Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iOS App Install Instructions - Santa Clara Public Safety - LH.eml

Overview

General Information

Sample name:iOS App Install Instructions - Santa Clara Public Safety - LH.eml
Analysis ID:1558884
MD5:68ccf3c00e7517091e8a2ec25bb7cf73
SHA1:a5c833a77af2f09ab50c9eb2d2977b5856be8e09
SHA256:17336599f490564b3f39061f9de09f4a49816119913e9914afc81344ad839203
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected suspicious crossdomain redirect
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6904 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\iOS App Install Instructions - Santa Clara Public Safety - LH.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6936 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8E1456D0-2B15-4836-83B6-1FBFB55BD00D" "70B0865D-C090-4BE7-AF9E-CF3B43E5EAE1" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1940,i,472277037677389804,13362372691725064446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1956,i,4615083550077936862,14264789420345447439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6904, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/redeemLandingPage?code=3L3FHRKAYRYW&ctx=apps&mt=12HTTP Parser: No favicon
Source: https://www.apple.com/macos/macos-sequoia/HTTP Parser: No favicon
Source: https://www.apple.com/macos/macos-sequoia/HTTP Parser: No favicon
Source: https://www.apple.com/macos/macos-sequoia/HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: gcc02.safelinks.protection.outlook.com to https://apps.apple.com/redeem?code=3l3fhrkayryw&ctx=apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: gcc02.safelinks.protection.outlook.com to https://apps.apple.com/redeem?code=3l3fhrkayryw&ctx=apps
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 104.47.64.28 104.47.64.28
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Mm2fWrSKe2pTWeH&MD=CUnE4wkl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Mm2fWrSKe2pTWeH&MD=CUnE4wkl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0 HTTP/1.1Host: gcc02.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_137.11.drString found in binary or memory: "https://www.facebook.com/Apple", equals www.facebook.com (Facebook)
Source: chromecache_137.11.drString found in binary or memory: "https://www.linkedin.com/company/apple", equals www.linkedin.com (Linkedin)
Source: chromecache_137.11.drString found in binary or memory: "https://www.twitter.com/Apple" equals www.twitter.com (Twitter)
Source: chromecache_137.11.drString found in binary or memory: "https://www.youtube.com/user/Apple", equals www.youtube.com (Youtube)
Source: chromecache_120.11.dr, chromecache_148.11.drString found in binary or memory: return r.indexOf("www.google.")>=0||r.indexOf(".ask.com")>=0||r=="www.bing.com"?i="q":r.indexOf(".yahoo.com")>=0&&(i="p"),i&&(s=its.url.queryParamValue(i,t),s&&(n.searchTerm=s)),n.hostname=r,n},ITSMetrics.metricsId=function(){return its.cookies.get(ITSMetrics.OMNITURE_COOKIE_NAME)},window.ITSMetrics||(window.ITSMetrics={}),ITSMetrics._shouldFakeUserAgentVersion=function(){var t="MacAppStore/|CastleSettings/|iTunes Pre 9.",n=ITSMetrics.userAgentForMetrics(),r=n&&n.match(t); equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: gcc02.safelinks.protection.outlook.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: s.mzstatic.com
Source: chromecache_120.11.dr, chromecache_148.11.drString found in binary or memory: http://apple.com/itunes/download
Source: chromecache_166.11.dr, chromecache_125.11.drString found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_128.11.dr, chromecache_141.11.drString found in binary or memory: http://r.mzstatic.com
Source: chromecache_137.11.drString found in binary or memory: http://schema.org
Source: chromecache_137.11.drString found in binary or memory: http://schema.org/
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: http://www.apple.com/legal/itunes/us/gifts.html
Source: chromecache_120.11.dr, chromecache_148.11.drString found in binary or memory: http://www.apple.com/mac/app-store/
Source: chromecache_148.11.drString found in binary or memory: http://www.apple.com/qtactivex/qtplugin.cab
Source: chromecache_120.11.dr, chromecache_148.11.drString found in binary or memory: http://www.apple.com/quicktime/download/
Source: chromecache_137.11.drString found in binary or memory: http://www.wikidata.org/entity/Q312
Source: chromecache_137.11.drString found in binary or memory: https://account.apple.com/
Source: iOS App Install Instructions - Santa Clara Public Safety - LH.eml, ~WRS{E84A351D-61A4-4574-973A-5D8E7EBD6636}.tmp.1.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://apple.news/magazines
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://apps.apple.com
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://apps.apple.com/arcade
Source: iOS App Install Instructions - Santa Clara Public Safety - LH.emlString found in binary or memory: https://apps.apple.com/redeem?code=3L3FHRKAYRYW&ctx=apps
Source: chromecache_137.11.drString found in binary or memory: https://apps.apple.com/us/app/apple-store/id375380948
Source: chromecache_137.11.drString found in binary or memory: https://apps.apple.com/us/story/id1742662181
Source: chromecache_191.11.drString found in binary or memory: https://commerce.apple.com/cta/ce30176475f442409b9db3ec75954751
Source: chromecache_137.11.drString found in binary or memory: https://developer.apple.com/macos/
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://finance-app.itunes.apple.com/account/add-funds
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://finance-app.itunes.apple.com/redeem/subscription-success?adamId=960073716&type=Fuse&quantity
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://fitness.apple.com
Source: iOS App Install Instructions - Santa Clara Public Safety - LH.eml, ~WRS{E84A351D-61A4-4574-973A-5D8E7EBD6636}.tmp.1.drString found in binary or memory: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3
Source: chromecache_137.11.drString found in binary or memory: https://investor.apple.com/
Source: chromecache_191.11.drString found in binary or memory: https://isq06.mzstatic.com/image/thumb/Features7/v4/07/5b/e9/075be994-3375-c8f4-0909-81739b94b85c/mz
Source: chromecache_137.11.drString found in binary or memory: https://locate.apple.com/
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://music.apple.com/deeplink?app=music&p=browse
Source: chromecache_120.11.dr, chromecache_148.11.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.apple.android.music&referrer=utm_source=
Source: chromecache_166.11.dr, chromecache_125.11.drString found in binary or memory: https://preactjs.com
Source: chromecache_128.11.dr, chromecache_141.11.drString found in binary or memory: https://s.mzstatic.com
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://setup.icloud.com/email/prefs/storage?path=ICLOUD_SERVICE
Source: chromecache_191.11.drString found in binary or memory: https://silverbullet-itms6.itunes.apple.com/content/cd1a49fb-b1ea-4a1b-be40-aa6d41cf2915/images/872a
Source: chromecache_191.11.drString found in binary or memory: https://silverbullet-itms6.itunes.apple.com/content/cd1a49fb-b1ea-4a1b-be40-aa6d41cf2915/images/add8
Source: chromecache_191.11.drString found in binary or memory: https://silverbullet-itms6.itunes.apple.com/content/cd1a49fb-b1ea-4a1b-be40-aa6d41cf2915/images/c10d
Source: chromecache_191.11.drString found in binary or memory: https://silverbullet-itms6.itunes.apple.com/content/cd1a49fb-b1ea-4a1b-be40-aa6d41cf2915/variant-b/e
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/#organization
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/?cid=gn-ols-home-hp-tab
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/HT201300
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/HT201634
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/HT201862
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/HT201894
Source: chromecache_137.11.drString found in binary or memory: https://support.apple.com/HT202888
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://support.apple.com/en-us/HT203021
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://tv.apple.com/watch-now
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/#organization
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/ac/structured-data/images/knowledge_graph_logo.png?202410241440
Source: chromecache_192.11.dr, chromecache_186.11.drString found in binary or memory: https://www.apple.com/apple-vision-pro/
Source: chromecache_135.11.dr, chromecache_206.11.drString found in binary or memory: https://www.apple.com/choose-country-region/
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/cn/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/cn/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/cz/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/cz/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ee/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ee/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/es/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/es/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/fi/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/fi/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/fr/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/fr/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/arrows/lessarrow_big_08c.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/arrows/morearrow_08c.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/arrows/morearrow_big_08c.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_bg.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_home.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_home.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_home_over.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_home_over.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_sep.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_sep_20080909.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_separator.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/breadcrumb_separator.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/directory_bg.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/breadory/directory_capbg.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/browsewebappss.png);_background-image:url(https://www.
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/businessstores.png);_background-image:url(https://www.
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/buyiphones.png);_background-image:url(https://www.appl
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/buynows.png);_background-image:url(https://www.apple.c
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/buynows_arrow.png);_background-image:url(https://www.a
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/comingsoons.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/descargarahoras.png);_background-image:url(https://www
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/downloadituness.png);_background-image:url(https://www
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/downloadnows.png);_background-image:url(https://www.ap
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/finds.png);_background-image:url(https://www.apple.com
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/freetrials.png);_background-image:url(https://www.appl
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/getstarteds.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/gos.png);_background-image:url(https://www.apple.com/g
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/howtoapplys.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/howtobuys.png);_background-image:url(https://www.apple
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/joinnows.png);_background-image:url(https://www.apple.
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/learnmores.png);_background-image:url(https://www.appl
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/nikebuynows.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/notifymes.png);_background-image:url(https://www.apple
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/ordernows.png);_background-image:url(https://www.apple
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/preordernows.png);_background-image:url(https://www.ap
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/preorders.png);_background-image:url(https://www.apple
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/reserves.png);_background-image:url(https://www.apple.
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/startyoursearchs.png);_background-image:url(https://ww
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/submits.png);_background-image:url(https://www.apple.c
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/tryamacs.png);_background-image:url(https://www.apple.
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/elements/buttons/upgradenows.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/nav/images/globalnav_text.png);_background-image:url(https://www.apple.
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/gr/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/gr/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/hk/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/hk/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/hr/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/hr/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/hu/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/hu/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ipod/images/content_top20100901.png)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/it/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/it/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/itunes/images/border_fbfan.gif)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/jp/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/jp/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/kr/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/kr/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/la/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/la/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/lae/global/nav/images/globalnav_text.png);_background-image:url(https://www.ap
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/lae/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/lt/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/lt/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/lv/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/lv/global/nav/images/globalnav_text.svg)
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/macos/macos-sequoia/
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/macos/macos-sequoia/#softwareapplication
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/mg/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/mg/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/mt/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/mt/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/pl/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/pl/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/pt/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/pt/global/nav/images/globalnav_text.svg)
Source: chromecache_192.11.dr, chromecache_186.11.drString found in binary or memory: https://www.apple.com/retail/
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ro/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ro/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ru/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/ru/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/sa/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/sa/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/sk/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/sk/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-bold-webfont.eot);src:url(https://www.apple.com/t
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-bold-webfont.svg#sukhumvit_setbold)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-bold-webfont.ttf)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-bold-webfont.woff)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-medium-webfont.eot);src:url(https://www.apple.com
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-medium-webfont.svg#sukhumvit_setmedium)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-medium-webfont.ttf)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/fonts/sukhumvitset-medium-webfont.woff)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/th/global/nav/images/globalnav_text.svg)
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/tr/global/nav/images/globalnav_text.png);_background-image:url(https://www.app
Source: chromecache_171.11.drString found in binary or memory: https://www.apple.com/tr/global/nav/images/globalnav_text.svg)
Source: chromecache_192.11.dr, chromecache_186.11.drString found in binary or memory: https://www.apple.com/us/shop/goto/giftcards
Source: chromecache_192.11.dr, chromecache_186.11.drString found in binary or memory: https://www.apple.com/us/shop/goto/store
Source: chromecache_192.11.dr, chromecache_186.11.drString found in binary or memory: https://www.apple.com/us/shop/goto/trade_in
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/v/macos/macos-sequoia/a/images/meta/macos-sequoia__qclpvh6m08ay_og.png
Source: chromecache_137.11.drString found in binary or memory: https://www.apple.com/v/macos/macos-sequoia/a/images/meta/macos-sequoia__qclpvh6m08ay_og.png?2024102
Source: chromecache_177.11.drString found in binary or memory: https://www.apple.com/wss/fonts?family=Apple
Source: chromecache_177.11.drString found in binary or memory: https://www.apple.com/wss/fonts?family=SF
Source: chromecache_178.11.dr, chromecache_191.11.drString found in binary or memory: https://www.apple.com/xc/shop?cid=amp-redemption-ty
Source: chromecache_137.11.drString found in binary or memory: https://www.icloud.com
Source: chromecache_137.11.drString found in binary or memory: https://www.linkedin.com/company/apple
Source: chromecache_137.11.drString found in binary or memory: https://www.twitter.com/Apple
Source: chromecache_137.11.drString found in binary or memory: https://www.youtube.com/user/Apple
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49762 version: TLS 1.2
Source: classification engineClassification label: clean3.winEML@31/165@8/6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241119T1634450779-6904.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\iOS App Install Instructions - Santa Clara Public Safety - LH.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8E1456D0-2B15-4836-83B6-1FBFB55BD00D" "70B0865D-C090-4BE7-AF9E-CF3B43E5EAE1" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1940,i,472277037677389804,13362372691725064446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1956,i,4615083550077936862,14264789420345447439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8E1456D0-2B15-4836-83B6-1FBFB55BD00D" "70B0865D-C090-4BE7-AF9E-CF3B43E5EAE1" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fredeem%3Fcode%3D3L3FHRKAYRYW%26ctx%3Dapps&data=05%7C02%7Ccmcdowell%40santaclaraca.gov%7C6e153ce680b940ac600808dd08ba7b7c%7C28ea354810694e81aa0b6e4b3271a5cb%7C0%7C0%7C638676319583058448%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C60000%7C%7C%7C&sdata=tQtWVhJkBQwd0r7gTpnCHzws245sXQj9NxHMJJPkG8Y%3D&reserved=0Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1940,i,472277037677389804,13362372691725064446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1956,i,4615083550077936862,14264789420345447439,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.10.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1558884 Sample: iOS App Install Instruction... Startdate: 19/11/2024 Architecture: WINDOWS Score: 3 6 OUTLOOK.EXE 50 104 2->6         started        process3 8 chrome.exe 9 6->8         started        11 chrome.exe 6->11         started        13 ai.exe 6->13         started        dnsIp4 20 127.0.0.1 unknown unknown 8->20 22 192.168.2.16, 138, 443, 49154 unknown unknown 8->22 24 2 other IPs or domains 8->24 15 chrome.exe 8->15         started        18 chrome.exe 11->18         started        process5 dnsIp6 26 gcc02.safelinks.eop-tm2.outlook.com 104.47.64.28, 443, 49713, 49826 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 15->26 28 www.google.com 142.250.185.196, 443, 49721, 49825 GOOGLEUS United States 15->28 30 2 other IPs or domains 15->30

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://isq06.mzstatic.com/image/thumb/Features7/v4/07/5b/e9/075be994-3375-c8f4-0909-81739b94b85c/mz0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gcc02.safelinks.eop-tm2.outlook.com
104.47.64.28
truefalse
    		high
    www.google.com
    		142.250.185.196
    		truefalse
      		high
      s.mzstatic.com
      		unknown
      		unknownfalse
        		high
        gcc02.safelinks.protection.outlook.com
        		unknown
        		unknownfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schema.orgchromecache_137.11.drfalse
            		high
            https://www.linkedin.com/company/applechromecache_137.11.drfalse
              		high
              http://schema.org/chromecache_137.11.drfalse
                		high
                http://r.mzstatic.comchromecache_128.11.dr, chromecache_141.11.drfalse
                  		high
                  https://setup.icloud.com/email/prefs/storage?path=ICLOUD_SERVICEchromecache_178.11.dr, chromecache_191.11.drfalse
                    		high
                    https://apple.news/magazineschromecache_178.11.dr, chromecache_191.11.drfalse
                      		high
                      http://www.wikidata.org/entity/Q312chromecache_137.11.drfalse
                        		high
                        https://isq06.mzstatic.com/image/thumb/Features7/v4/07/5b/e9/075be994-3375-c8f4-0909-81739b94b85c/mzchromecache_191.11.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://play.google.com/store/apps/details?id=com.apple.android.music&referrer=utm_source=chromecache_120.11.dr, chromecache_148.11.drfalse
                          		high
                          https://www.youtube.com/user/Applechromecache_137.11.drfalse
                            		high
                            https://preactjs.comchromecache_166.11.dr, chromecache_125.11.drfalse
                              		high
                              https://s.mzstatic.comchromecache_128.11.dr, chromecache_141.11.drfalse
                                		high
                                https://www.twitter.com/Applechromecache_137.11.drfalse
                                  		high
                                  http://jedwatson.github.io/classnameschromecache_166.11.dr, chromecache_125.11.drfalse
                                    		high
                                    https://aka.ms/LearnAboutSenderIdentificationiOS App Install Instructions - Santa Clara Public Safety - LH.eml, ~WRS{E84A351D-61A4-4574-973A-5D8E7EBD6636}.tmp.1.drfalse
                                      		high

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      239.255.255.250
                                      		unknownReserved
                                      		unknownunknownfalse
                                      142.250.185.196
                                      		www.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      104.47.64.28
                                      		gcc02.safelinks.eop-tm2.outlook.comUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                      Private

                                      IP
                                      192.168.2.17
                                      192.168.2.16
                                      127.0.0.1

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1558884
                                      Start date and time:2024-11-19 22:34:12 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 4m 36s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:18
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:iOS App Install Instructions - Santa Clara Public Safety - LH.eml
                                      Detection:CLEAN
                                      Classification:clean3.winEML@31/165@8/6
                                      Cookbook Comments:
                                      • Found application associated with file extension: .eml

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 52.113.194.132, 20.42.73.27, 216.58.206.67, 142.250.186.78, 64.233.167.84, 34.104.35.123, 2.19.224.19, 2.23.196.201, 184.27.96.29, 17.156.128.11, 20.189.173.9, 17.8.136.126, 17.8.136.5, 13.89.179.8, 142.250.186.35, 20.42.73.25, 142.250.74.206, 20.50.73.4
                                      • Excluded domains from analysis (whitelisted): www.apple.com.edgekey.net.globalredir.akadns.net, buy.itunes.apple.com, onedscolprdwus08.westus.cloudapp.azure.com, slscr.update.microsoft.com, clientservices.googleapis.com, securemetrics.apple.com, www.apple.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, clients2.google.com, itunes.apple.com.edgekey.net, s.mzstatic.itunes-apple.com.akadns.net, update.googleapis.com, onedscolprdeus06.eastus.cloudapp.azure.com, apps-cdn.itunes-apple.com.akadns.net, clients1.google.com, ecs.office.com, fs.microsoft.com, accounts.google.com, e673.dsce9.akamaiedge.net, e6858.dscx.akamaiedge.net, s-0005-office.config.skype.com, onedscolprdeus12.eastus.cloudapp.azure.com, apps.apple.com, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, securemetrics.v.aaplimg.com, www.apple.com.edgekey.net, mzstatic.com.edgekey.net, buy.itunes-apple.com.akadns.net, onedscolprdcus06.centralus.cloudapp.azure.com, onedscolprdneu13.northeurope.cloudapp.azure
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: iOS App Install Instructions - Santa Clara Public Safety - LH.eml

                                      Simulations

                                      Behavior and APIs

                                      No simulations