: displayelementoptioninfo":{"event":"4722034","session":"1"}},{"displayElementID":"240028149","isRequired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"#Help","displayElementValueCode":"lobby_onlin
2024-10-24 13:09:35 UTC	1448	IN	Data Raw: 65 71 75 69 72 65 64 22 3a 22 66 61 6c 73 65 22 2c 22 69 73 41 63 74 69 76 65 22 3a 22 74 72 75 65 22 2c 22 69 73 48 69 64 64 65 6e 22 3a 22 66 61 6c 73 65 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 54 79 70 65 43 6f 64 65 22 3a 22 66 72 65 65 74 65 78 74 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 59 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 6c 6f 62 62 79 5f 64 6f 77 6e 6c 6f 61 64 5f 77 69 6e 64 6f 77 73 22 2c 22 76 61 6c 69 64 61 74 69 6f 6e 54 79 70 65 43 6f 64 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 69 73 70 6c 61 79 53 65 71 75 65 6e 63 65 22 3a 22 31 32 22 2c 22 74 6f 70 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 6c 65 66 74 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 68 Data Ascii: equired":"false","isActive":"true","isHidden":"false","displayElementTypeCode":"freetext","displayElementValue":"Y","displayElementValueCode":"lobby_download_windows","validationTypeCode":"none","displaySequence":"12","topOffset":"-1","leftOffset":"-1","h
2024-10-24 13:09:35 UTC	1307	IN	Data Raw: 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 59 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 43 6f 64 65 22 3a 22 6c 6f 62 62 79 5f 61 64 64 5f 74 6f 5f 63 61 6c 65 6e 64 61 72 22 2c 22 76 61 6c 69 64 61 74 69 6f 6e 54 79 70 65 43 6f 64 65 22 3a 22 6e 6f 6e 65 22 2c 22 64 69 73 70 6c 61 79 53 65 71 75 65 6e 63 65 22 3a 22 31 35 22 2c 22 74 6f 70 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 6c 65 66 74 4f 66 66 73 65 74 22 3a 22 2d 31 22 2c 22 68 65 69 67 68 74 22 3a 22 2d 31 22 2c 22 77 69 64 74 68 22 3a 22 2d 31 22 2c 22 6d 65 64 69 61 55 52 4c 49 44 22 3a 22 2d 31 22 2c 22 69 6e 64 65 78 22 3a 22 31 35 22 2c 22 62 6f 74 74 6f 6d 50 61 64 64 69 6e 67 22 3a 35 2c 22 64 69 73 70 6c 61 79 74 79 70 65 63 6f 64 65 22 3a 22 6c Data Ascii: splayElementValue":"Y","displayElementValueCode":"lobby_add_to_calendar","validationTypeCode":"none","displaySequence":"15","topOffset":"-1","leftOffset":"-1","height":"-1","width":"-1","mediaURLID":"-1","index":"15","bottomPadding":5,"displaytypecode":"l

Timestamp	Bytes transferred	Direction	Data
2024-10-24 13:09:35 UTC	1570	OUT	GET /apic/eventRegistration/EventServlet?eventid=4722034&sessionid=1&key=261F9AAF3C393FCA6149DB1F700CA1E1&random=0.19896211311822354&filter=json HTTP/1.1 Host: event.on24.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://event.on24.com/eventRegistration/EventLobbyServlet?target=lobby30.jsp&eventid=4722034&sessionid=1&format=fhvideo1&key=261F9AAF3C393FCA6149DB1F700CA1E1&eventuserid=714302665 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=NDYxMGM5Y2UtMjliYy00M2UyLWExMTktNjU5YjZiNzg2Y2Q5; sa-4722034=I/qCVOffkcuQ4WpPc13KW6Q71OdbAXpKWIINoEmW4QM=; BIGipServercons3_prd_wl_LNX=!e/t35nfho9/ctLuntfwALduEGSG61VKM7nrRaaC7J+g3rAbY8VgDgVG2JvOVMi8f4VvaOF/Vz5Lae0I=; ON24_Pool=cons3_prd_wl_LNX; BIGipServereventprd_apache=!vGhNrlPTl4PRrfkeSVii2HqB/dyrqzUUsGRevOCll0LOFnBOGDVeEBlxkp8EELKBlT4MBpuusjJZpd60cP08Qus0BOGQCkeiSkFpIQmpk9B+P0jTpwhSRTG8BdIuP26yg6zbG9vLbT+4lZJEoG9kZTgqXv7o1MI=; event4722034=F5bbavN+1TLmbDJ++AwbyGl1S+wD0bbfA7Bna7kHxuk=; TS0af49cbe027=082972b052ab20008be56fe0e8408218b85f3b1e92ddc036b8b218d814d28614065f62d70096361c08a38352b31130000ed2473073925211b556d54078f212920f9dc5b79d4ac4717c5b2677da939207129fc2785d01ce2044e211ca3a394d9e
2024-10-24 13:09:35 UTC	610	IN	HTTP/1.1 200 OK Server: openresty/1.21.4.1 Date: Thu, 24 Oct 2024 13:09:35 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close ProX-Cache-Status: HIT ProX-Response-Time: 0.000 Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: TS0af49cbe027=082972b052ab2000b2bd7df7cec31edf395a5ad980126088ae8cf7de15e66a8846d2ae61a70a733408bd6b68a2113000b8ebc3cd8a41d67a83712c3dcdec5b4c5e729a07e62ae447d3b3adcded8055f285e5ac30603525fc0b081b660b6d85c1; Path=/; SameSite=None; Secure
2024-10-24 13:09:35 UTC	14246	IN	Data Raw: 37 66 65 30 0d 0a 7b 22 65 76 65 6e 74 22 3a 7b 22 69 64 22 3a 22 34 37 32 32 30 33 34 22 2c 22 6e 61 6d 65 22 3a 22 6e 75 6c 6c 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4f 70 74 75 6d 20 50 61 79 65 72 20 4d 6f 6e 74 68 6c 79 20 50 50 53 20 50 52 53 20 57 65 62 69 6e 61 72 22 2c 22 6c 6f 63 61 6c 65 6c 61 6e 67 75 61 67 65 63 6f 64 65 22 3a 22 65 6e 22 2c 22 6c 6f 63 61 6c 65 63 6f 75 6e 74 72 79 63 6f 64 65 22 3a 22 6e 75 6c 6c 22 2c 22 63 6c 69 65 6e 74 69 64 22 3a 22 32 31 37 36 30 22 2c 22 63 6c 69 65 6e 74 6e 61 6d 65 22 3a 22 65 6c 69 74 65 75 68 67 6f 70 74 75 6d 64 65 6d 61 6e 64 67 65 6e 22 2c 22 64 69 73 70 6c 61 79 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 61 73 74 65 72 6e 20 53 74 61 6e 64 61 72 64 20 54 69 6d 65 22 2c 22 64 69 73 70 6c Data Ascii: 7fe0{"event":{"id":"4722034","name":"null","description":"Optum Payer Monthly PPS PRS Webinar","localelanguagecode":"en","localecountrycode":"null","clientid":"21760","clientname":"eliteuhgoptumdemandgen","displaytimezone":"Eastern Standard Time","displ
2024-10-24 13:09:35 UTC	1448	IN	Data Raw: 2c 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 6f 70 74 69 6f 6e 69 6e 66 6f 22 3a 7b 22 64 69 73 70 6c 61 79 65 6c 65 6d 65 6e 74 6f 70 74 69 6f 6e 22 3a 5b 5d 7d 7d 2c 22 70 6c 61 79 65 72 5f 73 6c 69 64 65 22 3a 7b 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 49 44 22 3a 22 32 34 30 30 32 38 31 36 30 22 2c 22 64 69 73 70 6c 61 79 45 6c 65 6d 65 6e 74 56 61 6c 75 65 22 3a 22 3c 63 6f 6e 66 69 67 3e 3c 70 61 72 61 6d 73 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 6c 6f 61 64 43 6f 6e 66 69 67 56 4f 46 72 6f 6d 58 4d 4c 5c 22 20 74 79 70 65 3d 5c 22 42 6f 6f 6c 65 61 6e 5c 22 3e 66 61 6c 73 65 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 70 65 72 73 69 73 74 65 6e 63 65 53 74 61 74 65 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 Data Ascii: ,"displayelementoptioninfo":{"displayelementoption":[]}},"player_slide":{"displayElementID":"240028160","displayElementValue":"<config><params><param name=\"loadConfigVOFromXML\" type=\"Boolean\">false</param><param name=\"persistenceState\" type=\"String
2024-10-24 13:09:35 UTC	16384	IN	Data Raw: 6f 6d 49 63 6f 6e 55 72 6c 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 5c 22 3e 68 74 74 70 73 3a 2f 2f 77 63 63 2e 6f 6e 32 34 2e 63 6f 6d 2f 65 76 65 6e 74 2f 34 37 2f 32 32 2f 30 33 2f 34 2f 72 74 2f 31 2f 69 6d 61 67 65 73 2f 63 75 73 74 6f 6d 5f 69 63 6f 6e 5f 35 32 34 37 32 33 32 32 2f 6f 6e 32 34 69 63 6f 6e 73 6c 69 64 65 2e 70 6e 67 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 74 69 74 6c 65 5c 22 20 74 79 70 65 3d 5c 22 53 74 72 69 6e 67 5c 22 3e 53 6c 69 64 65 73 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 64 65 66 61 75 6c 74 48 65 69 67 68 74 5c 22 20 74 79 70 65 3d 5c 22 4e 75 6d 62 65 72 5c 22 3e 34 38 30 3c 2f 70 61 72 61 6d 3e 3c 70 61 72 61 6d 20 6e 61 6d 65 3d 5c 22 64 6f 63 6b 54 6f 6f 6c Data Ascii: omIconUrl\" type=\"String\">https://wcc.on24.com/event/47/22/03/4/rt/1/images/custom_icon_52472322/on24iconslide.png</param><param name=\"title\" type=\"String\">Slides</param><param name=\"defaultHeight\" type=\"Number\">480</param><param name=\"dockTool
2024-10-24 13:09:35 UTC	671	IN	Data Raw: 32 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 20 74 65 78 74 2d 69 6e 64 65 6e 74 3a 20 30 70 78 3b 20 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 20 6e 6f 6e 65 3b 20 77 69 64 6f 77 73 3a 20 32 3b 20 77 6f 72 64 2d 73 70 61 63 69 6e 67 3a 20 30 70 78 3b 20 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 20 30 70 78 3b 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 72 6d 61 6c 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 74 68 69 63 6b 6e 65 73 73 3a 20 69 6e 69 74 69 61 6c 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 73 74 79 6c 65 3a 20 69 6e 69 74 69 61 6c 3b 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 63 6f 6c 6f 72 3a 20 69 6e 69 74 69 61 6c 3b 5c 22 3e 3c 6c 69 3e 50 72 6f 64 75 Data Ascii: 2; text-align: left; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;\"><li>Produ