Edit tour

Windows Analysis Report
https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC

Overview

General Information

Sample URL:	https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUK
Analysis ID:	1431283
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML page contains hidden URLs or javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5488 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262

HTTP Parser: Base64 decoded: .cloudos-alert .alert-main-content .alert-icon{background-image:url("blob:https://www.icloud.com/0f0e53cb-ffc7-4a40-bd68-a59283beb127")}.cloudos-alert .alert-main-content .alert-icon.icloud-icon{background-image:url("blob:https://www.icloud.com/760c98d1-...

Source: https://www.apple.com/icloud/	HTTP Parser: No favicon
Source: https://www.apple.com/icloud/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49721 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /reportStats HTTP/1.1Host: feedbackws.icloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /reportStats HTTP/1.1Host: feedbackws.icloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /reportStats HTTP/1.1Host: feedbackws.icloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /reportStats HTTP/1.1Host: feedbackws.icloud.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_202.2.dr	String found in binary or memory: "https://www.facebook.com/Apple", equals www.facebook.com (Facebook)
Source: chromecache_202.2.dr	String found in binary or memory: "https://www.linkedin.com/company/apple", equals www.linkedin.com (Linkedin)
Source: chromecache_202.2.dr	String found in binary or memory: "https://www.twitter.com/Apple" equals www.twitter.com (Twitter)
Source: chromecache_202.2.dr	String found in binary or memory: "https://www.youtube.com/user/Apple", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: setup.icloud.com
Source: global traffic	DNS traffic detected: DNS query: ckdatabasews.icloud.com
Source: global traffic	DNS traffic detected: DNS query: cvws.icloud-content.com
Source: global traffic	DNS traffic detected: DNS query: appleid.cdn-apple.com
Source: global traffic	DNS traffic detected: DNS query: feedbackws.icloud.com

Source: unknown

HTTP traffic detected: POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=940a3b73-50ec-4d66-ab05-b54f81eba4a5 HTTP/1.1Host: setup.icloud.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.icloud.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.icloud.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_124.2.dr	String found in binary or memory: http://bugs.jquery.com/ticket/12385.
Source: chromecache_124.2.dr	String found in binary or memory: http://dom.spec.whatwg.org/#dom-domimplementation-hasfeature
Source: chromecache_124.2.dr	String found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant=
Source: chromecache_124.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_172.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_124.2.dr	String found in binary or memory: http://jsperf.com/emptying-a-node
Source: chromecache_124.2.dr	String found in binary or memory: http://jsperf.com/key-exists
Source: chromecache_124.2.dr	String found in binary or memory: http://jsperf.com/key-missing
Source: chromecache_124.2.dr	String found in binary or memory: http://jsperf.com/obj-vs-arr-iteration
Source: chromecache_124.2.dr	String found in binary or memory: http://modernizr.com/docs/#prefixed)
Source: chromecache_202.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_187.2.dr, chromecache_202.2.dr	String found in binary or memory: http://schema.org/
Source: chromecache_124.2.dr	String found in binary or memory: http://schema.org/docs/gs.html
Source: chromecache_124.2.dr	String found in binary or memory: http://systemstatus-stage.apple.com/
Source: chromecache_124.2.dr	String found in binary or memory: http://www.andismith.com/blog/2012/02/modernizr-prefixed/)
Source: chromecache_124.2.dr	String found in binary or memory: http://www.apple.com/
Source: chromecache_124.2.dr	String found in binary or memory: http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html
Source: chromecache_124.2.dr	String found in binary or memory: http://www.quirksmode.org/blog/archives/2010/09/click_event_del.html
Source: chromecache_124.2.dr	String found in binary or memory: http://www.quirksmode.org/dom/events/scroll.html
Source: chromecache_124.2.dr	String found in binary or memory: http://www.quirksmode.org/dom/events/tests/scroll.html
Source: chromecache_124.2.dr	String found in binary or memory: http://www.quirksmode.org/js/events_properties.html
Source: chromecache_124.2.dr	String found in binary or memory: http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/
Source: chromecache_113.2.dr	String found in binary or memory: http://www.videolan.org/x264.html
Source: chromecache_124.2.dr	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-input-element.html#input-type-attr-s
Source: chromecache_202.2.dr	String found in binary or memory: http://www.wikidata.org/entity/Q312
Source: chromecache_202.2.dr	String found in binary or memory: https://appleid.apple.com/us/
Source: chromecache_202.2.dr	String found in binary or memory: https://apps.apple.com/us/app/apple-store/id375380948
Source: chromecache_199.2.dr	String found in binary or memory: https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.js
Source: chromecache_124.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=608416
Source: chromecache_124.2.dr	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=640652
Source: chromecache_124.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: chromecache_124.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3443
Source: chromecache_124.2.dr	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: chromecache_124.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1276240
Source: chromecache_124.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=208427
Source: chromecache_124.2.dr	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=355103
Source: chromecache_124.2.dr	String found in binary or memory: https://code.google.com/p/v8/issues/detail?id=687
Source: chromecache_124.2.dr	String found in binary or memory: https://developer.apple.com/system-status/
Source: chromecache_124.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent
Source: chromecache_124.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent#Key_names
Source: chromecache_124.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/TransitionEvent
Source: chromecache_124.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.count
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.foreach
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.map
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.only
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.children.toarray
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.cloneelement
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createclass
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createelement
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.createfactory
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#react.isvalidelement
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.finddomnode
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.render
Source: chromecache_124.2.dr	String found in binary or memory: https://facebook.github.io/react/docs/top-level-api.html#reactdom.unmountcomponentatnode
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/createmixin-was-never-implemented
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/invalid-aria-prop%s
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/prop-types-docs
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-controlled-components
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-create-class
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-devtools
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-dom-factories
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-event-pooling
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-invariant-dangerously-set-inner-html
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-legacyfactory
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-minification
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-refs-must-have-owner).
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-special-props)
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-spread-deprecation
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-unknown-prop%s
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-warning-dont-call-proptypes
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-warning-keys
Source: chromecache_124.2.dr	String found in binary or memory: https://fb.me/react-warning-polyfills
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/fbjs/blob/e66ba20ad5be433eb54423f2b097d829324d9de6/packages/fbjs/src/__f
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/flow/issues/285
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/1698
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/3236).
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/6731#issuecomment-254874553
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/6887
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/708.
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/7233
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/7240
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/7253
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/issues/7253#issuecomment-236074326
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/pull/6896
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/pull/7101
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/pull/7178
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/facebook/react/pull/7232
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/mishoo/UglifyJS2/blob/v2.4.20/lib/parse.js#L216
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/173
Source: chromecache_124.2.dr	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/microdata.html#microdata-dom-api
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/semantics.html#the-html-element
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#generate-implied-end-tags
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-button-scope
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-scope
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#html-integration-point
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incaption
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incolgroup
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inhead
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inselect
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intable
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intbody
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intd
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intr
Source: chromecache_124.2.dr	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#special
Source: chromecache_202.2.dr	String found in binary or memory: https://icq.icloud.com/?context=ZXh0ZXJuYWxBcHBfY29tLmFwcGxlLm1vYmlsZXNhZmFyaV9hcHBsZS5jb20&#x3
Source: chromecache_124.2.dr	String found in binary or memory: https://interactive-git.apple.com/Interactive-Interfaces/ac-ajax-xhr/issues/6
Source: chromecache_124.2.dr	String found in binary or memory: https://interactive-git.apple.com/Interactive-Interfaces/ac-ajax/issues/30
Source: chromecache_202.2.dr	String found in binary or memory: https://investor.apple.com/
Source: chromecache_187.2.dr, chromecache_202.2.dr	String found in binary or memory: https://locate.apple.com/
Source: chromecache_202.2.dr	String found in binary or memory: https://one.apple.com/us?itscg=10000&itsct=one-NA-icloud-bnr-apl-avl-102020
Source: chromecache_172.2.dr	String found in binary or memory: https://preactjs.com
Source: chromecache_202.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_202.2.dr	String found in binary or memory: https://support.apple.com
Source: chromecache_202.2.dr	String found in binary or memory: https://support.apple.com/#organization
Source: chromecache_187.2.dr, chromecache_202.2.dr	String found in binary or memory: https://support.apple.com/?cid=gn-ols-home-hp-tab
Source: chromecache_124.2.dr	String found in binary or memory: https://support.apple.com/contact
Source: chromecache_187.2.dr	String found in binary or memory: https://support.apple.com/kb/index
Source: chromecache_199.2.dr	String found in binary or memory: https://support.apple.com/launch/launch-ENa1d69f1a17ae45a1a2df9385c05ffcb9.js
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com
Source: chromecache_187.2.dr, chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/#organization
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/ac/globalfooter/3/en_US/scripts/ac-globalfooter.built.js
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/ac/globalfooter/3/en_US/styles/ac-globalfooter.built.css
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/ac/globalnav/4/en_US/scripts/ac-globalnav.built.js
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/ac/globalnav/4/en_US/styles/ac-globalnav.built.css
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/ac/structured-data/images/knowledge_graph_logo.png?202309181337
Source: chromecache_200.2.dr, chromecache_191.2.dr, chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/airpods/
Source: chromecache_200.2.dr, chromecache_191.2.dr	String found in binary or memory: https://www.apple.com/airtag/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.css
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.umd.js
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/api-www/global-elements/global-header/v1/flyouts
Source: chromecache_200.2.dr, chromecache_191.2.dr, chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/apple-vision-pro/
Source: chromecache_218.2.dr, chromecache_127.2.dr	String found in binary or memory: https://www.apple.com/choose-country-region/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/entertainment/
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/family-sharing/
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/icloud/
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/icloud/#service
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/ipad/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/iphone/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/mac/
Source: chromecache_200.2.dr, chromecache_191.2.dr	String found in binary or memory: https://www.apple.com/retail/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/tv-home/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/us/search
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/bag
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/buy_accessories
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/store
Source: chromecache_200.2.dr, chromecache_191.2.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/trade_in
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/v/icloud/af/images/meta/og__cu0qwzuuysq6_overview.png
Source: chromecache_202.2.dr	String found in binary or memory: https://www.apple.com/v/icloud/af/images/meta/og__cu0qwzuuysq6_overview.png?202309181337
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/watch/
Source: chromecache_187.2.dr	String found in binary or memory: https://www.apple.com/wss/fonts/?families=SF
Source: chromecache_202.2.dr	String found in binary or memory: https://www.icloud.com
Source: chromecache_144.2.dr, chromecache_198.2.dr	String found in binary or memory: https://www.icloud.com/icloud_logo/icloud_logo.png
Source: chromecache_195.2.dr	String found in binary or memory: https://www.icloud.com/system/icloud.com/2413Project46/en-us/acknowledgements.txt
Source: chromecache_202.2.dr	String found in binary or memory: https://www.linkedin.com/company/apple
Source: chromecache_124.2.dr	String found in binary or memory: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Source: chromecache_202.2.dr	String found in binary or memory: https://www.twitter.com/Apple
Source: chromecache_202.2.dr	String found in binary or memory: https://www.youtube.com/user/Apple

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.6:49721 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@23/195@14/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5488 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5488 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://jedwatson.github.io/classnames	0%	URL Reputation	safe
https://facebook.github.io/react/docs/top-level-api.html#react.createelement	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#reactdom.finddomnode	0%	Avira URL Cloud	safe
http://www.andismith.com/blog/2012/02/modernizr-prefixed/)	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.children.map	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.children.foreach	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.children.count	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.children.only	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.cloneelement	0%	Avira URL Cloud	safe
http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.children.toarray	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#reactdom.unmountcomponentatnode	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#reactdom.render	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.createfactory	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.createclass	0%	Avira URL Cloud	safe
https://facebook.github.io/react/docs/top-level-api.html#react.isvalidelement	0%	Avira URL Cloud	safe
http://facebook.github.io/react/docs/error-decoder.html?invariant=	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
setup.fe2.apple-dns.net	17.248.193.18	true	false	unknown
www.google.com	142.250.101.105	true	false	high
gateway.fe2.apple-dns.net	17.248.193.20	true	false	unknown
ckdatabasews.fe2.apple-dns.net	17.248.193.16	true	false	unknown
cvws.apple-dns.net	17.248.193.12	true	false	unknown
feedbackws.fe2.apple-dns.net	17.248.193.17	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.211.108	true	false	unknown
setup.icloud.com	unknown	unknown	false	high
feedbackws.icloud.com	unknown	unknown	false	high
cvws.icloud-content.com	unknown	unknown	false	high
ckdatabasews.icloud.com	unknown	unknown	false	high
appleid.cdn-apple.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://setup.icloud.com/setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=b468b6ff-4782-477f-a410-d2e80e63ee4b	false	high
https://setup.icloud.com/setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=5911d012-4d8d-410d-9926-bc35d059a689	false	high
https://setup.icloud.com/setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=940a3b73-50ec-4d66-ab05-b54f81eba4a5	false	high
https://feedbackws.icloud.com/reportStats	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://facebook.github.io/react/docs/top-level-api.html#reactdom.finddomnode	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://facebook.github.io/react/docs/top-level-api.html#react.cloneelement	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://bugs.chromium.org/p/v8/issues/detail?id=3443	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#generate-implied-end-tags	chromecache_124.2.dr	false		high
http://www.quirksmode.org/dom/events/tests/scroll.html	chromecache_124.2.dr	false		high
https://github.com/mishoo/UglifyJS2/blob/v2.4.20/lib/parse.js#L216	chromecache_124.2.dr	false		high
https://www.youtube.com/user/Apple	chromecache_202.2.dr	false		high
https://github.com/facebook/react/issues/6887	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#special	chromecache_124.2.dr	false		high
http://schema.org/docs/gs.html	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intable	chromecache_124.2.dr	false		high
https://www.linkedin.com/company/apple	chromecache_202.2.dr	false		high
http://www.andismith.com/blog/2012/02/modernizr-prefixed/)	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://fb.me/react-warning-polyfills	chromecache_124.2.dr	false		high
http://www.videolan.org/x264.html	chromecache_113.2.dr	false		high
https://fb.me/react-warning-dont-call-proptypes	chromecache_124.2.dr	false		high
https://fb.me/react-legacyfactory	chromecache_124.2.dr	false		high
http://jsperf.com/key-missing	chromecache_124.2.dr	false		high
http://dom.spec.whatwg.org/#dom-domimplementation-hasfeature	chromecache_124.2.dr	false		high
https://github.com/spicyj/innerhtml-vs-createelement-vs-clonenode.	chromecache_124.2.dr	false		high
http://jsperf.com/obj-vs-arr-iteration	chromecache_124.2.dr	false		high
https://bugs.chromium.org/p/v8/issues/detail?id=4118	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.children.only	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://fb.me/react-refs-must-have-owner).	chromecache_124.2.dr	false		high
https://www.twitter.com/Apple	chromecache_202.2.dr	false		high
http://bugs.jquery.com/ticket/12385.	chromecache_124.2.dr	false		high
https://fb.me/prop-types-docs	chromecache_124.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=208427	chromecache_124.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent	chromecache_124.2.dr	false		high
https://fb.me/react-devtools	chromecache_124.2.dr	false		high
https://github.com/facebook/react/issues/7240	chromecache_124.2.dr	false		high
https://fb.me/react-minification	chromecache_124.2.dr	false		high
https://fb.me/react-unknown-prop%s	chromecache_124.2.dr	false		high
http://jsperf.com/key-exists	chromecache_124.2.dr	false		high
https://fb.me/react-controlled-components	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.children.count	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/facebook/react/issues/708.	chromecache_124.2.dr	false		high
https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.js	chromecache_199.2.dr	false		high
http://jsperf.com/emptying-a-node	chromecache_124.2.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1276240	chromecache_124.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent#Key_names	chromecache_124.2.dr	false		high
https://schema.org	chromecache_202.2.dr	false		high
https://fb.me/react-dom-factories	chromecache_124.2.dr	false		high
https://github.com/facebook/react/issues/7233	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inhead	chromecache_124.2.dr	false		high
https://fb.me/createmixin-was-never-implemented	chromecache_124.2.dr	false		high
https://fb.me/react-special-props)	chromecache_124.2.dr	false		high
https://github.com/facebook/react/issues/3236).	chromecache_124.2.dr	false		high
http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.children.foreach	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/semantics.html#the-html-element	chromecache_124.2.dr	false		high
https://fb.me/react-create-class	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.children.map	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
http://www.quirksmode.org/dom/events/scroll.html	chromecache_124.2.dr	false		high
https://fb.me/react-event-pooling	chromecache_124.2.dr	false		high
https://github.com/facebook/fbjs/blob/e66ba20ad5be433eb54423f2b097d829324d9de6/packages/fbjs/src/__f	chromecache_124.2.dr	false		high
http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://facebook.github.io/react/docs/top-level-api.html#react.createelement	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/facebook/react/pull/7232	chromecache_124.2.dr	false		high
https://code.google.com/p/v8/issues/detail?id=687	chromecache_124.2.dr	false		high
http://www.wikidata.org/entity/Q312	chromecache_202.2.dr	false		high
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.children.toarray	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intr	chromecache_124.2.dr	false		high
https://github.com/facebook/react/issues/7253	chromecache_124.2.dr	false		high
https://github.com/facebook/react/pull/6896	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inselect	chromecache_124.2.dr	false		high
http://schema.org	chromecache_202.2.dr	false		high
https://github.com/facebook/react/issues/6731#issuecomment-254874553	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-inbody	chromecache_124.2.dr	false		high
https://github.com/facebook/react/issues/7253#issuecomment-236074326	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.isvalidelement	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/facebook/react/pull/7101	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incaption	chromecache_124.2.dr	false		high
http://facebook.github.io/react/docs/error-decoder.html?invariant=	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/173	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.createfactory	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://html.spec.whatwg.org/multipage/microdata.html#microdata-dom-api	chromecache_124.2.dr	false		high
http://jedwatson.github.io/classnames	chromecache_172.2.dr	false	URL Reputation: safe	unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=640652	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#react.createclass	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://fb.me/invalid-aria-prop%s	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#has-an-element-in-scope	chromecache_124.2.dr	false		high
https://fb.me/react-invariant-dangerously-set-inner-html	chromecache_124.2.dr	false		high
https://icq.icloud.com/?context=ZXh0ZXJuYWxBcHBfY29tLmFwcGxlLm1vYmlsZXNhZmFyaV9hcHBsZS5jb20&#x3	chromecache_202.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-incolgroup	chromecache_124.2.dr	false		high
https://github.com/facebook/react/pull/7178	chromecache_124.2.dr	false		high
https://facebook.github.io/react/docs/top-level-api.html#reactdom.unmountcomponentatnode	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://facebook.github.io/react/docs/top-level-api.html#reactdom.render	chromecache_124.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/facebook/react/issues/1698	chromecache_124.2.dr	false		high
http://fb.me/use-check-prop-types	chromecache_124.2.dr	false		high
https://code.google.com/p/chromium/issues/detail?id=355103	chromecache_124.2.dr	false		high
http://www.quirksmode.org/js/events_properties.html	chromecache_124.2.dr	false		high
https://fb.me/react-warning-keys	chromecache_124.2.dr	false		high
https://github.com/facebook/flow/issues/285	chromecache_124.2.dr	false		high
https://html.spec.whatwg.org/multipage/syntax.html#parsing-main-intd	chromecache_124.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.105	www.google.com	United States	15169	GOOGLEUS	false
17.248.193.18	setup.fe2.apple-dns.net	United States	714	APPLE-ENGINEERINGUS	false
17.248.193.16	ckdatabasews.fe2.apple-dns.net	United States	714	APPLE-ENGINEERINGUS	false
17.248.193.17	feedbackws.fe2.apple-dns.net	United States	714	APPLE-ENGINEERINGUS	false
17.248.193.12	cvws.apple-dns.net	United States	714	APPLE-ENGINEERINGUS	false
17.248.193.20	gateway.fe2.apple-dns.net	United States	714	APPLE-ENGINEERINGUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.16
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431283
Start date and time:	2024-04-24 19:25:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@23/195@14/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://www.icloud.com/ Browse: https://www.apple.com/support/systemstatus/ Browse: https://www.icloud.com/ Browse: https://www.apple.com/support/systemstatus/ Browse: https://apple.com/icloud

Warnings

Exclude process from analysis (whitelisted): audiodg.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.2.84, 142.251.2.101, 142.251.2.138, 142.251.2.100, 142.251.2.113, 142.251.2.102, 142.251.2.139, 74.125.137.94, 34.104.35.123, 23.42.207.76, 23.208.8.211, 23.42.201.134, 20.12.23.50, 23.72.90.76, 23.72.90.85, 192.229.211.108, 13.95.31.18, 17.33.194.171, 142.250.101.94, 17.253.144.10, 74.125.137.102, 74.125.137.138, 74.125.137.139, 74.125.137.101, 74.125.137.113, 74.125.137.100
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	244
Entropy (8bit):	4.966856967553873
Encrypted:	false
SSDEEP:	6:tI9mc4slzN3tt4pk0SKpWldnQltjImqZlllRpn:t4R+prSWWLQjjIhlllRR
MD5:	16CB406B7E5A57DD1D4863AE6734DEB8
SHA1:	4F7FB91C31D3FDA7E461CFFC3E66E48EA655061F
SHA-256:	9B3877801C4590B3FA99018330DE17DDBBF15283BFB9C1B8E1D3EB4454CB8F01
SHA-512:	1032A96643BC8938325BCF1E0318670AFFBE2DD53CDB0997B51E4F79423AE3C7F9CCB9F288707924F34CE324B864000E1169E0A4C7B1D3704835A290EDE80991
Malicious:	false
Reputation:	low
URL:	https://www.apple.com/ac/globalfooter/8/en_US/assets/ac-footer/breadcrumbs/separator/icon_large.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="6" height="11" viewBox="0 0 6 11">. <polyline points=".675 .925 5.323 5.5 .675 10.075" fill="none" stroke="currentcolor" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.1"/>.</svg>.

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 19:26:48.471604109 CEST	53	49722	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:48.514403105 CEST	53	54503	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:49.424969912 CEST	53	62379	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:50.330228090 CEST	63850	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.330342054 CEST	53922	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.483733892 CEST	53	63850	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:50.483763933 CEST	53	53922	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:50.724210024 CEST	59657	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.724374056 CEST	51041	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.725625038 CEST	62393	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.725763083 CEST	50785	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.877345085 CEST	53	59657	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:50.877383947 CEST	53	51041	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:50.879719973 CEST	53	50785	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:50.881218910 CEST	55941	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.881335020 CEST	56676	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:50.898147106 CEST	53	62393	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:51.035367966 CEST	53	55941	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:51.035826921 CEST	53	56676	1.1.1.1	192.168.2.6
Apr 24, 2024 19:26:54.836951017 CEST	50801	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:26:54.837253094 CEST	57125	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:27:02.505036116 CEST	56384	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:27:02.505356073 CEST	55039	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:27:02.658911943 CEST	53	56384	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:02.658982992 CEST	53	55039	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:03.894370079 CEST	52815	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:27:03.894972086 CEST	63696	53	192.168.2.6	1.1.1.1
Apr 24, 2024 19:27:04.049673080 CEST	53	52815	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:04.049690962 CEST	53	63696	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:06.488006115 CEST	53	54248	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:25.594999075 CEST	53	59055	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:47.909739971 CEST	53	54360	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:48.129856110 CEST	53	51725	1.1.1.1	192.168.2.6
Apr 24, 2024 19:27:54.812575102 CEST	53	52967	1.1.1.1	192.168.2.6
Apr 24, 2024 19:28:16.109060049 CEST	53	50524	1.1.1.1	192.168.2.6

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:26:51 UTC	688	OUT	POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=940a3b73-50ec-4d66-ab05-b54f81eba4a5 HTTP/1.1 Host: setup.icloud.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:26:51 UTC	752	IN	HTTP/1.1 421 Misdirected Request Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:26:51 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 1380 Connection: close X-Responding-Instance: setupservice:44100501:pv51p41ic-qukt05080701:8001:2414B433:713b7382ecf3 Cache-Control: no-cache, no-store, private Access-Control-Allow-Origin: https://www.icloud.com Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains x-apple-user-partition: 41 via: 631194250daa17e24277dea86cf30319:687e0cff1ea6c3f1b88c5f9fd7856064:uslax2 X-Apple-Request-UUID: 28b35ea3-b5c4-42c0-b88f-fd907c564027 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 23
2024-04-24 17:26:51 UTC	1380	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 72 65 71 75 65 73 74 49 6e 66 6f 22 3a 5b 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 69 6d 65 5a 6f 6e 65 22 3a 22 50 53 54 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 56 22 7d 5d 2c 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 Data Ascii: {"success":false,"requestInfo":[{"country":"US","timeZone":"PST","region":"NV"}],"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","account

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:26:52 UTC	688	OUT	POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=940a3b73-50ec-4d66-ab05-b54f81eba4a5 HTTP/1.1 Host: setup.icloud.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:26:52 UTC	752	IN	HTTP/1.1 421 Misdirected Request Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:26:52 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 1380 Connection: close X-Responding-Instance: setupservice:44100203:pv38p41ic-ztdg01061901:8003:2414B433:713b7382ecf3 Cache-Control: no-cache, no-store, private Access-Control-Allow-Origin: https://www.icloud.com Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains x-apple-user-partition: 41 via: 631194250daa17e24277dea86cf30319:19775ae675ab5174e54ebc137cc49052:uslax2 X-Apple-Request-UUID: 54514602-8b6e-4837-911c-4099477f253d access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 22
2024-04-24 17:26:52 UTC	1380	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 72 65 71 75 65 73 74 49 6e 66 6f 22 3a 5b 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 69 6d 65 5a 6f 6e 65 22 3a 22 50 53 54 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 56 22 7d 5d 2c 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 Data Ascii: {"success":false,"requestInfo":[{"country":"US","timeZone":"PST","region":"NV"}],"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","account

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:26:53 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 17:26:53 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=221786 Date: Wed, 24 Apr 2024 17:26:53 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:26:54 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 17:26:54 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=221737 Date: Wed, 24 Apr 2024 17:26:54 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 17:26:54 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:02 UTC	620	OUT	POST /reportStats HTTP/1.1 Host: feedbackws.icloud.com Connection: keep-alive Content-Length: 7305 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:02 UTC	7305	OUT	Data Raw: 7b 22 73 74 61 74 73 22 3a 5b 7b 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 56 65 72 69 66 79 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 69 64 65 6e 74 69 74 79 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 Data Ascii: {"stats":[{"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","accountVerifyUI":"https://id.apple.com/identity?widgetKey=d39ba9916b7251055b2
2024-04-24 17:27:03 UTC	847	IN	HTTP/1.1 200 OK Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:03 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Responding-Instance: feedbackws:prod-p148-feedbackws-6bd6cfcfd7-29wjj:prod-p148-feedbackws-6bd6cfcfd7-29wjj:8080:2413B18:nocommit access-control-allow-credentials: true access-control-allow-origin: https://www.icloud.com Cache-Control: no-cache, no-store, private Strict-Transport-Security: max-age=31536000; includeSubDomains; x-apple-user-partition: 148 via: xrail:icloud-xrail-group148-ext-b4955bd6b-6j9cr:8301:24R138:grp148,631194250daa17e24277dea86cf30319:84577ff2240d76236341ca21aca294b3:uslax2 X-Apple-Request-UUID: c0376066-1b75-4132-9953-00de341dc2bc access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 59
2024-04-24 17:27:03 UTC	12	IN	Data Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2{}0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:04 UTC	356	OUT	GET /reportStats HTTP/1.1 Host: feedbackws.icloud.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:04 UTC	725	IN	HTTP/1.1 405 Method Not Allowed Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:04 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 20 Connection: close X-Responding-Instance: feedbackws:prod-p148-feedbackws-6bd6cfcfd7-pvtxg:prod-p148-feedbackws-6bd6cfcfd7-pvtxg:8080:2413B18:nocommit Allow: POST Strict-Transport-Security: max-age=31536000; includeSubDomains; x-apple-user-partition: 148 via: xrail:icloud-xrail-group148-ext-b4955bd6b-298nx:8301:24R138:grp148,631194250daa17e24277dea86cf30319:25319f0ddc78a4b5cd46711c20809f6d:uslax2 X-Apple-Request-UUID: 731f57f6-13e4-421a-8860-fce75899b1c1 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 52
2024-04-24 17:27:04 UTC	20	IN	Data Raw: 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0d 0a Data Ascii: Method Not Allowed

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:12 UTC	688	OUT	POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=b468b6ff-4782-477f-a410-d2e80e63ee4b HTTP/1.1 Host: setup.icloud.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:12 UTC	752	IN	HTTP/1.1 421 Misdirected Request Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:12 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 1380 Connection: close X-Responding-Instance: setupservice:45300201:pv43p53ic-zteg01091601:8001:2414B433:713b7382ecf3 Cache-Control: no-cache, no-store, private Access-Control-Allow-Origin: https://www.icloud.com Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains x-apple-user-partition: 53 via: 631194250daa17e24277dea86cf30319:c19cb842951131b35bf0bb34fc4a6d84:uslax2 X-Apple-Request-UUID: 385b73d5-1552-4f1c-85da-038683b0ba00 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 22
2024-04-24 17:27:12 UTC	1380	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 72 65 71 75 65 73 74 49 6e 66 6f 22 3a 5b 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 69 6d 65 5a 6f 6e 65 22 3a 22 50 53 54 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 56 22 7d 5d 2c 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 Data Ascii: {"success":false,"requestInfo":[{"country":"US","timeZone":"PST","region":"NV"}],"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","account

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:13 UTC	688	OUT	POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=b468b6ff-4782-477f-a410-d2e80e63ee4b HTTP/1.1 Host: setup.icloud.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:13 UTC	752	IN	HTTP/1.1 421 Misdirected Request Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:13 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 1380 Connection: close X-Responding-Instance: setupservice:16300203:st13p63ic-zteu25304001:8003:2414B433:713b7382ecf3 Cache-Control: no-cache, no-store, private Access-Control-Allow-Origin: https://www.icloud.com Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains x-apple-user-partition: 63 via: 631194250daa17e24277dea86cf30319:15db98461001a5c47b0bde6d86557184:uslax2 X-Apple-Request-UUID: 7fa7ef0f-91f1-4c5a-8d21-53f1451e4cfe access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 55
2024-04-24 17:27:13 UTC	1380	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 72 65 71 75 65 73 74 49 6e 66 6f 22 3a 5b 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 69 6d 65 5a 6f 6e 65 22 3a 22 50 53 54 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 56 22 7d 5d 2c 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 Data Ascii: {"success":false,"requestInfo":[{"country":"US","timeZone":"PST","region":"NV"}],"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","account

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:16 UTC	620	OUT	POST /reportStats HTTP/1.1 Host: feedbackws.icloud.com Connection: keep-alive Content-Length: 8244 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:16 UTC	8244	OUT	Data Raw: 7b 22 73 74 61 74 73 22 3a 5b 7b 22 68 74 74 70 4d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 73 74 61 74 75 73 43 6f 64 65 22 3a 32 30 30 2c 22 68 6f 73 74 6e 61 6d 65 22 3a 22 77 77 77 2e 69 63 6c 6f 75 64 2e 63 6f 6d 22 2c 22 73 65 72 76 69 63 65 4e 61 6d 65 22 3a 22 77 77 77 22 2c 22 63 6c 69 65 6e 74 54 69 6d 69 6e 67 22 3a 36 30 30 2c 22 6e 65 74 5f 75 6e 63 6f 6d 70 72 65 73 73 65 64 52 65 73 70 6f 6e 73 65 53 69 7a 65 22 3a 22 33 31 34 38 22 2c 22 74 69 6d 65 64 4f 75 74 22 3a 66 61 6c 73 65 2c 22 75 72 6c 50 61 74 68 22 3a 22 2f 6c 6f 63 61 6c 65 73 2f 35 2f 65 6e 2d 55 53 2e 6a 73 6f 6e 22 2c 22 73 65 72 76 65 72 48 6f 73 74 6e 61 6d 65 22 3a 22 77 77 77 2e 69 63 6c 6f 75 64 2e 63 6f 6d 22 2c 22 74 69 6d 65 22 3a 22 57 65 64 20 41 70 72 20 32 34 Data Ascii: {"stats":[{"httpMethod":"GET","statusCode":200,"hostname":"www.icloud.com","serviceName":"www","clientTiming":600,"net_uncompressedResponseSize":"3148","timedOut":false,"urlPath":"/locales/5/en-US.json","serverHostname":"www.icloud.com","time":"Wed Apr 24
2024-04-24 17:27:16 UTC	831	IN	HTTP/1.1 200 OK Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:16 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Responding-Instance: feedbackws:prod-p132-feedbackws-857d765778-nj6vk:prod-p132-feedbackws-857d765778-nj6vk:8080:2413B18:nocommit access-control-allow-credentials: true access-control-allow-origin: https://www.icloud.com Cache-Control: no-cache, no-store, private Strict-Transport-Security: max-age=31536000; includeSubDomains; x-apple-user-partition: 132 via: xrail:icloud-xrail-group66-ext-3:8301:24R138:grp66,631194250daa17e24277dea86cf30319:86192dd0003c7534b5d961a3e0f3add9:uslax2 X-Apple-Request-UUID: 6f96571b-99fa-4cf3-95a3-93d9ae7cea28 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 60
2024-04-24 17:27:16 UTC	12	IN	Data Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2{}0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3148
Entropy (8bit):	4.8385665571897105
Encrypted:	false
SSDEEP:	96:SIA6oS8kHU/TBorI+bpgllnVk0/RVN+iRV/M+TL6AgmCgbL6agMzKj:Pr7HcTBolFqnTNFT/MQ6/ev6xMz2
MD5:	91F9C2C7FBAE8283E3283104C97BC49C
SHA1:	9744B697B755C871547AE683C1774E943D2EDA82
SHA-256:	C632443218D81149FE7FC6DADD8EB351D00C841B2349902AAAB8CB1895E87642
SHA-512:	8EEDE4196193AF658F70AA80B97DC579F82ED8CCC4C89EA90A6D7AE1AC869960993F4968751174859CF8276F99ECD3AD619B0915711E6F82476550BB22188687
Malicious:	false
Reputation:	low
Preview:	{"locale":"en-US","date":{"ca":["gregory","generic"],"hourNo0":true,"hour12":true,"formats":{"short":"{1}, {0}","medium":"{1}, {0}","full":"{1} 'at' {0}","long":"{1} 'at' {0}","availableFormats":{"Bh":"h B","Bhm":"h:mm B","Bhms":"h:mm:ss B","d":"d","E":"ccc","EBhm":"E h:mm B","EBhms":"E h:mm:ss B","Ed":"d E","Ehm":"E h:mm a","EHm":"E HH:mm","Ehms":"E h:mm:ss a","EHms":"E HH:mm:ss","Gy":"y G","GyMMM":"MMM y G","GyMMMd":"MMM d, y G","GyMMMEd":"E, MMM d, y G","h":"h a","H":"HH","hm":"h:mm a","Hm":"HH:mm","hms":"h:mm:ss a","Hms":"HH:mm:ss","hmsv":"h:mm:ss a v","Hmsv":"HH:mm:ss v","hmv":"h:mm a v","Hmv":"HH:mm v","M":"L","Md":"M/d","MEd":"E, M/d","MMM":"LLL","MMMd":"MMM d","MMMEd":"E, MMM d","MMMMd":"MMMM d","MMMMW-count-one":"'week' W 'of' MMMM","MMMMW-count-other":"'week' W 'of' MMMM","ms":"mm:ss","y":"y","yM":"M/y","yMd":"M/d/y","yMEd":"E, M/d/y","yMMM":"MMM y","yMMMd":"MMM d, y","yMMMEd":"E, MMM d, y","yMMMM":"MMMM y","yQQQ":"QQQ y","yQQQQ":"QQQQ y","yw-count-one":"'week' w 'of' Y","yw-

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 215624, version 1.0
Category:	downloaded
Size (bytes):	215624
Entropy (8bit):	7.9989485398001365
Encrypted:	true
SSDEEP:	6144:z7V3AfjW2JBwuqxw4GJ14Yz2tx91c8YxRwXGs:zBASwii4GJ14m0U8vR
MD5:	9B53803BF8700DBA963BDB71BADC62C0
SHA1:	DD36319DD80C03A90367E48D2086F0B1D94A9A4A
SHA-256:	D42C2920FEE98B6A295697AE4217EE1215EA01C37E2F38887DF42BDB2A1ACA95
SHA-512:	0A9B253B8FB3244B6A409C638F8254EFE2696AFE2388D9137AEF015B61ADA2CAFD4B580216751C68C087EF8FEFEC820FA17629AE9568810385C8833040D62F3C
Malicious:	false
Reputation:	low
URL:	https://www.apple.com/wss/fonts/SF-Pro-Display/v3/sf-pro-display_regular.woff2
Preview:	wOF2......JH......F...I............................D..f.`...B..l..b.....P....6.$..r..x.. ?meta. ..V. ..k[........sy@......\.:q......~.B..N!.1.>A.j...c.. V.C.Ds.p!..l...U1.oSH.............W..........,,E.......1....11.......b...y!..f.j..Q..jT.e){.._.`..d.F..b..hlX[..Y..0C.b.n.Wm8...>.6...{UX)..u#......t..6B@....".H..T..6.r.]......D..`..}.3,...VK6.).b...b.9D.h[.... B8>.8..C&..;.+....8......2{.R1kjf..X=...\|.....e/.n.<.3..j.[....&.j..v....Y..P&..$n..N...4=.-.,Ez~w.F..U(b'}{?.a.V...;.O9</.p....A.}..TV.UX...A..)g..u.8g...qa...C........c3a...6K.w.~=.%(f......~..=.hP..O..9;..<...Su..]<.2{.#...E....:...p.%.e.>.n.,.%..%;..D?.i.I..}M..x>.6.D...6.j.FPu.......Hr..6.....N..S.i..."...Q"V.b.D..-Q_.;.,i.&.9#.f...._....\~...#.A......MB1Uzb$..F....g...A..0.....6.3..5..32...$.\;.G......}.y.=...EQ.y.<..4i..&eA.k.m.^...)Kauw1....~4..+\b.....M.\.~....{b....{.Z.....o.....G.Y.k............#P^..G%\R..X...t......D..).e.'..).uw...YJo.....KI.WF..&....W.N...z...]..K.:k.

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, MP4 v2 [ISO 14496-14]
Category:	downloaded
Size (bytes):	647682
Entropy (8bit):	7.967428694476303
Encrypted:	false
SSDEEP:	12288:v7OCQspg5oUe/+KKPxVnut9CX9mKIvWDvGjlcwKKEnCAFTSf8LXX4tZ:v7V3eKKPbg9y9mKUcvGj6JKkT88LYtZ
MD5:	5EEFDCB62AC07E8384628A9F8F753134
SHA1:	C42B3AAF22C7EAE1CA5D4E831A2C8E5FACF60E59
SHA-256:	B9C3B3BBF17D678C641FE9563000CE9A5E456520394F7346C6D3FA126BC9058D
SHA-512:	58C9401026AAB4F7BF66A36F93D2C1CDF34D04C903B1B23CFFE8567EF98994D5A7567153D116ECA35767EC98670A7AD2A7CCF9403698DBE3E2903E0A8EEFF723
Malicious:	false
Reputation:	low
URL:	https://www.icloud.com/system/icloud.com/2413Project46/fpo@1x.mp4:2f757143b77d9c:0
Preview:	... ftypmp42....mp42iso2avc1mp41....free...9mdat!..@h...........E...H..,. .#..x264 - core 164 r3065 ae03d92 - H.264/MPEG-4 AVC codec - Copyleft 2003-2021 - http://www.videolan.org/x264.html - options: cabac=1 ref=16 deblock=1:0:0 analyse=0x1:0x131 me=umh subme=10 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=24 chroma_me=1 trellis=2 8x8dct=0 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=12 lookahead_threads=2 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=8 b_pyramid=2 b_adapt=2 b_bias=0 direct=3 weightb=1 open_gop=0 weightp=2 keyint=600 keyint_min=60 scenecut=40 intra_refresh=0 rc_lookahead=60 rc=crf mbtree=1 crf=18.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 vbv_maxrate=20000 vbv_bufsize=25000 crf_max=0.0 nal_hrd=none filler=0 ip_ratio=1.40 aq=1:1.00......e.......2....m...".......o...c........\.e.?R.......J..`?.!.\..q(%k....B.qB...G)...%o%?.....i..j......I... .~...[.;*+(.$./.X]);.p...I.......c.v.7k....v.b..5.....)s./..3.$

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (44581)
Category:	downloaded
Size (bytes):	44740
Entropy (8bit):	4.986179828886138
Encrypted:	false
SSDEEP:	768:7S7p4S44vR3b8uuXTxXIXcDve1vee/LNVwA1NAGCR/65LblSuWhO7E9Z8ZyU3oEQ:7S7p4S44vR3b8uuXTxXIXcDve1vee/Lo
MD5:	DBA56F91FCF68922FFCE3B03D3909D3B
SHA1:	E7D33C31DAD11C0939F8B418FA27647E2AC47703
SHA-256:	082CDA01F13031722B72AF6DB1970424990036D86A4323139383DF2ECE89D1ED
SHA-512:	6112719B9F008D1937DBECE5CBFD7F88CAA1403BEBE28BDFC49F4309E5AF56126945B8E1C79ECA9E2C73D5B53CAEE1BBB3EB88E65E1DBE372D70B2594FFF8132
Malicious:	false
Reputation:	low
URL:	https://www.apple.com/ac/globalfooter/3/en_US/styles/ac-globalfooter.built.css
Preview:	@font-face{font-family:'Apple Legacy Chevron';font-style:normal;font-weight:100;src:local("."),url("../assets/ac-footer/legacy/appleicons_ultralight.woff") format("woff"),url("../assets/ac-footer/legacy/appleicons_ultralight.ttf") format("truetype")}@font-face{font-family:"Apple Icons 100";src:url("../assets/ac-footer/legacy/appleicons_ultralight.eot")}@font-face{font-family:'Apple Legacy Chevron';font-style:normal;font-weight:200;src:local("."),url("../assets/ac-footer/legacy/appleicons_thin.woff") format("woff"),url("../assets/ac-footer/legacy/appleicons_thin.ttf") format("truetype")}@font-face{font-family:"Apple Icons 200";src:url("../assets/ac-footer/legacy/appleicons_thin.eot")}@font-face{font-family:'Apple Legacy Chevron';font-style:normal;font-weight:300;src:local("."),url("../assets/ac-footer/legacy/appleicons_thin.woff") format("woff"),url("../assets/ac-footer/legacy/appleicons_thin.ttf") format("truetype")}@font-face{font-family:"Apple Icons 300";src:url("../assets/ac-f

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:16 UTC	356	OUT	GET /reportStats HTTP/1.1 Host: feedbackws.icloud.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:17 UTC	712	IN	HTTP/1.1 405 Method Not Allowed Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:17 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 20 Connection: close X-Responding-Instance: feedbackws:prod-p102-feedbackws-59c85db65b-82vcd:prod-p102-feedbackws-59c85db65b-82vcd:8080:2413B18:nocommit Allow: POST Strict-Transport-Security: max-age=31536000; includeSubDomains; x-apple-user-partition: 102 via: xrail:ms15p00ic-qujn17091101.me.com:8301:24R138:grp70,631194250daa17e24277dea86cf30319:25319f0ddc78a4b5cd46711c20809f6d:uslax2 X-Apple-Request-UUID: bba5d274-d4f6-489b-a9d3-0b146b9037bf access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 12
2024-04-24 17:27:17 UTC	20	IN	Data Raw: 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0d 0a Data Ascii: Method Not Allowed

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:33 UTC	688	OUT	POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=5911d012-4d8d-410d-9926-bc35d059a689 HTTP/1.1 Host: setup.icloud.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:33 UTC	752	IN	HTTP/1.1 421 Misdirected Request Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:33 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 1380 Connection: close X-Responding-Instance: setupservice:36600103:mr30p66ic-tyfb03063701:8003:2414B433:713b7382ecf3 Cache-Control: no-cache, no-store, private Access-Control-Allow-Origin: https://www.icloud.com Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains x-apple-user-partition: 66 via: 631194250daa17e24277dea86cf30319:562c218466aaa2b6936f10695af3b4c8:uslax2 X-Apple-Request-UUID: 830c4510-d947-4ffa-acca-0d8540865550 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 15
2024-04-24 17:27:33 UTC	1380	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 72 65 71 75 65 73 74 49 6e 66 6f 22 3a 5b 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 69 6d 65 5a 6f 6e 65 22 3a 22 50 53 54 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 56 22 7d 5d 2c 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 Data Ascii: {"success":false,"requestInfo":[{"country":"US","timeZone":"PST","region":"NV"}],"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","account

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:33 UTC	688	OUT	POST /setup/ws/1/validate?clientBuildNumber=2413Project46&clientMasteringNumber=2413B20&clientId=5911d012-4d8d-410d-9926-bc35d059a689 HTTP/1.1 Host: setup.icloud.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.icloud.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.icloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:34 UTC	752	IN	HTTP/1.1 421 Misdirected Request Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:33 GMT Content-Type: application/json; charset=UTF-8 Content-Length: 1380 Connection: close X-Responding-Instance: setupservice:36200303:mr90p62ic-zteu08160101:8003:2414B433:713b7382ecf3 Cache-Control: no-cache, no-store, private Access-Control-Allow-Origin: https://www.icloud.com Access-Control-Allow-Credentials: true Strict-Transport-Security: max-age=31536000; includeSubDomains x-apple-user-partition: 62 via: 631194250daa17e24277dea86cf30319:19775ae675ab5174e54ebc137cc49052:uslax2 X-Apple-Request-UUID: d0805dc1-19b3-4b7a-8d44-f057e5f88b3a access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 15
2024-04-24 17:27:34 UTC	1380	IN	Data Raw: 7b 22 73 75 63 63 65 73 73 22 3a 66 61 6c 73 65 2c 22 72 65 71 75 65 73 74 49 6e 66 6f 22 3a 5b 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 74 69 6d 65 5a 6f 6e 65 22 3a 22 50 53 54 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 56 22 7d 5d 2c 22 63 6f 6e 66 69 67 42 61 67 22 3a 7b 22 75 72 6c 73 22 3a 7b 22 61 63 63 6f 75 6e 74 43 72 65 61 74 65 55 49 22 3a 22 68 74 74 70 73 3a 2f 2f 61 70 70 6c 65 69 64 2e 61 70 70 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 63 63 6f 75 6e 74 2f 3f 77 69 64 67 65 74 4b 65 79 3d 64 33 39 62 61 39 39 31 36 62 37 32 35 31 30 35 35 62 32 32 63 37 66 39 31 30 65 32 65 61 37 39 36 65 65 36 35 65 39 38 62 32 64 64 65 63 65 61 38 66 35 64 64 65 38 64 39 64 31 61 38 31 35 64 23 21 63 72 65 61 74 65 22 2c 22 61 63 63 6f 75 6e 74 Data Ascii: {"success":false,"requestInfo":[{"country":"US","timeZone":"PST","region":"NV"}],"configBag":{"urls":{"accountCreateUI":"https://appleid.apple.com/widget/account/?widgetKey=d39ba9916b7251055b22c7f910e2ea796ee65e98b2ddecea8f5dde8d9d1a815d#!create","account

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:35 UTC	356	OUT	GET /reportStats HTTP/1.1 Host: feedbackws.icloud.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:35 UTC	707	IN	HTTP/1.1 405 Method Not Allowed Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:35 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 20 Connection: close X-Responding-Instance: feedbackws:prod-p39-feedbackws-bbf8d79c8-pv9t9:prod-p39-feedbackws-bbf8d79c8-pv9t9:8080:2413B18:nocommit Allow: POST Strict-Transport-Security: max-age=31536000; includeSubDomains; x-apple-user-partition: 39 via: xrail:pv54p00ic-qujn06150501.me.com:8301:24R138:grp42,631194250daa17e24277dea86cf30319:b74fa3ebb261a77ff804cc39b52e4122:uslax2 X-Apple-Request-UUID: b704db12-b57e-4e64-a344-f80b3aee97c7 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 23
2024-04-24 17:27:35 UTC	20	IN	Data Raw: 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0d 0a Data Ascii: Method Not Allowed

Timestamp	Bytes transferred	Direction	Data
2024-04-24 17:27:36 UTC	356	OUT	GET /reportStats HTTP/1.1 Host: feedbackws.icloud.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 17:27:36 UTC	721	IN	HTTP/1.1 405 Method Not Allowed Server: AppleHttpServer/b866cf47a603 Date: Wed, 24 Apr 2024 17:27:36 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 20 Connection: close X-Responding-Instance: feedbackws:prod-p108-feedbackws-9f7ccc5b4-4xj2w:prod-p108-feedbackws-9f7ccc5b4-4xj2w:8080:2413B18:nocommit Allow: POST Strict-Transport-Security: max-age=31536000; includeSubDomains; x-apple-user-partition: 108 via: xrail:icloud-xrail-group51-ext-967bf9b6f-ghgbp:8301:24R143:grp51,631194250daa17e24277dea86cf30319:9416492177c73da5aa3f0723d495e161:uslax2 X-Apple-Request-UUID: 11faa0c5-6bbb-4e91-bf47-9f5c3db443d9 access-control-expose-headers: X-Apple-Request-UUID,Via X-Apple-Edge-Response-Time: 66
2024-04-24 17:27:36 UTC	20	IN	Data Raw: 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0d 0a Data Ascii: Method Not Allowed

Target ID:	0
Start time:	19:26:41
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	19:26:44
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	19:26:48
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.icloud.com/attachment/?u=https%3A%2F%2Fcvws.icloud-content.com%2FB%2FAViSO-AZwrsuqjmj41IiN-sL1eu8AXAVvCohbxfBszoMdE91-p-KfTip%2F%24%7Bf%7D%3Fo%3DAoEaJX1nwPbVzfTGfdRFExv93Y6a-YjVd8eAysvOcUKK%26v%3D1%26x%3D3%26a%3DCAogDwtOO0c5pz7wtCW48AvJO9GZdSV2fV2xE8fRhnp-apESdhC_6IKJ8TEYv_j93PoxIgEAKgkC6AMA_1v1AwNSBAvV67xaBIp9OKlqJdc_5oC95t_XDm-wW2wVtl40LlV80scChWWMio7txAn6KnfVoMFyJdEDRuNgIwsPnxLvm5dCo2cg2523oRSbBVv8rS_7mpCQpBaPZQM%26e%3D1716571307%26fl%3D%26r%3DD69B1B3A-B859-440E-9CD7-0C107D6DF4B5-1%26k%3D%24%7Buk%7D%26ckc%3Dcom.apple.largeattachment%26ckz%3D4D74562D-EA77-477A-B1AC-2653B79CDDB7%26p%3D68%26s%3D7o92e_KH42w9VM_TqR3jjq5kWJ0&uk=fKtUeHN7s8Dl39rhuvDK_Q&f=IMG_7426.MOV&sz=53323262"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	5
Start time:	19:27:14
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5488 --field-trial-handle=2288,i,18124643840649900871,11938976555639627075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 130

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre