Malware Analysis Report

2025-08-11 02:53

Sample ID 230913-1wxwkshg95
Target Secured Shared eDocument.shtml.html
SHA256 ccacc08e93cbdb9a8d4286987a450df2c5c2ffef20b6ee53cbeeeca0306bf781
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ccacc08e93cbdb9a8d4286987a450df2c5c2ffef20b6ee53cbeeeca0306bf781

Threat Level: No (potentially) malicious behavior was detected

The file Secured Shared eDocument.shtml.html was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-13 22:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-13 22:00

Reported

2023-09-13 22:02

Platform

win7-20230831-en

Max time kernel

38s

Max time network

47s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Secured Shared eDocument.shtml.html"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500aa4de8de6d901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac20000000002000000000010660000000100002000000069f8858f37dea13759de3183d9e495d033e3ad6db7bfbe1481c751431c2a3b60000000000e8000000002000020000000fb9319327d6b358837535f1b8d5a582d91accdcd9316dfe0d9497eb7982f97f3200000005b2f2951fb6df589a7df35f00a21d409de30fdc6e5fcc3ca2ff170a977af4e44400000009bb1bd5bd92cf226f908ee8e71913ec2192ca9cdaea085ec4c87ba99a727a484205eaa103c45f4d731f2e251b6b7aa0070e3c7fab28204177bc3ca75fb6366d2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09B90011-5281-11EE-A7F5-76A8121F2E0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f908080c5c8cf442941c5db076e34ac200000000020000000000106600000001000020000000ade10df33ab48a975e95eb05cca9177c474272f38aa24cb63733f337f36349e6000000000e800000000200002000000098ccc5529333ae9abebac38585faffe1810ea93b94ce3200727c77d4f8db20cf90000000d9ebcfc0e2e462934faba0546446891ec16b1f796ff404bfc90f7c692639a9089b690dc918b28fd5ab51f23c16d3ea5b7a4f77ded0dc44ed51acb786d4c0b65c5e48f9abdb2fa2255e7d3013d1c3a118d487ba471c7750b1792e24d02ed3a8633c8116da76d5a863c1339b97290d8d68b2324e6a7352e6a5cec971b95bcf989ae4903a0210d43d6caeeeec87f367652e40000000ed7578ca5f93598da23ae86043b17536ac83f67936b63e08a6e1654a4c000d23cc21b44359c1df40c7ced026d987a29534ed921cc4f08f8f8eb063f5adfbc446 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Secured Shared eDocument.shtml.html"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 poppavimrockdreams.com udp
US 95.214.24.232:443 poppavimrockdreams.com tcp
US 95.214.24.232:443 poppavimrockdreams.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.136:80 apps.identrust.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab76A8.tmp

MD5 f3441b8572aae8801c04f3060b550443
SHA1 4ef0a35436125d6821831ef36c28ffaf196cda15
SHA256 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA512 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

C:\Users\Admin\AppData\Local\Temp\Tar7757.tmp

MD5 9441737383d21192400eca82fda910ec
SHA1 725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256 bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA512 7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf4dfdfccd547c03cd8f6e5c87ac61b3
SHA1 ed0be01743c75ac6d21b4d9c682d10c713170769
SHA256 9f5e97e45e25fa3a0ab11041045f890125dfd544e12025419091d77d2e3856ea
SHA512 e681f4cdbcbe66e8d36d7f126a5c2451ed87896ec71028403b4d0ab2f9c980d7f98acd6fb404666ab6690d1f288c72c1834c41939b3c3658048a7e86ddae22ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7eb0d52e432d4bbd4b99d1f3b00075e1
SHA1 f8c15799664dec1f3736c1113dfe45d8b0da1874
SHA256 f4053602bae11c61ed2696f65b94f9598aca3d953ae09cbbb5e15671470f20fd
SHA512 5a558a76db787458df4e2ccb5248ab2a3cb4b156fdbfcb4bbda4a538d01316b8099996b5548fa05dc6e5858154caa54799f85748c06c38216e93c5d294f3e161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15cb2de0cdb47435518e0e8053ddc306
SHA1 cc02599ef260a3d401ee1e5aba11df11cb800404
SHA256 505ae6418190939f3e89e5b3b48cb634a565052a5d2f5ba11207e331bcf575cc
SHA512 208ca702876d6df9ba667a2dea6ae941a71c31783cf625b44e8dfb643ffdc519ac21abea4d6e4c69f100f637f2ae2863146d8bd8b383836cd4ae6c038faca4d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf333150ee5ea04a71b32aeca3fb5a64
SHA1 a903e1764546dd4811b78d032c1b6dede2c8f191
SHA256 9a7f0a30455e2fa840981b400a6d488cec97b66783e4d7e289a0d578b916c9c9
SHA512 586d1990c0822ea63e9af44eca0a154e07efb6e92e1d659fbca7bf06f3f60e26dcdcb69ba69a70b6945c86f1200fbaf0b31dbe2c67dabb210ed3dcb44dde22d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ea995150dde11eb8d3ae20629dddc40
SHA1 dc2c3dc43b2c3bae8aac70752c3523577aa1aabd
SHA256 3b93157a92a1b9f1b39e7dcb692b5294960a6710438385275cbbead59d52f01f
SHA512 4668966300941a3c9a57adea5b9c453bb646e6271056ce73d999cd6cd0515ec17295c62813961e0e42a6b73356c996134c4bdaad6a656bae775785f061a31019

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b66c195cc92891e76d82b46d5890d96
SHA1 0ebff4a6fa3499f47fe983880aefca62e01d14cc
SHA256 98cdee4f76dff1b539a21f0a92607549d5402622a06f8dc4c039e41dddf6ddd9
SHA512 6e69764e5dd0c630381f85f3f2501c0d642b5ac087b1fd9957ce82dacfea3d82dc0a8c9b270e1e16319b26ead4e5329d6cc713b79bd610df0f32b486699c1d44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ba38b3f79a145792d19358489ff4ed5
SHA1 8a5e3d33418ea1ee8d951a4d3ab265a6de5cf0ad
SHA256 b08e0d9810776b7123310ae704ca881cb88a661a53166edf6d9e86fc645ea0c3
SHA512 aff8394f56abe66ea777aa4a35185f96546e7df64946b5c85f2911b2962d549a68295b282274cac0f3d371869d45e0e287fc4feb1961381fa6a498f3e5734504

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f499b3847d12618e68d3b3a57369897
SHA1 c8fab16efa761d51d093ab405dd3e1774cff92c8
SHA256 6b35ab26f6c9936e169c91c34bcf9ecf3d2d67b84b1a02941006ae58b42d5ec8
SHA512 485809b482df9ac8dbcfa1f5042adcf0acb33b661bf21913e68d488e46cfd72a70314d07274b698d34f6a58c9e9f090a8fe23f48cf124981222e82ff9c35370a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92bd7b29fa30907479b92f98edebfa97
SHA1 c66bbab60d79a87f67d9bc31327cc82d7ba86a72
SHA256 964e2e1b96f46fd1c6e12bdc16f198fe740581e782f10f836a9661f6133069a3
SHA512 59989c6ab27f1eee2dae0852c76631cedf40a241e6bd4a3a6c5f9a801c89f0197872ec5ad8ddc38dd6e8543a0805b0c836586c2c4b0ab618a0c59c7dce38699a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e091dd45bc3610f30b0e79168ab80362
SHA1 d88413abb06b5b7da4911a96c69dfb384305e682
SHA256 bba169cb1ec2c010b490584aae53dbaf7489206cf73014043fc90955dd6bc7d4
SHA512 087eb8c9ffbc26b21005495e71271b0667a6eedc577f65893df43d6888829bbbba00491315716e64a91600a95218d0de485323d96d125eceae9ab17b87b88f61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73b1874a5ef7923dba3b3f5f808dfd4d
SHA1 8fbc10376b7527ab33d653b243edc6ca4fe51c04
SHA256 e9dfa8e1448f004f0e2a7915520efb7d381c7f4d0c4aafe6ad4ad9eb960e0f5c
SHA512 13f2e1295562ce988363d3c1b2d2819786dd8e23beeed742ad5c20fbcf4a8c8a5da544a16fec9d71950f2b0b8e5e1d163b2f83ea6d4aea22420c3767b4e52e31

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-13 22:00

Reported

2023-09-13 22:03

Platform

win10v2004-20230831-en

Max time kernel

79s

Max time network

130s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Secured Shared eDocument.shtml.html"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1080459c5ddcd901 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0B2B6A05-5281-11EE-9ACF-4E8EE27A950C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "400287201" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045e8526c57639946b5b20d359be7ca6c0000000002000000000010660000000100002000000088d206a9ac778e11fdd01f20f0b323dff3869bb300b6d75ffc7fc00c5da8f3cd000000000e8000000002000020000000655d150e5214bbf277b459cd715232c1cf7bf1505c839d18597c324f63972089200000005f45c11f51ae5105ab6c0bd7a042c0080d8430e43769ec96044e76333d502aa3400000005a1ba2bc13190cd35f30688fac8b246c5e4937d1cba39bc8da9017063f93db2ac89d7cc784c0a5850693b0d4181e9865fb90bb42788185edd358137a09f838c9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045e8526c57639946b5b20d359be7ca6c00000000020000000000106600000001000020000000d27e60019174fe64993bc5e17b58e333d2aeb15b9d9ead8464af49d66170aaf1000000000e8000000002000020000000d74aa8c99f130687726294a5ceba5458ca51b3c2e68702e7d5ca36fee7d7fc6b20000000e18abb3aa526f2290f9884de139f97ef5c4e69b756f48f96997a69c577783f924000000017ddca6708c1b3b427f7a37697091fe13b89b34a9480a3cd8bebe94a714af9a1e8c8097d6509e5a4a45bc8f2a0e679f8eba1f53fef4f69fd9a0d1015c11d5606 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3028379c5ddcd901 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Secured Shared eDocument.shtml.html"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 poppavimrockdreams.com udp
US 95.214.24.232:443 poppavimrockdreams.com tcp
US 95.214.24.232:443 poppavimrockdreams.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 232.24.214.95.in-addr.arpa udp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5YZJSVZG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2023-09-13 22:00

Reported

2023-09-13 22:03

Platform

macos-20230831-en

Max time kernel

125s

Max time network

141s

Command Line

[/usr/sbin/spctl --test-devid-status]

Signatures

N/A

Processes

/usr/sbin/spctl

[/usr/sbin/spctl --test-devid-status]

/usr/bin/syslog

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Secured Shared eDocument.shtml.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Secured Shared eDocument.shtml.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Secured Shared eDocument.shtml.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Secured Shared eDocument.shtml.html]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Secured Shared eDocument.shtml.html]

/bin/zsh

[/bin/zsh -c /Users/run/Secured Shared eDocument.shtml.html]

/bin/zsh

[/bin/zsh -c /Users/run/Secured Shared eDocument.shtml.html]

/Users/run/Secured

[/Users/run/Secured Shared eDocument.shtml.html]

/Users/run/Secured

[/Users/run/Secured Shared eDocument.shtml.html]

/sbin/mount_msdos

[/sbin/mount_msdos -o perm -o nobrowse /dev/disk1s1 /Volumes/firmwaresyncd.00EPp1]

/sbin/kextload

[/sbin/kextload /System/Library/Extensions/msdosfs.kext]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.vrCD0vwhm8/m/Google Chrome.app/ /Applications/Google Chrome.app]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.vrCD0vwhm8/m/Google Chrome.app/ /Applications/Google Chrome.app]

/bin/rm

[rm -f /Applications/Google Chrome.app/.want_full_installer]

/bin/rm

[rm -f /Applications/Google Chrome.app/.want_full_installer]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister

[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister

[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin

[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin

[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]

/bin/ps

[ps -ewwo comm=]

/bin/ps

[ps -ewwo comm=]

/usr/bin/grep

[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]

/usr/bin/grep

[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]

/usr/bin/cut

[cut -c 1-108]

/usr/bin/cut

[cut -c 1-108]

/usr/sbin/lsof

[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]

/usr/sbin/lsof

[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]

/bin/rm

[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]

/bin/rm

[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]

/usr/sbin/chown

[chown -Rh root:wheel /Applications/Google Chrome.app]

/usr/sbin/chown

[chown -Rh root:wheel /Applications/Google Chrome.app]

/bin/chmod

[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]

/bin/chmod

[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]

/usr/bin/find

[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]

/usr/bin/find

[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/bin/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/bin/chmod

[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]

/usr/bin/xattr

[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]

/usr/bin/xattr

[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]

/usr/bin/hdiutil

[/usr/bin/hdiutil detach /tmp/KSInstallAction.vrCD0vwhm8/m]

/sbin/umount

[/sbin/umount /private/tmp/KSInstallAction.vrCD0vwhm8/m]

/sbin/umount

[/sbin/umount /private/tmp/KSInstallAction.vrCD0vwhm8/m]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoteagent]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 500]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.40AFE5B5-B16C-4F27-9273-8BACFD6E8F1D 768]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PressAndHold 400]

/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension

[/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.00FE62F2-FF43-46C5-9DC3-70DAA64F421F 768]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.25:443 tcp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
NL 142.251.39.110:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cds.apple.com udp
DE 17.253.79.202:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 api2.smoot.apple.com udp
DE 3.73.173.154:443 api2.smoot.apple.com tcp
US 8.8.8.8:53 gateway.fe.apple-dns.net udp

Files

/Library/Google/GoogleSoftwareUpdate/TicketStore/.dat.nosync02ce.D52PJ7

MD5 89b8d39274ab843763802b1bab057355
SHA1 ecbd29c0aecef8dde1d3c63d24fcf0c52ada6f4b
SHA256 ce282b49b174defe931185ce29d236a9a9abcd635591e9b190287aa58ae18a49
SHA512 6e2ed7f0a1111dd6d80e0a7c770e7d187e607ee04108d057e45e1fbaf9f361f6f03cc13a04fa193e8044745ce4c3ddba8a27a9345419de2f3aca4a84f0f4d6cb

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db_

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db_

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist

MD5 99707b6e8b1daa434de2a176a458f85c
SHA1 96324f62483dd7ac8683d1850d694bb900eb3419
SHA256 f282d8a52bfdcd208792a47c074e59a1e16d627d53094e11fc73e595aec7ddad
SHA512 e8018018f91a5ce5c418f5c6445dc11a44b40aa6f619958d496b18507b3fe309415bf9ab293e9c7c0b3e4ba109213d0216d39c0304a7bc3cce301db0a729430c

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/AutoFillQuirks.plist

MD5 b70afef08b4790f68c3f25c8c73f14f3
SHA1 34311cabb70225703f4fdb2e30c723d13ce5b26c
SHA256 6dd73c06353cdace31d631cbbdb4807aea8da2fb44bd3820891c12ff91b3ac98
SHA512 01e642311e8cfc8a30ecefa164fbab3cd29c4b40d6e8e9ee01f277d90203ce301be12470019bcd196ef233841b051106e2c83647a635c42cea686ec709f297e0

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist

MD5 0c29425555c7ff0ca114b1fd0dc39c50
SHA1 d7d808e8be92462f4c3ceba66734f0e9bb26acdd
SHA256 52826afeec974bb7bacb85bdc01dc4f23bf917d65e04773d7cad393f7866f3fd
SHA512 d9c8364a85f4b4a96caac1409f32f9d6b2f8ae19201e0abd2d449a3eedadd471e99e44bc92deb5d8fb60287da64a88e61b45f759e7b9a383a9bbe5f5fd242f95

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist

MD5 cdc65b5f112547eafae0f16f9c149426
SHA1 aeaf9908a5b6ff3e2f7b738abf5fe9e79108ba01
SHA256 1c6d085d871a855ce4a3902bab4b9b92631b8ee8f0b7f6536768a2aaf427b45c
SHA512 e8b0e4ce6a760a718a19976d3cfe9063f04fb4bf179947aeca84e94c83f21459fb9dc0ffabea8f633bd2d0ba94fe1e15d8c97e9604fde8bd0dea961eb83bddb7

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

MD5 93819e284a9ac4275bd20daed259bcd0
SHA1 327c85f3801c58d385dd15049e99636dab467ffe
SHA256 958233fe3758059caba57eba5062420aca7041a9d62f1f0378a974cc19adc2e5
SHA512 dc8b514050d354d3b7dfc4504984e88a9efd0397c67776ccc78802b0f5e8a559dda0400399a53f1e5ac62fd66b615f5ba296ed67859b388e543a55ee43fcc75a