Edit tour

Windows Analysis Report
https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58

Overview

General Information

Sample URL:	https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58
Analysis ID:	1541322

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 3492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,4718657842756889576,7756835815644795376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58

HTTP Parser: bmclane@burbankca.gov

Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid
Source: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	Sample URL: PII: bmclane@burbankca.gov&uid

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.175:443 -> 192.168.2.17:49756 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 25MB later: 32MB

Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: users.techtarget.com
Source: global traffic	DNS traffic detected: DNS query: optimizely.techtarget.com
Source: global traffic	DNS traffic detected: DNS query: cdn.ttgtmedia.com
Source: global traffic	DNS traffic detected: DNS query: cdn.optimizely.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: static.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: cdn3.optimizely.com
Source: global traffic	DNS traffic detected: DNS query: script.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: logx.optimizely.com
Source: global traffic	DNS traffic detected: DNS query: vc.hotjar.io

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.175:443 -> 192.168.2.17:49756 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@16/13@34/139

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,4718657842756889576,7756835815644795376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,4718657842756889576,7756835815644795376,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
logx.optimizely.com	34.49.241.189	true	false	unknown
cdn.optimizely.com	104.18.66.57	true	false	unknown
vc-live-cf.hotjar.io	18.66.112.110	true	false	unknown
script.hotjar.com	13.33.187.74	true	false	unknown
www.google.com	142.250.185.164	true	false	unknown
cdn3.optimizely.com	172.64.152.14	true	false	unknown
users-lb.techtarget.com	34.36.71.237	true	false	unknown
optiweb-lb.techtarget.com	34.117.196.52	true	false	unknown
static-cdn.hotjar.com	18.66.102.106	true	false	unknown
cdn.ttgtmedia.com	unknown	unknown	false	unknown
vc.hotjar.io	unknown	unknown	false	unknown
users.techtarget.com	unknown	unknown	false	unknown
static.hotjar.com	unknown	unknown	false	unknown
optimizely.techtarget.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.66.57	cdn.optimizely.com	United States	13335	CLOUDFLARENETUS	false
18.66.102.11	unknown	United States	3	MIT-GATEWAYSUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.65.57	unknown	United States	13335	CLOUDFLARENETUS	false
13.33.187.19	unknown	United States	16509	AMAZON-02US	false
104.18.12.178	unknown	United States	13335	CLOUDFLARENETUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
34.117.196.52	optiweb-lb.techtarget.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
18.66.102.106	static-cdn.hotjar.com	United States	3	MIT-GATEWAYSUS	false
142.250.185.138	unknown	United States	15169	GOOGLEUS	false
34.36.71.237	users-lb.techtarget.com	United States	2686	ATGS-MMD-ASUS	false
142.250.181.234	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
13.33.187.74	script.hotjar.com	United States	16509	AMAZON-02US	false
34.49.241.189	logx.optimizely.com	United States	2686	ATGS-MMD-ASUS	false
172.64.152.14	cdn3.optimizely.com	United States	13335	CLOUDFLARENETUS	false
142.250.186.40	unknown	United States	15169	GOOGLEUS	false
216.58.212.163	unknown	United States	15169	GOOGLEUS	false
142.250.185.72	unknown	United States	15169	GOOGLEUS	false
18.66.112.110	vc-live-cf.hotjar.io	United States	3	MIT-GATEWAYSUS	false

Private

IP
192.168.2.17
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541322
Start date and time:	2024-10-24 17:31:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@16/13@34/139

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.163, 74.125.133.84, 142.250.186.174
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58

LLM Input / Output

Input	Output
URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Unsubscribe bmclane@burbankcagov from:", "prominent_button_name": "Unsubscribe", "text_input_field_labels": [ "TechTarget Updates", "Unsubscribe me from all TechTarget emails. If you no longer wish to receive emails from TechTarget's network of sites, please select this box." ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Unsubscribe bmclane@burbankcagov from:", "prominent_button_name": "Unsubscribe", "text_input_field_labels": [ "bmclane@burbankcagov" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: claude-3-haiku-20240307	```json { "brands": [ "TechTarget" ] }
	```json { "brands": [ "TechTarget" ] }
URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: claude-3-haiku-20240307	```json { "brands": [ "TechTarget" ] }
	```json { "brands": [ "TechTarget" ] }
URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: gpt-4o	```json{ "legit_domain": "techtarget.com", "classification": "known", "reasons": [ "The brand 'TechTarget' is a known brand associated with the domain 'techtarget.com'.", "The URL 'users.techtarget.com' is a subdomain of 'techtarget.com', which is a legitimate domain for TechTarget.", "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.", "The email input field 'bmclane@burbankcagov' does not directly indicate phishing but should be verified for context." ], "riskscore": 2}
URL: users.techtarget.com Brands: TechTarget Input Fields: bmclane@burbankcagov
URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "bmclane@burbankcagov has been unsubscribed from all TechTarget emails", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58 Model: claude-3-haiku-20240307	```json { "brands": [ "TechTarget" ] }
	```json { "brands": [ "TechTarget" ] }

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.021676674504001
Encrypted:	false
SSDEEP:
MD5:	C987F9FEEA33D7267E299AA2317ED074
SHA1:	90A38393680236C8413EDA4496EE0C699D0004F3
SHA-256:	141C82CA9F45E9162631AB86908C857E1122A8564715C9591B62938F95108B89
SHA-512:	DE30F40B1639CB67260B22FD96D8995E77B6439F2524669E9CBAFF043D5E55702F2423DADC8FA851D6BCDE13CD9B2C79B61A4CE81B0093272907CB33EA863286
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IXY.{....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VXY.{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VXY.{....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VXY.{...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........T..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11880)
Category:	downloaded
Size (bytes):	13071
Entropy (8bit):	5.393565011853665
Encrypted:	false
SSDEEP:
MD5:	2B1BC8C727D4AD9F34F4057F4DF70F2E
SHA1:	9CEDD53216D32C176C0C756B6194E11C56F6F0EC
SHA-256:	3F09B56B19BE30E4E079B01EAE749CA911E269DE329DDE46B7E6FA28EB008D15
SHA-512:	90CF8AE6C72574906CD90ABC4069B504A1BDCD86E7B0531F1480CABD5BC741ABEFC74377D9FC8DDEC060E8E7BE648F8F32E8AC21FF14793C3886CC2937804B38
Malicious:	false
Reputation:	unknown
URL:	https://static.hotjar.com/c/hotjar-22351.js?sv=6
Preview:	window.hjSiteSettings = window.hjSiteSettings \|\| {"site_id":22351,"rec_value":3.999999997894577e-9,"state_change_listen_mode":"manual","record":true,"continuous_capture_enabled":true,"recording_capture_keystrokes":true,"session_capture_console_consent":true,"anonymize_digits":false,"anonymize_emails":false,"suppress_all":false,"suppress_all_on_specific_pages":[],"suppress_text":null,"suppress_location":false,"user_attributes_enabled":false,"legal_name":null,"privacy_policy_url":null,"deferred_page_contents":[],"record_targeting_rules":[],"feedback_widgets":[],"heatmaps":[],"polls":[],"integrations":{"optimizely":{"tag_recordings":false},"abtasty":{"tag_recordings":false},"kissmetrics":{"send_user_id":false},"mixpanel":{"send_events":false},"unbounce":{"tag_recordings":false},"hubspot":{"enabled":false,"send_recordings":false,"send_surveys":false}},"features":["ask.popover_redesign","client_script.compression.pc","error_reporting","feedback.embeddable_widget","feedback.widgetV2","feedba

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 337 x 84, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1457
Entropy (8bit):	7.834553451390694
Encrypted:	false
SSDEEP:
MD5:	B681EBD5B8B0156E79253B4FABF9CD71
SHA1:	11173BBE2DF8C9CC2384C9AD74B12BB9942F1234
SHA-256:	30B398D52EA57DE249B0CF55D8B327D9A883B26CF5A7519377307D46427D5123
SHA-512:	C3AA0495B35A853141F76B5B8A4F4AF6A63F5F31970704D94B50AD71E597CD3134B4D4CA74FD973FE2F4C7E108CB168DC3C5E1CD25969451C10F63C188D01E1B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...Q...T........v...!PLTE......L.......!........l.....8.\|Dq....KIDATh...W.X../...+o...QQ.UB@ZV0..@kiWD...@.......t.8vVX....Z.8?p.9.L...x...9..w..../_.\|....._..2..O..!}{%H#]...T...=<..eR..~..A...kx..7:"..O.H...W=.T....O.z....k......U.E..x..#....d<.Qr.w..H.=.........;.. .-RP....$<$..!.=G.".(.5.....1....{.4P.~`.....4.!.k...h.l7.....D..T.!/....&C^.M..L=KZB..;..f..atXr....V.&..H..>...R..<...M.Gf....._&..;..&bAP..JA........).......d:...l....w.(..91l..........H.......j..=...I.n.n..8+.=..'F..A..4.l....C..(;..e1.%...DEV...,....d#K:....vvd.XEXT..<..:}.x.7...8............2.../..:.R....P...<\Z......).(......j.........&-\|~to#.4_..L..w.....SIAS.D...T....>UJ."$...\|p.V.^.VK..E..i...S....F.....a'....y._.N./........`..LF....................@..... .........[..KHo...\`*wJ..p..r.......0.EIS...=../'x...7.qJ.K8)&N..>._..m.}.L.gi...z<....f5.s.x........Rn......E..`..<.#.&......;....]X.....z.......^:.....6(V.6.;...a9[....1..7h..7jl..

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32072)
Category:	dropped
Size (bytes):	93100
Entropy (8bit):	5.300526104474089
Encrypted:	false
SSDEEP:
MD5:	E0E0559014B222245DEB26B6AE8BD940
SHA1:	E2F3603E23711F6446F278A411D905623D65201E
SHA-256:	89A15E9C40BC6B14809F236EE8CD3ED1EA42393C1F6CA55C7855CD779B3F922E
SHA-512:	60740DA8F871B8263675DB2421B0E565FC18E95C772F7C3D5916F224263CD71A6A2E6ACCEAB2F6F8BA1C0607951F0198F525D87D0589FA57045B1D5F292DACF0
Malicious:	false
Reputation:	unknown
Preview:	/! jQuery v1.10.2 \| (c) 2005, 2013 jQuery Foundation, Inc. \| jquery.org/license.//@ sourceMappingURL=jquery.min.map./.(function(e,t){var n,r,i=typeof t,o=e.location,a=e.document,s=a.documentElement,l=e.jQuery,u=e.$,c={},p=[],f="1.10.2",d=p.concat,h=p.push,g=p.slice,m=p.indexOf,y=c.toString,v=c.hasOwnProperty,b=f.trim,x=function(e,t){return new x.fn.init(e,t,r)},w=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,T=/\S+/g,C=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,N=/^(?:\s(<[\w\W]+>)[^>]\|#([\w-]))$/,k=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,E=/^[\],:{}\s]$/,S=/(?:^\|:\|,)(?:\s\[)+/g,A=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,j=/"[^"\\\r\n]"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,D=/^-ms-/,L=/-([\da-z])/gi,H=function(e,t){return t.toUpperCase()},q=function(e){(a.addEventListener\|\|"load"===e.type\|\|"complete"===a.readyState)&&(_(),x.ready())},_=function(){a.addEventListener?(a.removeEventListener("DOMContentLoaded",q,!1),e.removeEventListener("load",q,!1)):(a.detachEvent("onreadystatechange",q)

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 5 x 10, 1-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.947702779220087
Encrypted:	false
SSDEEP:
MD5:	8333F68CCC1C4D3CF51DDC7707E9B4A9
SHA1:	A0AA884A70FB473208264D806A6B701A83D002A3
SHA-256:	68F4A6009B77EF6B5CC867F57D0095FF7DB697D95821FC747E5DAE6CECDF79B9
SHA-512:	9EF1671EC951F27EAE79A796DB3953D5C03FE3BFA240AD15D904D87C36E343732F3705428ED00C5CDBE1EDA63205A7D45BCB471F71D7F91725277FD10F25618D
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............F..s....PLTEGpL...........tRNS.@..f....IDAT..ch`.`.`P`p`.......?_......IEND.B`.

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, ASCII text
Category:	dropped
Size (bytes):	75390
Entropy (8bit):	4.635079781351428
Encrypted:	false
SSDEEP:
MD5:	C5F1E2458496E07BBC5385045CC80CB8
SHA1:	96E16A720003DF2A11C920AFE0C2A3839D739A99
SHA-256:	310E3ADD844A3CE7A3F1BACC958695DD4261F8259902D1B8BB55AEC7F72B3C93
SHA-512:	761B58D09783FA96488D3FFDE6C3DE4EFC78DFB358B059CEBDF63A3EB79134E51F006FD9CED2B824C689140788815BDF8507DD81209155F834D5844DBC97B07E
Malicious:	false
Reputation:	unknown
Preview:	/. Javascript library used for both full and inline registration use cases. . * . * Third party script dependencies:. * jQuery >= 1.7.1. * Phone Validation - requires googlibphonenumber.js. * ForMeter 1.2 (code at the bottom - modified) - requires JQuery. . /.var userreglib_build_version_date="b201 v4.59.3 2024-10-15 16:04Z";../* initial emailRegEx based on: https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email). * additional requirement - Domain portion must be a valid domain, defined as follows: . * - Enforces 253 char max domain length. * .- Must contain at least one dot. * - Must end in a TLD. * .- which can contain letters and number. * .- which cannot contain only numbers. * - Max of 127 subdivisions / "labels":. * .- max length of 63 characters per "label". * .- which can contain letters, numbers and dashes . * .- which must not start or end with a dash. / .var emailRegEx = /^[a-z0-9.!#$%&'+\/=?^_`{\|}~-]+@(?=.{4,253}$)([a-z0-9](?:[

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65450)
Category:	downloaded
Size (bytes):	226667
Entropy (8bit):	5.379258093221862
Encrypted:	false
SSDEEP:
MD5:	3D3BE78AC94E6B7EA2B5CDD79524A226
SHA1:	DF59266E5126570EB07E4572DB2E288D66DEB582
SHA-256:	E8D7CC2B6E93524746E8E404110E2522AF2E36914863A25C68CF059C12E71C77
SHA-512:	A87D578F8E1285A5C2325E8D20EACE959F57F17A27DCF34A6B46CEF734806729AC830D297D7C94B2C00034360F8812D101E233A967AF533404B24A8A3B2AC9D4
Malicious:	false
Reputation:	unknown
URL:	https://script.hotjar.com/modules.67d7d905831ab88336d0.js
Preview:	/! For license information please see modules.67d7d905831ab88336d0.js.LICENSE.txt /.!function(){var e={4788:function(e,t,n){"use strict";n.d(t,{s:function(){return r}});const r=Object.freeze({IDENTIFY_USER:"identify_user",AUTOTAG_RECORDING:"autotag_recording",TAG_RECORDING:"tag_recording",HEATMAP_HELO:"heatmap_helo",RECORDING_HELO:"recording_helo",REPORT_USER_ID:"report_user_id",MUTATION:"mutation",MOUSE_CLICK:"mouse_click",INPUT_CHOICE_CHANGE:"input_choice_change",KEY_PRESS:"key_press",MOUSE_MOVE:"mouse_move",RELATIVE_MOUSE_MOVE:"relative_mouse_move",CLIPBOARD:"clipboard",PAGE_VISIBILITY:"page_visibility",SCROLL_REACH:"scroll_reach",SCROLL:"scroll",SELECT_CHANGE:"select_change",VIEWPORT_RESIZE:"viewport_resize",SCRIPT_PERFORMANCE:"script_performance",REPORT_CONTENT:"report_content",INSERTED_RULE:"inserted_rule",DELETED_RULE:"deleted_rule"})},6939:function(e,t,n){"use strict";n.d(t,{f:function(){return f},W:function(){return g}});const r=Object.freeze({LIVE:"LIVE",REVIEW_WEBAPP:"REVI

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Category:	downloaded
Size (bytes):	7796
Entropy (8bit):	7.901495566722262
Encrypted:	false
SSDEEP:
MD5:	BFB2D568AA0016E570CA38843B067A73
SHA1:	1B3E36FDB8E0D48A0BD3197B4EE2BDE52A295EF1
SHA-256:	15D016FC47D0D1806F4F4538154924F957E85ABBCC2176B1F7F29C979399DEA2
SHA-512:	F50EE9DAA6156EBACB681597F3D081A520F4A055748FDA0309B4494468920516599680F0C8AD053D7462C91087BCC51CBA3DF01768ABB1635E05DF19D165B043
Malicious:	false
Reputation:	unknown
URL:	https://users.techtarget.com/favicon.ico
Preview:	............ .^........PNG........IHDR.............\r.f...%IDATx..y.\U......B.Y.aI."..}.DD...DdQ......:..2. ...#................. !....I/.?.STUWUw...........o.{...s.w..;`.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..c.1..cL.......?...=.4.....q7.C.gH..9..9....@w.O.........>]...................8`.`l....Q..G....z.. .......X.....ge.....K.%..X..Ygq....=c...f...3...L...c.\|.V.I:.Xd>-."..`!. \|.......E..0.}..>0..*.%0..(.....H..E....20....Y...`.hT.oB..I.v...m..g.......(...0.x.x6..M.. X......5.4`g`..y.Z..q....-........W..r@Z.,.5`.........M..Q.S....9._......W(5C..X..d.#...]......~.......-....G3.E..Y.,..5.1.......D^.Qn....x5......<..`1...b.c... .`4...o....@;..........-...r.~4.-......'... .......E.%i1...5.a..`.G.{...F_.b....n..A.u.........5..h.?.O...v..t7p;.0.Db......B._.....x/..#op..x......g4. .......d..;.x'.....-.....-....T..A..@...A......@.........f.s..}.`B.

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1009654
Entropy (8bit):	5.028858176811285
Encrypted:	false
SSDEEP:
MD5:	FB36E958BF8E55F3F464BABBC7C980F1
SHA1:	6C499536DED19096429189719584586A6B56A6F2
SHA-256:	4A1BAAACF20124D2F13272FBBB02A090414FC1A6C7382D82C304C5ECE690B24F
SHA-512:	6A4F884B0AA07E141B7571FF8EF8546B54727C8C5849A968DB7974FA5FBD376D90E6FC474FE9BA6101B74D77F4D84390248DC662A707937AEB91D0A7CF748805
Malicious:	false
Reputation:	unknown
URL:	https://cdn.ttgtmedia.com/rms/ux/responsive/css/main.css
Preview:	article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,video{display:inline-block;display:inline;zoom:1}audio:not([controls]){display:none;height:0}[hidden]{display:none}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}html,button,input,select,textarea{font-family:sans-serif}body{margin:0}a:active,a:hover{outline:0}h1{font-size:2em;margin:.67em 0}h2{font-size:1.5em;margin:.83em 0}h3{font-size:1.17em;margin:1em 0}h4{font-size:1em;margin:1.33em 0}h5{font-size:.83em;margin:1.67em 0}h6{font-size:.67em;margin:2.33em 0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:1em 40px}dfn{font-style:italic}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}mark{background:#ff0;color:#000}p,pre{margin:1em 0}code,kbd,pre,samp{font-family:monospace,serif;_font-family:"courier new",monospace;font-size:1em}pre{white-space:pre;white-space:pre-wrap;word-wrap:break-word}q{quotes:n

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65468)
Category:	dropped
Size (bytes):	960099
Entropy (8bit):	5.233511278469132
Encrypted:	false
SSDEEP:
MD5:	5E050A4126C05BE28F1A33967A9DE48D
SHA1:	9E2E9EAEEC32287460FCDE13135CED4DB5DF1F46
SHA-256:	915437C349E198285DE2AD19495867D534BC4818618C6A1BC486584519BBA6F3
SHA-512:	B560D168AEF8214C52D4E4AA47FBA61356C75F77A8454EB3B70E92BE6F6FDBE49A55C332EB9342341FF87E10A591FE55CD31949386198FAE2C7EA2DC2B7974A5
Malicious:	false
Reputation:	unknown
Preview:	/! For license information please see client.min.js.LICENSE.txt /.(function(){var __webpack_modules__={5251:function(t,n,e){var i;!function(r,o){"use strict";var a="function",u="undefined",c="object",s="string",f="model",l="name",d="type",v="vendor",h="version",p="architecture",g="console",m="mobile",_="tablet",w="smarttv",y="wearable",b="embedded",E="Amazon",I="Apple",A="ASUS",T="BlackBerry",S="Firefox",k="Google",R="Huawei",C="LG",N="Microsoft",D="Motorola",O="Opera",x="Samsung",M="Sharp",P="Sony",L="Xiaomi",U="Zebra",V="Facebook",F=function(t){for(var n={},e=0;e<t.length;e++)n[t[e].toUpperCase()]=t[e];return n},B=function(t,n){return typeof t===s&&-1!==z(n).indexOf(z(t))},z=function(t){return t.toLowerCase()},j=function(t,n){if(typeof t===s)return t=t.replace(/^\s\s*/,""),typeof n===u?t:t.substring(0,350)},G=function(t,n){for(var e,i,r,u,s,f,l=0;l<n.length&&!s;){var d=n[l],v=n[l+1];for(e=i=0;e<d.length&&!s&&d[e];)if(s=d[e++].exec(t))for(r=0;r<v.length;r++)f=s[++i],typeof(u=v[r])==

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18187)
Category:	downloaded
Size (bytes):	258117
Entropy (8bit):	5.565309755913402
Encrypted:	false
SSDEEP:
MD5:	156BC5C99EF272A0D0529562D7136671
SHA1:	DFA7071D79911C7C95D0862F97EBEBEEB9837CB1
SHA-256:	F3171BDB19EAAFB7581005E83C7D0D23826D25EC3610C98D97467CEC06751F64
SHA-512:	D185AE3198FC39CCD3FF6498D5FADEDED7EEFAC7496E6901B67B66C87ACA5CCEF879F30C7C3A1A2655EF7C9D9AA74C679052876816B11B0E4FF2E28629CE695E
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtm.js?id=GTM-PWWZSH
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]\|\|{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"127",. . "macros":[{"function":"__v","vtp_name":"gtm.elementClasses","vtp_dataLayerVersion":1},{"function":"__jsm","vtp_javascript":["template","(function(){var a=JSON,c=a.parse;a:{var d=\"ttConsentDataV2\\x3d\";for(var g=document.cookie.split(\";\"),e=0;e\u003Cg.length;e++){for(var b=g[e];\" \"==b.charAt(0);)b=b.substring(1,b.length);if(0===b.indexOf(d)){d=b.substring(d.length,b.length);break a}}d=null}a=c.call(a,d);c=[1,8];if(null!=localStorage.getItem(\"ccpaConsent\")\u0026\u0026localStorage.getItem(\"ccpaConsent\").length)return JSON.parse(localStorage.getItem(\"ccpaConsent\"));if(null!=a){if(0===Object.keys(a.consents).length\u0026\u0026a.consents.constructor===Object)return!1;\nfor(var f in c)if(null===a.consents[c[f]]\|\|void 0===a.consents[c[f]]\|\|!1===a.consents[c[f]])re

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (512), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	4888
Entropy (8bit):	5.357877163152327
Encrypted:	false
SSDEEP:
MD5:	49426735D8F4F90A6AA761750D1B23B3
SHA1:	9CD92589D1EDCF8DE4C1C793F45BEED5C96D0C9D
SHA-256:	6A7CE5659A5C31CD563C86118CCAD7923E099579F039C9D67B583E5F0545A728
SHA-512:	87043784E3F33D9EB2F515398AFFDD7FB0B17FBBAA9F2EE3F2EE86B3E5637C4DD46783D979C73578FF90466A908F43DECAF48610DFD0C963E9EA365E37E5EC8D
Malicious:	false
Reputation:	unknown
URL:	https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58
Preview:	<!DOCTYPE html>.<html class="no-js" lang="en">. . _____ _ _____ < Registration > _. [_ _]___ ___\| \|___ [_ _]__ _ ___ ___ ___ _\| \|_. \| \| / -_)/ _/\| _ \ \| \| / _' \\| _\|/ _ \/ -_)[_ _]. \|_\| \___\|\__\\|_\| \|_\| \|_\| \__,_\|\|_\| \_ \|\___\| \|_\|. \| \|. [__/.-->. Connected to pv-tomcatma30.techtarget.com @ 10.165.135.234 -->...... .. . Content for Block 258:0 -->. end -->................. .. . Content for Block 245:1 -->.<head>....<title>TechTarget</title>....<meta charset="utf-8">..<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">...<meta name="viewport" content="width=device-width, initial-scale=1">....<script src="https://optimizely.techtarget.com/optimizely-edge/17796810052" async></script>..<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>..<script src="/registration/js/user

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	310
Entropy (8bit):	4.946358064507749
Encrypted:	false
SSDEEP:
MD5:	82CF3C2C767DF2C5533E99BDF1BFC766
SHA1:	75C892A74C3A126945BF0B496F32FA9B5D41E7EA
SHA-256:	7A22CA7C7048878F6521D29D6BAFAD99995FA8FEC91CD5E19FA6731A86E91E6E
SHA-512:	231792B693C188A7999848BE692F23C21072348B18037228B4C23239FF41EDB5A19BC8EAE8E33563091B1D9EF61675765BD3A27C4E8167AEEBAB64EAED801126
Malicious:	false
Reputation:	unknown
Preview:	(function(){. window['optimizely'] = window['optimizely'] \|\| [];. window['optimizely'].push(['activateGeoDelayedExperiments', {. 'location':{. 'city': "KILLEEN",. 'continent': "NA",. 'country': "US",. 'region': "TX",. 'dma': "625". },. 'ip':"173.254.250.71". }]);.})..()..;

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 84

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 91

Chrome Cache Entry: 92

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 97

Static File Info

Windows Analysis Report
https://users.techtarget.com/registration/techtarget/Unsubscribe.page?lid=1736905&em=bmclane@burbankca.gov&uid=45959090&sci=15011359&smi=2b454132-093a-4663-a6dc-e3130bebcc58