Edit tour

Windows Analysis Report
https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event

Overview

General Information

Sample URL:	https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event
Analysis ID:	1505708
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML body contains low number of good links

HTML title does not match URL

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5888 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

• Phishing
• Software Vulnerabilities
• Networking
• System Summary
• Malware Analysis System Evasion
• Anti Debugging

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: Iframe src: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_808990_400717&as=VGKd6Zco5A1FJYtW0feKqQ&hl=en_US
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: Iframe src: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=1245&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_808906_527024&as=VGKd6Zco5A1FJYtW0feKqQ&hl=en_US
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: Iframe src: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=325px&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_808990_400717&as=VGKd6Zco5A1FJYtW0feKqQ&hl=en_US
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: Iframe src: https://accounts.google.com/gsi/button?logo_alignment=center&shape=pill&size=large&text=continue_with&theme=undefined&type=undefined&width=1245&client_id=990339570472-k6nqn1tpmitg8pui82bfaun3jrpmiuhs.apps.googleusercontent.com&iframe_id=gsi_808906_527024&as=VGKd6Zco5A1FJYtW0feKqQ&hl=en_US

Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp

HTTP Parser: Number of links: 0

HTTP Parser: Title: Sign In - Google Accounts does not match URL

HTTP Parser: <input type="password" .../> found

Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No favicon
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No favicon
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No favicon
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No favicon

Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="author".. found

Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found
Source: https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 51MB

Source: chromecache_699.2.dr, chromecache_488.2.dr	String found in binary or memory: http://feross.org
Source: chromecache_606.2.dr	String found in binary or memory: http://git.io/TrdQbw
Source: chromecache_485.2.dr, chromecache_626.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_831.2.dr	String found in binary or memory: http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating
Source: chromecache_831.2.dr	String found in binary or memory: http://paulirish.com/2011/requestanimationframe-for-smart-animating/
Source: chromecache_606.2.dr	String found in binary or memory: http://underscorejs.org
Source: chromecache_831.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/button
Source: chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/fedcm.json
Source: chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/fedcmcsp?client_id=
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/iframe/select
Source: chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/log
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/revoke
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/select
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/status
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/gsi/style
Source: chromecache_733.2.dr, chromecache_635.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_808.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth
Source: chromecache_772.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/%
Source: chromecache_630.2.dr	String found in binary or memory: https://cdn.cookielaw.org/consent/72570c5c-fe30-465f-b0e0-b77f7fb4ae34/OtAutoBlock.js
Source: chromecache_630.2.dr	String found in binary or memory: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Source: chromecache_630.2.dr	String found in binary or memory: https://cdn.media.netapp.com/images/admin/b816a21a-83da-42a5-a20a-4ef97c238def.jpg
Source: chromecache_630.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.7/handlebars.min.js
Source: chromecache_721.2.dr, chromecache_560.2.dr	String found in binary or memory: https://cke4.ckeditor.com/ckeditor4-secure-version/versions.json
Source: chromecache_721.2.dr, chromecache_560.2.dr	String found in binary or memory: https://ckeditor.com/ckeditor-4-support/
Source: chromecache_721.2.dr, chromecache_560.2.dr	String found in binary or memory: https://ckeditor.com/docs/ckeditor4/latest/guide/dev_errors.html#
Source: chromecache_721.2.dr, chromecache_883.2.dr, chromecache_560.2.dr, chromecache_685.2.dr	String found in binary or memory: https://ckeditor.com/legal/ckeditor-oss-license
Source: chromecache_721.2.dr, chromecache_560.2.dr	String found in binary or memory: https://ckeditor.com/legal/ckeditor-oss-license/
Source: chromecache_808.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration
Source: chromecache_808.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)
Source: chromecache_808.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#display_moment
Source: chromecache_808.2.dr	String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment
Source: chromecache_488.2.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_630.2.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Roboto
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_824.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_891.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/publicsans/v15/ijwRs572Xtc6ZYQws9YVwnNGfJ4.woff2)
Source: chromecache_891.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/publicsans/v15/ijwRs572Xtc6ZYQws9YVwnNIfJ7Cww.woff2)
Source: chromecache_891.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/publicsans/v15/ijwRs572Xtc6ZYQws9YVwnNJfJ7Cww.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19-7DRs5.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-1927DRs5.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-1967DRs5.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19G7DRs5.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2)
Source: chromecache_589.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2)
Source: chromecache_605.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_831.2.dr	String found in binary or memory: https://gist.github.com/paulirish/1579671
Source: chromecache_831.2.dr	String found in binary or memory: https://github.com/darius/requestAnimationFrame/blob/master/requestAnimationFrame.js
Source: chromecache_732.2.dr, chromecache_409.2.dr	String found in binary or memory: https://github.com/emn178/js-md5
Source: chromecache_732.2.dr, chromecache_409.2.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: chromecache_831.2.dr	String found in binary or memory: https://github.com/jasonmayes/mdl-component-design-pattern
Source: chromecache_850.2.dr, chromecache_723.2.dr, chromecache_838.2.dr, chromecache_892.2.dr	String found in binary or memory: https://github.com/twitter/typeahead.js
Source: chromecache_865.2.dr, chromecache_657.2.dr	String found in binary or memory: https://help.x.com/rules-and-policies/twitter-cookies
Source: chromecache_495.2.dr	String found in binary or memory: https://jarvis.corp.linkedin.com/codesearch/result/?path=flock-templates%2Fflock%2Femail%2Femail_ser
Source: chromecache_772.2.dr	String found in binary or memory: https://maps-api-ssl.google.com/maps?jsapiRedirect=true&file=googleapi
Source: chromecache_772.2.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js?jsapiRedirect=true
Source: chromecache_630.2.dr	String found in binary or memory: https://media.netapp.com/4dc67a73-6882-58f8-94e4-73425da86ecb
Source: chromecache_808.2.dr	String found in binary or memory: https://meet.google.com
Source: chromecache_733.2.dr, chromecache_635.2.dr, chromecache_808.2.dr	String found in binary or memory: https://oauth2.googleapis.com/revoke
Source: chromecache_721.2.dr, chromecache_560.2.dr	String found in binary or memory: https://pdf-converter.cke-cs.com/v1/convert;exportPdf_tokenUrl;responseText;processingDocument;src;f
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1a
Source: chromecache_595.2.dr	String found in binary or memory: https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1a
Source: chromecache_511.2.dr	String found in binary or memory: https://support.x.com/articles/14016
Source: chromecache_511.2.dr	String found in binary or memory: https://support.x.com/articles/18311
Source: chromecache_511.2.dr	String found in binary or memory: https://support.x.com/articles/20172060
Source: chromecache_721.2.dr, chromecache_560.2.dr	String found in binary or memory: https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js
Source: chromecache_878.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/bundle.NetworkInstrument
Source: chromecache_759.2.dr, chromecache_654.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/en.890223da.js.map
Source: chromecache_702.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioDock.a67cd1d
Source: chromecache_551.2.dr, chromecache_726.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.SideNav.4dd4a93a.
Source: chromecache_502.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.richScribeAction.
Source: chromecache_732.2.dr, chromecache_409.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/main.7f68fe9a.js.map
Source: chromecache_561.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.audio.889cd12a.j
Source: chromecache_807.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.common.8d74434a.
Source: chromecache_875.2.dr, chromecache_425.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.Dropdown.05f2d8
Source: chromecache_768.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.s.adb50cca.js.m
Source: chromecache_572.2.dr, chromecache_812.2.dr, chromecache_684.2.dr, chromecache_703.2.dr, chromecache_484.2.dr, chromecache_429.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AccountAna
Source: chromecache_486.2.dr, chromecache_456.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Articles~b
Source: chromecache_534.2.dr, chromecache_794.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AudioSpace
Source: chromecache_919.2.dr, chromecache_921.2.dr, chromecache_798.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Communitie
Source: chromecache_511.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ExtendedUs
Source: chromecache_550.2.dr, chromecache_668.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.LiveEvent~
Source: chromecache_614.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ReaderMode
Source: chromecache_855.2.dr, chromecache_634.2.dr, chromecache_854.2.dr, chromecache_718.2.dr, chromecache_868.2.dr, chromecache_790.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.SettingsPr
Source: chromecache_787.2.dr, chromecache_649.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ShareJob~b
Source: chromecache_452.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Topics~bun
Source: chromecache_710.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.UserFollow
Source: chromecache_865.2.dr, chromecache_767.2.dr, chromecache_657.2.dr, chromecache_469.2.dr, chromecache_681.2.dr, chromecache_496.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AppModules
Source: chromecache_705.2.dr, chromecache_912.2.dr, chromecache_773.2.dr, chromecache_436.2.dr, chromecache_711.2.dr, chromecache_490.2.dr, chromecache_694.2.dr, chromecache_546.2.dr, chromecache_839.2.dr, chromecache_669.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AudioDock~
Source: chromecache_625.2.dr, chromecache_552.2.dr, chromecache_735.2.dr, chromecache_631.2.dr, chromecache_524.2.dr, chromecache_738.2.dr, chromecache_507.2.dr, chromecache_848.2.dr, chromecache_777.2.dr, chromecache_437.2.dr, chromecache_869.2.dr, chromecache_653.2.dr, chromecache_467.2.dr, chromecache_447.2.dr, chromecache_903.2.dr, chromecache_459.2.dr, chromecache_667.2.dr, chromecache_547.2.dr, chromecache_624.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DMDrawer~b
Source: chromecache_686.2.dr, chromecache_441.2.dr, chromecache_426.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DashMenu~l
Source: chromecache_736.2.dr, chromecache_849.2.dr, chromecache_570.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.SideNav~bu
Source: chromecache_835.2.dr, chromecache_699.2.dr, chromecache_752.2.dr, chromecache_488.2.dr, chromecache_739.2.dr, chromecache_920.2.dr, chromecache_788.2.dr, chromecache_642.2.dr, chromecache_414.2.dr, chromecache_795.2.dr, chromecache_813.2.dr, chromecache_737.2.dr, chromecache_553.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.Typeahead~
Source: chromecache_476.2.dr, chromecache_556.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.directMess
Source: chromecache_487.2.dr, chromecache_608.2.dr, chromecache_445.2.dr, chromecache_816.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~ondemand.Settings
Source: chromecache_606.2.dr	String found in binary or memory: https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/vendor.6929bc4a.js.map
Source: chromecache_495.2.dr	String found in binary or memory: https://www.figma.com/file/egkKv7mudRwk2dVPM0WCR6/NBA-Digest-Email?type=design&node-id=2927-186236&t
Source: chromecache_772.2.dr	String found in binary or memory: https://www.gstatic.cn/charts/%
Source: chromecache_772.2.dr	String found in binary or memory: https://www.gstatic.cn/charts/debug/%
Source: chromecache_772.2.dr	String found in binary or memory: https://www.gstatic.com/charts/%
Source: chromecache_772.2.dr	String found in binary or memory: https://www.gstatic.com/charts/debug/%
Source: chromecache_772.2.dr	String found in binary or memory: https://www.gstatic.com/inputtools/js/ita/inputtools_3.js
Source: chromecache_734.2.dr	String found in binary or memory: https://www.netapp.com/company/legal/cookie-policy/
Source: chromecache_759.2.dr, chromecache_654.2.dr	String found in binary or memory: https://x.com/en/privacy

Source: classification engine

Classification label: clean2.win@32/763@0/65

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: chromecache_588.2.dr

Binary or memory string: fgG1VWloj6UMnIaCC2l1UUvH9hRchGfs8ThLWcFFVyB5aLsL0B1S6NIFjvFAXd9FlFsXXGQQ1725

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Extra Window Memory Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://developers.google.com/identity/gsi/web/guides/fedcm-migration	0%	URL Reputation	safe
https://meet.google.com	0%	URL Reputation	safe
https://help.x.com/rules-and-policies/twitter-cookies	0%	URL Reputation	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1a	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1a	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.directMess	0%	Avira URL Cloud	safe
http://underscorejs.org	0%	Avira URL Cloud	safe
https://support.x.com/articles/14016	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.common.8d74434a.	0%	Avira URL Cloud	safe
http://jqueryui.com	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1a	0%	Avira URL Cloud	safe
https://cdn.media.netapp.com/images/admin/b816a21a-83da-42a5-a20a-4ef97c238def.jpg	0%	Avira URL Cloud	safe
http://paulirish.com/2011/requestanimationframe-for-smart-animating/	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.s.adb50cca.js.m	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/main.7f68fe9a.js.map	0%	Avira URL Cloud	safe
https://x.com/en/privacy	0%	Avira URL Cloud	safe
https://ckeditor.com/ckeditor-4-support/	0%	Avira URL Cloud	safe
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment	0%	Avira URL Cloud	safe
http://git.io/TrdQbw	0%	Avira URL Cloud	safe
https://ckeditor.com/legal/ckeditor-oss-license/	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AppModules	0%	Avira URL Cloud	safe
https://www.gstatic.cn/charts/%	0%	Avira URL Cloud	safe
https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.7/handlebars.min.js	0%	Avira URL Cloud	safe
https://github.com/focus-trap/tabbable/blob/master/LICENSE	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Articles~b	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AccountAna	0%	Avira URL Cloud	safe
https://ckeditor.com/legal/ckeditor-oss-license	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/vendor.6929bc4a.js.map	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1a	0%	Avira URL Cloud	safe
https://cke4.ckeditor.com/ckeditor4-secure-version/versions.json	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.Dropdown.05f2d8	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Communitie	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DMDrawer~b	0%	Avira URL Cloud	safe
https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.	0%	Avira URL Cloud	safe
https://github.com/emn178/js-md5	0%	Avira URL Cloud	safe
https://github.com/darius/requestAnimationFrame/blob/master/requestAnimationFrame.js	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/bundle.NetworkInstrument	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AudioSpace	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1a	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1a	0%	Avira URL Cloud	safe
http://www.apache.org/licenses/LICENSE-2.0	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.UserFollow	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1a	0%	Avira URL Cloud	safe
https://maps-api-ssl.google.com/maps?jsapiRedirect=true&file=googleapi	0%	Avira URL Cloud	safe
http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ExtendedUs	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.Typeahead~	0%	Avira URL Cloud	safe
https://github.com/twitter/typeahead.js	0%	Avira URL Cloud	safe
https://support.x.com/articles/18311	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.SideNav.4dd4a93a.	0%	Avira URL Cloud	safe
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)	0%	Avira URL Cloud	safe
https://gist.github.com/paulirish/1579671	0%	Avira URL Cloud	safe
https://www.gstatic.cn/charts/debug/%	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.richScribeAction.	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioDock.a67cd1d	0%	Avira URL Cloud	safe
https://getbootstrap.com/)	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AudioDock~	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~ondemand.Settings	0%	Avira URL Cloud	safe
https://github.com/jasonmayes/mdl-component-design-pattern	0%	Avira URL Cloud	safe
https://jarvis.corp.linkedin.com/codesearch/result/?path=flock-templates%2Fflock%2Femail%2Femail_ser	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1a	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.SideNav~bu	0%	Avira URL Cloud	safe
https://media.netapp.com/4dc67a73-6882-58f8-94e4-73425da86ecb	0%	Avira URL Cloud	safe
https://feross.org/opensource	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DashMenu~l	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.LiveEvent~	0%	Avira URL Cloud	safe
https://support.x.com/articles/20172060	0%	Avira URL Cloud	safe
https://ckeditor.com/docs/ckeditor4/latest/guide/dev_errors.html#	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.SettingsPr	0%	Avira URL Cloud	safe
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1a	0%	Avira URL Cloud	safe
https://cdn.cookielaw.org/consent/72570c5c-fe30-465f-b0e0-b77f7fb4ae34/OtAutoBlock.js	0%	Avira URL Cloud	safe
https://www.netapp.com/company/legal/cookie-policy/	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ShareJob~b	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Topics~bun	0%	Avira URL Cloud	safe
https://www.figma.com/file/egkKv7mudRwk2dVPM0WCR6/NBA-Digest-Email?type=design&node-id=2927-186236&t	0%	Avira URL Cloud	safe
http://feross.org	0%	Avira URL Cloud	safe
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#display_moment	0%	Avira URL Cloud	safe
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/en.890223da.js.map	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.audio.889cd12a.j	0%	Avira URL Cloud	safe
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ReaderMode	0%	Avira URL Cloud	safe

Name	Malicious	Reputation
https://media.netapp.com/?mcid=39550057820123940091334423181224744009	false	unknown
https://www.linkedin.com/authwall?trk=bf&trkInfo=AQEUFEDj3irsGAAAAZHH6K-oFjvLG7C5wgkkNPHGgioGaRQrvxCjIcyHBEKnsAwH1OKSYhwbCN3yoR_TN6tceEogcUYW6gi1QezH_RRvCJf4qvZHbYblLw9ekRURulxGSW9CqJs=&original_referer=&sessionRedirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fnetapp	false	unknown
https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event	false	unknown
https://x.com/netapp?mx=2	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.common.8d74434a.	chromecache_807.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.directMess	chromecache_476.2.dr, chromecache_556.2.dr	false	Avira URL Cloud: safe	unknown
http://underscorejs.org	chromecache_606.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
http://paulirish.com/2011/requestanimationframe-for-smart-animating/	chromecache_831.2.dr	false	Avira URL Cloud: safe	unknown
https://support.x.com/articles/14016	chromecache_511.2.dr	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	chromecache_485.2.dr, chromecache_626.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.media.netapp.com/images/admin/b816a21a-83da-42a5-a20a-4ef97c238def.jpg	chromecache_630.2.dr	false	Avira URL Cloud: safe	unknown
https://x.com/en/privacy	chromecache_759.2.dr, chromecache_654.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.s.adb50cca.js.m	chromecache_768.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AppModules	chromecache_865.2.dr, chromecache_767.2.dr, chromecache_657.2.dr, chromecache_469.2.dr, chromecache_681.2.dr, chromecache_496.2.dr	false	Avira URL Cloud: safe	unknown
https://ckeditor.com/legal/ckeditor-oss-license/	chromecache_721.2.dr, chromecache_560.2.dr	false	Avira URL Cloud: safe	unknown
https://www.gstatic.cn/charts/%	chromecache_772.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment	chromecache_808.2.dr	false	Avira URL Cloud: safe	unknown
https://ckeditor.com/ckeditor-4-support/	chromecache_721.2.dr, chromecache_560.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/main.7f68fe9a.js.map	chromecache_732.2.dr, chromecache_409.2.dr	false	Avira URL Cloud: safe	unknown
http://git.io/TrdQbw	chromecache_606.2.dr	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.7.7/handlebars.min.js	chromecache_630.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/focus-trap/tabbable/blob/master/LICENSE	chromecache_732.2.dr, chromecache_409.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Articles~b	chromecache_486.2.dr, chromecache_456.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration	chromecache_808.2.dr	false	URL Reputation: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AccountAna	chromecache_572.2.dr, chromecache_812.2.dr, chromecache_684.2.dr, chromecache_703.2.dr, chromecache_484.2.dr, chromecache_429.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/vendor.6929bc4a.js.map	chromecache_606.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/ondemand.Dropdown.05f2d8	chromecache_875.2.dr, chromecache_425.2.dr	false	Avira URL Cloud: safe	unknown
https://meet.google.com	chromecache_808.2.dr	false	URL Reputation: safe	unknown
https://ckeditor.com/legal/ckeditor-oss-license	chromecache_721.2.dr, chromecache_883.2.dr, chromecache_560.2.dr, chromecache_685.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://cke4.ckeditor.com/ckeditor4-secure-version/versions.json	chromecache_721.2.dr, chromecache_560.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DMDrawer~b	chromecache_625.2.dr, chromecache_552.2.dr, chromecache_735.2.dr, chromecache_631.2.dr, chromecache_524.2.dr, chromecache_738.2.dr, chromecache_507.2.dr, chromecache_848.2.dr, chromecache_777.2.dr, chromecache_437.2.dr, chromecache_869.2.dr, chromecache_653.2.dr, chromecache_467.2.dr, chromecache_447.2.dr, chromecache_903.2.dr, chromecache_459.2.dr, chromecache_667.2.dr, chromecache_547.2.dr, chromecache_624.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Communitie	chromecache_919.2.dr, chromecache_921.2.dr, chromecache_798.2.dr	false	Avira URL Cloud: safe	unknown
https://help.x.com/rules-and-policies/twitter-cookies	chromecache_865.2.dr, chromecache_657.2.dr	false	URL Reputation: safe	unknown
https://svc.webspellchecker.net/spellcheck31/wscbundle/wscbundle.js	chromecache_721.2.dr, chromecache_560.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/darius/requestAnimationFrame/blob/master/requestAnimationFrame.js	chromecache_831.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/emn178/js-md5	chromecache_732.2.dr, chromecache_409.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/bundle.NetworkInstrument	chromecache_878.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.AudioSpace	chromecache_534.2.dr, chromecache_794.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	chromecache_831.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.UserFollow	chromecache_710.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://maps-api-ssl.google.com/maps?jsapiRedirect=true&file=googleapi	chromecache_772.2.dr	false	Avira URL Cloud: safe	unknown
http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating	chromecache_831.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ExtendedUs	chromecache_511.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.Typeahead~	chromecache_835.2.dr, chromecache_699.2.dr, chromecache_752.2.dr, chromecache_488.2.dr, chromecache_739.2.dr, chromecache_920.2.dr, chromecache_788.2.dr, chromecache_642.2.dr, chromecache_414.2.dr, chromecache_795.2.dr, chromecache_813.2.dr, chromecache_737.2.dr, chromecache_553.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twitter/typeahead.js	chromecache_850.2.dr, chromecache_723.2.dr, chromecache_838.2.dr, chromecache_892.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)	chromecache_808.2.dr	false	Avira URL Cloud: safe	unknown
https://support.x.com/articles/18311	chromecache_511.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.SideNav.4dd4a93a.	chromecache_551.2.dr, chromecache_726.2.dr	false	Avira URL Cloud: safe	unknown
https://gist.github.com/paulirish/1579671	chromecache_831.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.richScribeAction.	chromecache_502.2.dr	false	Avira URL Cloud: safe	unknown
https://www.gstatic.cn/charts/debug/%	chromecache_772.2.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_605.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/loader.AudioDock.a67cd1d	chromecache_702.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.AudioDock~	chromecache_705.2.dr, chromecache_912.2.dr, chromecache_773.2.dr, chromecache_436.2.dr, chromecache_711.2.dr, chromecache_490.2.dr, chromecache_694.2.dr, chromecache_546.2.dr, chromecache_839.2.dr, chromecache_669.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~ondemand.Settings	chromecache_487.2.dr, chromecache_608.2.dr, chromecache_445.2.dr, chromecache_816.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/jasonmayes/mdl-component-design-pattern	chromecache_831.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://jarvis.corp.linkedin.com/codesearch/result/?path=flock-templates%2Fflock%2Femail%2Femail_ser	chromecache_495.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.SideNav~bu	chromecache_736.2.dr, chromecache_849.2.dr, chromecache_570.2.dr	false	Avira URL Cloud: safe	unknown
https://media.netapp.com/4dc67a73-6882-58f8-94e4-73425da86ecb	chromecache_630.2.dr	false	Avira URL Cloud: safe	unknown
https://feross.org/opensource	chromecache_488.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~loader.DashMenu~l	chromecache_686.2.dr, chromecache_441.2.dr, chromecache_426.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.LiveEvent~	chromecache_550.2.dr, chromecache_668.2.dr	false	Avira URL Cloud: safe	unknown
https://support.x.com/articles/20172060	chromecache_511.2.dr	false	Avira URL Cloud: safe	unknown
https://ckeditor.com/docs/ckeditor4/latest/guide/dev_errors.html#	chromecache_721.2.dr, chromecache_560.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/consent/72570c5c-fe30-465f-b0e0-b77f7fb4ae34/OtAutoBlock.js	chromecache_630.2.dr	false	Avira URL Cloud: safe	unknown
https://static.rainfocus.com/google-fonts/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1a	chromecache_595.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.SettingsPr	chromecache_855.2.dr, chromecache_634.2.dr, chromecache_854.2.dr, chromecache_718.2.dr, chromecache_868.2.dr, chromecache_790.2.dr	false	Avira URL Cloud: safe	unknown
https://www.netapp.com/company/legal/cookie-policy/	chromecache_734.2.dr	false	Avira URL Cloud: safe	unknown
https://www.figma.com/file/egkKv7mudRwk2dVPM0WCR6/NBA-Digest-Email?type=design&node-id=2927-186236&t	chromecache_495.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ShareJob~b	chromecache_787.2.dr, chromecache_649.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.Topics~bun	chromecache_452.2.dr	false	Avira URL Cloud: safe	unknown
http://feross.org	chromecache_699.2.dr, chromecache_488.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#display_moment	chromecache_808.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/modules.audio.889cd12a.j	chromecache_561.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/i18n/en.890223da.js.map	chromecache_759.2.dr, chromecache_654.2.dr	false	Avira URL Cloud: safe	unknown
https://ton.local.twitter.com/responsive-web-internal/sourcemaps/client-web/shared~bundle.ReaderMode	chromecache_614.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js	chromecache_630.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.244.42.129	unknown	United States	13414	TWITTERUS	false
54.194.4.22	unknown	United States	16509	AMAZON-02US	false
152.199.21.118	unknown	United States	15133	EDGECASTUS	false
172.217.16.138	unknown	United States	15169	GOOGLEUS	false
146.75.120.159	unknown	Sweden	30051	SCCGOVUS	false
146.75.120.158	unknown	Sweden	30051	SCCGOVUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
2.18.64.23	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
142.251.168.84	unknown	United States	15169	GOOGLEUS	false
18.65.39.103	unknown	United States	3	MIT-GATEWAYSUS	false
3.165.206.108	unknown	United States	16509	AMAZON-02US	false
104.18.32.137	unknown	United States	13335	CLOUDFLARENETUS	false
18.65.39.56	unknown	United States	3	MIT-GATEWAYSUS	false
99.81.94.253	unknown	United States	16509	AMAZON-02US	false
104.244.43.131	unknown	United States	54113	FASTLYUS	false
54.203.153.49	unknown	United States	16509	AMAZON-02US	false
54.78.78.173	unknown	United States	16509	AMAZON-02US	false
142.250.186.74	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
104.18.87.42	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
74.125.71.84	unknown	United States	15169	GOOGLEUS	false
99.86.4.87	unknown	United States	16509	AMAZON-02US	false
18.239.50.28	unknown	United States	16509	AMAZON-02US	false
172.64.155.119	unknown	United States	13335	CLOUDFLARENETUS	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.253.72	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.195	unknown	United States	15169	GOOGLEUS	false
172.217.16.196	unknown	United States	15169	GOOGLEUS	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false
18.239.50.95	unknown	United States	16509	AMAZON-02US	false
13.32.110.12	unknown	United States	16509	AMAZON-02US	false
184.28.89.29	unknown	United States	16625	AKAMAI-ASUS	false
99.86.4.32	unknown	United States	16509	AMAZON-02US	false
18.239.36.69	unknown	United States	16509	AMAZON-02US	false
13.107.246.60	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.0.6	unknown	United States	32934	FACEBOOKUS	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
18.165.140.44	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
152.199.21.141	unknown	United States	15133	EDGECASTUS	false
172.217.18.10	unknown	United States	15169	GOOGLEUS	false
18.239.69.39	unknown	United States	16509	AMAZON-02US	false
74.125.250.129	unknown	United States	15169	GOOGLEUS	false
13.225.78.30	unknown	United States	16509	AMAZON-02US	false
104.244.42.66	unknown	United States	13414	TWITTERUS	false
216.58.212.132	unknown	United States	15169	GOOGLEUS	false
18.245.86.73	unknown	United States	16509	AMAZON-02US	false
13.33.187.69	unknown	United States	16509	AMAZON-02US	false
13.227.219.102	unknown	United States	16509	AMAZON-02US	false
13.33.187.29	unknown	United States	16509	AMAZON-02US	false
104.244.42.194	unknown	United States	13414	TWITTERUS	false
104.244.42.193	unknown	United States	13414	TWITTERUS	false
64.233.167.84	unknown	United States	15169	GOOGLEUS	false
152.199.22.144	unknown	United States	15133	EDGECASTUS	false
52.222.236.71	unknown	United States	16509	AMAZON-02US	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
63.35.95.89	unknown	United States	16509	AMAZON-02US	false
18.239.69.46	unknown	United States	16509	AMAZON-02US	false
18.239.83.129	unknown	United States	16509	AMAZON-02US	false
172.66.0.227	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1505708
Start date and time:	2024-09-06 17:15:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@32/763@0/65
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.netapp.tv/?mcid=39550057820123940091334423181224744009 Browse: https://www.linkedin.com/company/netapp Browse: https://twitter.com/netapp

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=14, height=1620, bps=182, compression=none, PhotometricIntepretation=RGB, orientation=upper-left, width=2880], baseline, precision 8, 800x450, components 3
Category:	dropped
Size (bytes):	81652
Entropy (8bit):	7.872102147034695
Encrypted:	false
SSDEEP:	1536:1IE9CrdfftRBVnZfD+f0TpffffffOffIBmSgCX2PeXJZXfzksfffz/OfQInY6PyB:5CdfftRBVZfSf0TpffffffOffknbLZZp
MD5:	DBE7566578238BBBBB8219061E5F2218
SHA1:	5CED3C268FE51CB49EC2E2100F30E9C912119CD4
SHA-256:	03CD6C2276ED33E32884F95BC7F67CD06F071D5062D5C49BCF2FA329B09856AF
SHA-512:	C6CF4CC68FFB3D22061BC023396ACE489C56C45D401308358EEA70A3D406D26987C5B54D0CCB3BF8FA358DE2C43A6FC443299E220E1FE8B5B0A13ABEDB650FA8
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H......Photoshop 3.0.8BIM.%......................8BIM.:....................printOutput........PstSbool.....Inteenum....Inte....Clrm....printSixteenBitbool.....printerNameTEXT..........printProofSetupObjc.....P.r.o.o.f. .S.e.t.u.p......proofSetup........Bltnenum....builtinProof....proofCMYK.8BIM.;.....-..............printOutputOptions........Cptnbool.....Clbrbool.....RgsMbool.....CrnCbool.....CntCbool.....Lblsbool.....Ngtvbool.....EmlDbool.....Intrbool.....BckgObjc..........RGBC........Rd doub@o..........Grn doub@o..........Bl doub@o..........BrdTUntF#Rlt............Bld UntF#Rlt............RsltUntF#Pxl@R..........vectorDatabool.....PgPsenum....PgPs....PgPC....LeftUntF#Rlt............Top UntF#Rlt............Scl UntF#Prc@Y..........cropWhenPrintingbool.....cropRectBottomlong........cropRectLeftlong........cropRectRightlong........cropRectToplong.....8BIM.........H.......H......8BIM.&................?...8BIM............8BIM............8BIM..................8BIM'.........

Target ID:	0
Start time:	11:15:54
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	11:15:56
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	11:15:59
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	7
Start time:	11:16:44
Start date:	06/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5604 --field-trial-handle=2216,i,1665181333480725792,11914297920838769441,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65476)
Category:	downloaded
Size (bytes):	13918010
Entropy (8bit):	5.6540654768486975
Encrypted:	false
SSDEEP:	393216:OSjyrFUwsKjjWT+A4vM03iaQsywo2wvazqFPv:OBria35qV
MD5:	5F7AAC1AB3B3A7C8C7186168C1AD10F3
SHA1:	9402F279E84CFDCDEFD7B3D0F61319DCD8C677D4
SHA-256:	25E7BAE8293653CAE08338D21AFD34CCEB9AC15695F5BB0A62827C61F563DBDB
SHA-512:	B89E0EE5421EEA46C10AC97135E34816AFBE28E1368D260E6F0B8E54EFBD30DB969FF44EB378522C910B93EF8C1A90616DF04D555F141867C7599B6C5ABB2BBC
Malicious:	false
Reputation:	low
URL:	https://cdn-events.rainfocus.com/js/bundle.js?ver=2.1.20240904170955.c1f512984
Preview:	/! For license information please see bundle.js.LICENSE /.!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p='<%= "local".equals(request.getParameter("

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 406

Chrome Cache Entry: 407

Chrome Cache Entry: 408

Chrome Cache Entry: 409

Chrome Cache Entry: 411

Chrome Cache Entry: 414

Chrome Cache Entry: 415

Chrome Cache Entry: 416

Chrome Cache Entry: 417

Chrome Cache Entry: 418

Chrome Cache Entry: 421

Chrome Cache Entry: 422

Chrome Cache Entry: 423

Chrome Cache Entry: 424

Chrome Cache Entry: 425

Chrome Cache Entry: 426

Chrome Cache Entry: 427

Chrome Cache Entry: 429

Chrome Cache Entry: 430

Chrome Cache Entry: 431

Chrome Cache Entry: 432

Chrome Cache Entry: 433

Chrome Cache Entry: 434

Chrome Cache Entry: 435

Chrome Cache Entry: 436

Chrome Cache Entry: 437

Windows Analysis Report
https://reg.rainfocus.com/flow/netapp/wruk/Reg/page/Registration/?utm_campaign=cross-spondwa-all-all-uk-event-cse-screenuk-8242&utm_source=mkto&utm_medium=email&utm_content=live-event