Malware Analysis Report

2025-08-11 02:19

Sample ID 240306-y222dage53
Target Install Parallels Desktop.dmg
SHA256 2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66
Tags
evasion discovery
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66

Threat Level: Likely benign

The file Install Parallels Desktop.dmg was found to be: Likely benign.

Malicious Activity Summary

evasion discovery

Resource Forking

File and Directory Discovery.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-06 20:17

Signatures

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:35

Platform

macos-20240214-en

Max time kernel

136s

Max time network

139s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 de8229c4d147d3023070941bc9a70787
SHA1 2c0a1d9d75794a81ea48e170b1d11b9dda9aa217
SHA256 c22a94df916618f26131ec8652071a464e03bb8d32d4a3f22843f1cd54df9df3
SHA512 4a9e4a9d99f956fd14096b66cd4fe6975e44a97f35426edaa383eecd142d36bd3247286ba15301301f44c2bfbb78a6f1db21192825eb072581e00969f2fa6f34

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 52ef57acdaa153c35594e46bde4fe42c
SHA1 c2a5b1748aa61c311b670ef319d92663e3f92b00
SHA256 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a
SHA512 defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:21

Platform

macos-20240214-en

Max time kernel

210s

Max time network

210s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]

Signatures

File and Directory Discovery.

discovery
Description Indicator Process Target
N/A basename "/Volumes/Google Chrome/.keystone_install" N/A N/A

Resource Forking

evasion
Description Indicator Process Target
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A
N/A /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2 N/A N/A
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53 N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53 -post-exec 4 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2 N/A N/A
N/A /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2 N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputMenuAgent]

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent

[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputSwitcher]

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher

[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.google.Chrome.3056]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/run/Library/Application Support/Google/Chrome/Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake-all --system --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2]

/Users/run/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Users/run/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake-all --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=4]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake --system --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=4]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/Helpers/launcher --internal]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update-internal --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=26]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=26]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=26]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=327037590 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=60]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=327086921 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=60]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=332670547 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=70]

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=9 --launch-time-ticks=340372373 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=64]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=64]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]

/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=96]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=106]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=112]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=112]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=112]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]

/usr/bin/hdiutil

[/usr/bin/hdiutil attach /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.8104qg/GoogleChrome-122.0.6261.111.dmg -plist -nobrowse -readonly]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53 -post-exec 4]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2]

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs

[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2]

/sbin/mount

[/sbin/mount -t hfs -o -u=99,-g=99,-m=755,nodev,noowners,nosuid,rdonly,nobrowse /dev/disk4s2 /Volumes/Google Chrome]

/sbin/mount_hfs

[/sbin/mount_hfs -u 99 -g 99 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o nobrowse /dev/disk4s2 /Volumes/Google Chrome]

/Volumes/Google Chrome/.keystone_install

[/Volumes/Google Chrome/.keystone_install /Volumes/Google Chrome /Applications/Google Chrome.app 101.0.4951.54]

/usr/bin/basename

[basename /Volumes/Google Chrome/.keystone_install]

/usr/bin/defaults

[defaults read /Volumes/Google Chrome/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Volumes/Google Chrome/Google Chrome.app/Contents/Info KSVersion]

/usr/bin/defaults

[defaults read /Volumes/Google Chrome/Google Chrome.app/Contents/Info KSProductID]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[ksadmin --ksadmin-version]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]

/usr/bin/defaults

[defaults read /Applications/Google Chrome.app/Contents/Info KSBrandID]

/bin/mkdir

[mkdir -p /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions]

/usr/bin/rsync

[rsync --ignore-times --links --perms --recursive --times --delete-before /Volumes/Google Chrome/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/122.0.6261.111/ /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/122.0.6261.111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]

Network

Country Destination Domain Proto
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
GB 104.91.71.135:443 a1366.dscapi6.akamai.net tcp
US 8.8.4.4:443 dns.google udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 142.250.178.10:443 optimizationguide-pa.googleapis.com tcp
GB 142.250.178.10:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:443 dns.google udp
GB 142.250.180.3:443 update.googleapis.com tcp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.73.25:443 mobile.events.data.trafficmanager.net tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 fcb4024c6dc53a5b72c492fd960762d7
SHA1 82c43024d9e274bf2b8a5d1e505d65cf3873fb92
SHA256 5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6
SHA512 5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b

/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 6487e04972ecffd0aabf7b61bdda8119
SHA1 26f0b11a2529a35f6970a914deadfcf2e2d23286
SHA256 241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172
SHA512 44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae

/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb

MD5 61a867b6e4a24cfcfd32ddef25ac3229
SHA1 87cc4516fbce1700174d8ea27c9d2cb70a60a1fd
SHA256 9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5
SHA512 3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc

/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 b5db1f091948de93d7fc96e14aef6da3
SHA1 74745f991e3dfe45037366e55c2e6df47d8e6593
SHA256 b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e
SHA512 d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34

/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 b47a44bdd1b765b6af56b347447fd1b7
SHA1 8599a1870656af91e432bb35e3497863e34ddfbb
SHA256 79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06
SHA512 bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0

/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 e0f65ad85a40a32fa91e551005e193ce
SHA1 a145766d5df23ae5fcd23dbb6937606f280f3502
SHA256 18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8
SHA512 bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425

/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.32.0/Ruleset Data

MD5 132df2b999906be7b21cc21bc247b068
SHA1 0665be201a96e717410a4e61a263bb879b3f08d4
SHA256 fed1557c8b4e40813114db3b546c043105892dd0895c4d7c02d45a8be351173a
SHA512 6764c8a425cd010a67a4636f812d43e63bb0815943e9839cf9fa35f3e5f9ba52309ed842306dcffe32a72e7019cb0c28e1d402dfc22dca0603a0cd48d6a26451

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/87f101ae-9b53-4b4a-905e-f586b1d2bfc5/model.tflite

MD5 6d7c2f9e94664539dec99b3233301b01
SHA1 85812b004742cc1c211c92911131ce270f8ba769
SHA256 a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534
SHA512 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 0cb25d5dcee81992bc12670ea1d090b9
SHA1 38b81d83524fb8a55a60ce5eb7380085c83a00b3
SHA256 ea232a3aed46d311968c502cf38bb07f33f3941af4f50d0b5a15ac4d8ae0c865
SHA512 342a9d83c90f691960750c72b52a894fef29325eb2891cc147f215166f99c766d91da3e41c80cb365fbda2bb61d40be8f00960f9a5b47437f8f84cb5ecda549b

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.XJeIGK/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENGB500000_j4ulfqgydb3iosc4yghs2ynkzq.crx3

MD5 4fa818629f7aa7a42f048e08dfb7f3bb
SHA1 4e1bff38aa1adcedd8b719110a19d9795a054b04
SHA256 8069f8805123f74944304604381770bb694317c9e1044e096f540222dc56c0f6
SHA512 ebbd49bf7030d9c6fd81b9bef122bbc910815fb68108f0e69bbf8beb6cd692b496f87dc1c91a4952d92579bdf734e6cf56d0e91e5c3c72e2d0c196b28e090003

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.2CQNFy/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3

MD5 2db7e78c310ca8e73c069a604eac4d99
SHA1 a6d1e03514f8eba03ab81f1380fc54aaded823b6
SHA256 cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85
SHA512 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data

MD5 c5e30274fe7b93847f6d7c02410d1209
SHA1 488a49f38459f29e110c706c51b61ca1ae3b0e26
SHA256 e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea
SHA512 bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Zcki6z/khaoiebndkojlmppeemjhbpbandiljpe_63_mac_acj4pge7wnngtgdmbzd4p5k36luq.crx3

MD5 dd093ee4be8228581afa24a12c4ff5ae
SHA1 744b07f0920111293fd8614a8c08b91a7a9fbd51
SHA256 458d41f9ddcf8cb983af99e4765c6653d1e70a30d15491f5b1cbee0ce4b07907
SHA512 4fc4a8453804b44d9e2bc54c01fa68e7b69a21a2ff0da8bc73386bd94ac9b173fa84f26fa801e13e384ac2842e44c69ea9443e509418ebe385ebea1df3ec205d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.dfVcfw/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3

MD5 91e1255f92fc76b16509bbd174a992b5
SHA1 44cbc6b7b60470149850d375f2e2ae95cf1c012b
SHA256 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744
SHA512 ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rF9q6Y/lmelglejhemejginpboagddgdfbepgmp_436_all_ZZ_ad4jy6rshuti5xmhmf3qw4tyig6a.crx3

MD5 890532879ec821a6eefad7eec0e52e32
SHA1 79ee11906a3bda1eb78d553729b9256de34e9c91
SHA256 08e537cf045b43746488f2574b7b0b80add005f2cf6a4e690906e41b95c11591
SHA512 8d92a443f7ba77bc046010f67d8230cdd0805f81ddce83b07a2bd1dc2a395c3a2b3a16ade5532b404bc69ed2420edd0d04e8d8b4f7e66915c369416b0ebfeb90

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.txfZf5/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

MD5 39fbc1bf4c6c8f919181e3e72630f974
SHA1 b73f2394a2c1ac341df75ba63eef4e5e9830fade
SHA256 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96
SHA512 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.to0aB1/hfnkpimlhhgieaddgfemjhofmfblmnib_8581_all_adig6ljm6e4acuc56bfhzvaainka.crx3

MD5 6a4090c9559ab5ab8f3cca8c20931f77
SHA1 6c4c4795a141503bbb8bcdd90b4c1e7731a4c6d6
SHA256 c6c0f4669a3e64afd73baa4b8f864984b1d8aef503fbd9df55a628aaff777f1e
SHA512 b3f7e09a6cd884b29b803882c8f47c0601a0176919837cdafbbf440f85c1f3765825671424cf3c15a5fc3eaf89cd55ef07124e80a248a75ad7b3db8d0b786860

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.OHSrCr/jflookgnkcckhobaglndicnbbgbonegd_3021_all_dtg3voljl7zpu32w754gs43oj4.crx3

MD5 b8c6f609e10c1b657e6d1d09c0089ada
SHA1 4f9a4478920dc673a2880e7d117626ba13cdbbec
SHA256 27a39389f56a35f783139f8ed62da6fca48e48e255a09d39bb5e5b4bc3adc6ad
SHA512 a671bf5a288d1136fec1ce1662348cce6a9e5609f843938c924bce32643494d4f7848fdf2326a5e4c351a761f2714744bb5b111a675d822ab1486f9a7d1b935f

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.mGDsgI/efniojlnjndmcbiieegkicadnoecjjef_886_all_ac4ikrfwladxrhhzet7wblpcbolq.crx3

MD5 811ddd83c92fdebb7ac61c3e64fd849e
SHA1 93b57f87fcd0608cb7d98b526c93c16b39947f50
SHA256 7de21ebfaf309be79592e240ca1263052d1c2f5718711cc0f02c5e4bb47a755d
SHA512 077921c08d02e8b72b07b0b809b5f48931116d5d25af5ac72e013ba76cf32d1982490e9743bf23c111104a4ab2bc910d9500cc1cdee8695f79d6281a18b0614e

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Os35ut/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

MD5 cb79d407a4d6d8526b42060b9210b5c2
SHA1 331e3d66e82e130042897faf86dcbd05d7b227f1
SHA256 e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165
SHA512 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.ZFHpqG/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3

MD5 667e9eec04509aa9e2b318f580addd8c
SHA1 346267ecad10c54de52a3aeb766ea72449500326
SHA256 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f
SHA512 a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917

/var/log/fsck_hfs.log

MD5 7e514fc0c78477f4e53ebf36ae535805
SHA1 d880bfbe24031323b192620a5adc7edf2c4963b4
SHA256 8ce931a452604a0f4baa72f52ab83eb1fd9c648ad6bb6b2729f729a2fe095f10
SHA512 91e02e8d0d30a63ea4b240cfcdeef9d0aac9ab83b1e5839affa57ce06afb764b2b62816a5ddbad910dfdfc24cf481fcbb378626840d44f4f4c528d71c8150271

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.CCVOiv/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3

MD5 a40c655b337e082c76b6ab04042b7ae0
SHA1 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8
SHA256 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff
SHA512 fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.DfJSZT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3

MD5 a125f78004f07a32f35880a4bb9bb71f
SHA1 9744a42cf7e5527591119d1f866651dcbd2c8b47
SHA256 3f30e7e514f47d37a0121c801ad2c026738b09e2d9819b65802d41bfb88b9500
SHA512 5698a8c1d002ca06085b5b5239a66f2d52107d298a9276d0e35b16e2a6da8f0ff8ef750f8ba30cb04f42319fac93ce047292168bae777b2f8fdd7485dbec6a4d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.DfJSZT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3

MD5 0fa505d26fd906c645e60aa05f12af36
SHA1 ecb1def63dba6d475dcd61c4d3a6938855e6f24a
SHA256 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2
SHA512 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00

/Users/run/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite

MD5 a9803d560544e4d1fe551b2c113c5370
SHA1 a998fdb1e80dbca61267db112812a7ee34b82dce
SHA256 d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72
SHA512 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rmHJb0/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 2b16fd14af9a2e78513bd0ce71da8f0a
SHA1 1870c0e684081f5dffddd5f73e71310964553485
SHA256 7a722a4733bea9acca001fa0b36afa09c7e01ac40f55f4fe294bee578b9416b8
SHA512 350aadb17afb6a7c4eed3c7192c75b91652e54765c14e24d08372dbea0b00da801cacbd11a865abb95534d33ca78d471584067aa3e1b2452c27b6ccf558b9af0

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rmHJb0/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 d31e8bcf0cc30c4da8eee8e3df5bbde7
SHA1 c54c5edc10fbedb192b7e1b1c34eb01a06dc495e
SHA256 58437f320d7bff6d56b1e5f0fb769cfaa3842b225c7a33544f98ee3ff176a9bc
SHA512 73f54fccd6fdb8009e71bee61e613fffb765a15c37245ab86162d4f93fca175d776fe78427fb00192ac7146c7d719e17b48ac184408e88837c193b639f15034a

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rmHJb0/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 8303ad9de69ff2a0b2b587c963c4d2a7
SHA1 4e38d913269d6c2422db4715186669aa27f67a49
SHA256 1453e60c299dd0339489ddcf292bda2e09b3adb2aa3117f2354f6193fa1279c3
SHA512 88f9b8e34673cfe37bef077d41b6d72993955b86b6045d245584617eb0f3fcc3a02e030852c07e97147a85fe0e749e83d309d91095455290f919888ee7997cec

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Jq4Wf8/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.02.28.00_all_okdreulebf3763j45vyqf2d6iq.crx3

MD5 cf344985cff8043f763eae0026a30948
SHA1 aa973264711b3ee3f812056adc37129d2892cdb8
SHA256 20a91a5eb86297ff83ed0537872c9c1dc389687f7616485cd4e2ff7b02fe125f
SHA512 4caa44d856b51e39a03a8223dd324d6a98361018194331fbe3882a71bd653f070b70d57ded9fae54acfc894178099bf820f5d83ac8d28b0b950772441e32d21b

Analysis: behavioral12

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:31

Platform

macos-20240214-en

Max time kernel

139s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

Network

Country Destination Domain Proto
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 0eecce9726bfc95e4e0ff77826858980
SHA1 980b31fae1608aa0972d1b68f533677073d6028e
SHA256 12204612e044306649cf3b8e691a272bc94939044e54761565a57aa7b203cdc2
SHA512 01cb0efd93387b54c3a45c28c72fcbc90f91e491e3f29dde5fbc7a68a5ff32ba5d663bb24c728f2d8e320520e23b89f57bbc1e53908023f5ff4b1a9bb8ff52e4

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral14

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:32

Platform

macos-20240214-en

Max time kernel

144s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
GB 104.77.160.219:443 bag.itunes.apple.com.edgesuite.net tcp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
FR 40.79.150.120:443 onedscolprdfrc02.francecentral.cloudapp.azure.com tcp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 26-courier.push.apple.com udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 52ef57acdaa153c35594e46bde4fe42c
SHA1 c2a5b1748aa61c311b670ef319d92663e3f92b00
SHA256 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a
SHA512 defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 9bbf4b7784ed189f71df8769f9614fb9
SHA1 4fd93dd7e9ec5e50849d5c3a30b4c31f21a99c38
SHA256 26e3048c4d58226c6c6035408ae57293df7074118e9c7b30985a9e9fb71798b4
SHA512 2c0fd4bd986b767cd79b492056c72219aba9ad14bf3fbd68d1f9541a37a5ac657d0189c441a027212ae30d516b431535ae349b159e3ab574455f07a738057c1a

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral16

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:33

Platform

macos-20240214-en

Max time kernel

53s

Max time network

132s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/usr/libexec/neagent

[/usr/libexec/neagent]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 4097767b156473452b29f28707116638
SHA1 338dea2005c669cdb9d8a7840d1ea11246256f7a
SHA256 95bb7973b19d5c17fc985ef23608a75b2611143862854c5eef59ed8612b5969c
SHA512 7106d233cf75bf7853d665b241f6229dba4a431efa9a51bd43868834f88e7888e621055e89e788c80a7bf3cc4f8d4c16f0e9596beda701694b1822816832b82f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral17

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:33

Platform

macos-20240214-en

Max time kernel

148s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

Network

Country Destination Domain Proto
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 23.200.147.24:443 tcp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 13-courier.push.apple.com udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 17.57.172.5:443 tcp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ecd1a161d0b14f7c3d20342e8e7ff583
SHA1 5b5cda33f7e88cb7f97fa248e1b9bdfae4467115
SHA256 931ae3b154007e06a25baae04308d66af6a6f4383714c175219a8de728c55910
SHA512 c50aa949f1584ca9d0dee8d9c8e14afe06f6a2e9ae82db3e4453367f9b9ec8462380392cc118a17e6c999b4dbd3150b20cbb306078afd80effd8054140dbf129

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral28

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:39

Platform

macos-20240214-en

Max time kernel

145s

Max time network

142s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

Network

Country Destination Domain Proto
GB 17.57.146.152:5223 tcp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
GB 17.57.146.8:5223 10-courier.push.apple.com tcp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 a67fdfcb8fd71c9c075f1bd2519f785e
SHA1 a684106163f7e05d6b9bb40b9d4b6cb1cf0562cc
SHA256 81ad4c9ead945fcccb662203a541b50fd14c5b579291da192a001fdb89627e7e
SHA512 116df37ed0cebfa56ad4651e5c36190d7d25437f2dd47d1d7ef3385efddcdade2810bc3742c8fcd17feef981c1310ce472b850eb9cd5907dcbb94535202b38df

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral22

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:36

Platform

macos-20240214-en

Max time kernel

136s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
GB 17.57.146.152:5223 tcp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 151.101.3.6:443 apis.apple.map.fastly.net tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 0e1265d39020abbbd22ec00c75471b91
SHA1 9ca469610bb8a30ab21d30a7dcc79bcde3a2240a
SHA256 cc07e88d7f7ccd6ce2a10e1b27a9972858d409a3311ff66366a5771814103ef2
SHA512 91f363fc0f8caa6472b675dd941b698f31d4fc9a26375ce031e88f715f6a1047ee4d19a39cc4d08f9763397260e4f7eda65583898e269f70e4cae3094dc1671d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral25

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:38

Platform

macos-20240214-en

Max time kernel

148s

Max time network

158s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 96b234ecac198a6f063e440f437c6e98
SHA1 f2b70fc1292b77ea865da7bc55b9a89179be43b8
SHA256 b69e772942856f437ff19f27e9e4e12c4e82217e1ab023eb19ef597eec1506bc
SHA512 6576071d8a4e0a2a0fa8325d80ea4b5a66a4635168e16821e4f6816fe5cb5874e3375ab1ad8c4fc0da0114759c8246945c6c941b27ae3a9404791004d539cc8c

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral26

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:38

Platform

macos-20240214-en

Max time kernel

148s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
GB 17.253.77.202:80 valid.apple.com tcp
GB 17.253.77.202:80 valid.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ad6afe83e4abbbea148bb93a3c17855f
SHA1 e6a5afdfdb497cddd6279a70a4a828ee0c995ed5
SHA256 0f2a41171b47099cb0978777a3a269602dda1d2590dcd2fcecb7d55ce84711ce
SHA512 abd9c89912d1db4ba22466dce8350f4e15a7677ec6e9656020f79c836f62edc81164c12e598f053fe711819999d1dd878c45dd74e0038f8e37bf2a8c67dd217c

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 52ef57acdaa153c35594e46bde4fe42c
SHA1 c2a5b1748aa61c311b670ef319d92663e3f92b00
SHA256 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a
SHA512 defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:26

Platform

macos-20240214-en

Max time kernel

146s

Max time network

154s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 20.42.73.27:443 mobile.events.data.trafficmanager.net tcp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
GB 104.84.95.239:80 tcp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds-cdn.v.aaplimg.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 783172bca0778278de557b758901baec
SHA1 449da7b8bb68555033b87e7bca41ef83f15dfa8b
SHA256 0dedf4345b03c805346a2279c29e3897019fa9ad49e955e6acbbd7cbc226d798
SHA512 864606e0c50b1f93fa42ff6d4554d5a0c5ca1232b2cf897c4baf000cf34e73d90202d0123262ea6e6637ba4313f7d320813302e001965ef5b8aaaf19f6d567ea

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:27

Platform

macos-20240214-en

Max time kernel

150s

Max time network

151s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.37.220:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.150.120:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 17-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 16a15c7222b5f487f9e47219bec96c9e
SHA1 47bb4748ff46c6365fb2bf5b22ca60387b4f42bb
SHA256 9ae1d6f1888fc41b8d9c6315df10394ef187eb1f57ac0abe48c5606b3277463c
SHA512 41595eb4b33c09cf1d087977c2a49c14a2894083a4d73dc88a0c9532e6c6b546f872c7cec14a16f674ebd0137c04e690124b777e197677cb964eb9336745d919

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 2706ee0efdb6b9f30d49a3d5a3b591de
SHA1 84c1b63d869899b65974fb46ee547fd01c1c3958
SHA256 4e102c3ec646a43cbdcd584909e32d54a297764dfecea17aa1284db001934c17
SHA512 94c03724b0b7021fce10c222da76458c4fba6bb90f8cadec0a87dc641d476f0834ed8edba6cb9e97723c2c077bce0fbd7bfb60d6fb50170ae4145113defeda10

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 5b21a7d986c41307be285d416dcfbfd4
SHA1 99f5e69f60b6de45d6e2ef98b06d2a16b0b8dbc1
SHA256 32e02684c812ae318d21fd46c6b34bc663c8a36279535e4f01894c01ed04deb5
SHA512 f8003c0b2274fd15567bb629a44489cffddd2e45981345c64b4d2b35b78a4673046441660e496cb834ce13c25e130607cb948a273f9c1d08481c1bb92204429c

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 e1a2731d2779227cb8ba3246b800f972
SHA1 cd5117e844b427f981aeb36bbb75df352a17463f
SHA256 24a708b64adca4de41eeb36d4585b4d15f6cd6a881a20958004f7bebf8b8f96d
SHA512 e7f11f49e3b0b1695be1fd1c81b41de2a6cc877a65ba20637400250dc068398225e918c940212520c2d25337517ac13005775a115ede4ca82b901353a5c589b4

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:28

Platform

macos-20240214-en

Max time kernel

140s

Max time network

154s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 23-courier.push.apple.com udp
DE 17.253.79.202:80 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 23.200.147.27:443 tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
GB 17.253.77.202:80 valid.apple.com tcp
GB 17.253.77.202:80 valid.apple.com tcp
US 8.8.8.8:53 50-courier.push.apple.com udp
GB 17.253.77.202:80 valid.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.202:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
GB 17.253.77.202:80 valid.apple.com tcp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 40-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 d71f4857c3acf8b0e38fb713b348f033
SHA1 746202994791e188952094ee2f5a22e34f88fc31
SHA256 894830a8da2747419c17082c9db5449edf9c49287d35b7a99a15765e9125b411
SHA512 092216222faeb76ec04a4cd1d17eb5cf5364b3ce44c7cfb77918259da30dbf9cde3c47aac453b338c8a41ca9eef04e431d9606a28595c497ed56219c80b40b09

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral9

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:29

Platform

macos-20240214-en

Max time kernel

140s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 151.101.67.6:443 apis.apple.map.fastly.net tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 c10f9860e3491dec231c9c1d500f104f
SHA1 86e6087727a5ce0162495eb4731a226227fde941
SHA256 001a2f353976ee1bcfa13f4389d552fb58f6e27b8b9e8e24b439045a09eada06
SHA512 3856d9ed89ba9050f1db9a7669a9625162785008ebe068bbfcf18e5ab5be4782edb010ad85955c2ffb70c5f8c3edbfd91f67bd7d79f44b64a56e8936500f964c

Analysis: behavioral10

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:29

Platform

macos-20240214-en

Max time kernel

143s

Max time network

154s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 17.137.170.36:443 tcp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
GB 17.253.77.202:80 valid.apple.com tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.150.120:443 tcp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
DE 17.253.79.204:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 33-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 1a2c05e3fe640629bf441ff722dce7e2
SHA1 860bb26cd1f3de413395bf38b8b81e1e04ef5cd2
SHA256 aba143305390580c1620bf35f7fda69c6781b958f288bb6f08d24ac69d1ea0e2
SHA512 bda11b198ccc13a4bc4ec94fde6cf4298d3fa393cd280bf9a9093437f9ecd1780b71fec5f9102eb6deefbdc656c9b70137c9feda7c175537b8e87aabf6a2b80f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 16a15c7222b5f487f9e47219bec96c9e
SHA1 47bb4748ff46c6365fb2bf5b22ca60387b4f42bb
SHA256 9ae1d6f1888fc41b8d9c6315df10394ef187eb1f57ac0abe48c5606b3277463c
SHA512 41595eb4b33c09cf1d087977c2a49c14a2894083a4d73dc88a0c9532e6c6b546f872c7cec14a16f674ebd0137c04e690124b777e197677cb964eb9336745d919

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 c800220eddb9dc5bbc7fc89c36c6775e
SHA1 5df4ec1d9fc764050afbc916bcda61bd301a59f9
SHA256 c2e5c81425d44afb37c6a9c4da4aaba4321225b8a339e017f7ede592a39dbceb
SHA512 c9fb64b2c7d48a7ced8422d9b7f04a1dd7d8b880c7e94c338cc2e84af094a3539bc35740dce66b3d128db874177163c5bdac8abf5b29c625cb0c4b8851aaaafb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 5b21a7d986c41307be285d416dcfbfd4
SHA1 99f5e69f60b6de45d6e2ef98b06d2a16b0b8dbc1
SHA256 32e02684c812ae318d21fd46c6b34bc663c8a36279535e4f01894c01ed04deb5
SHA512 f8003c0b2274fd15567bb629a44489cffddd2e45981345c64b4d2b35b78a4673046441660e496cb834ce13c25e130607cb948a273f9c1d08481c1bb92204429c

Analysis: behavioral11

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:30

Platform

macos-20240214-en

Max time kernel

136s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 cd577b68f72baa33216c3fa0556e8307
SHA1 4d0a6f6758a63e188e06b500a868d5d9426050d6
SHA256 9189f6b471f1d63ac9ddd4e50214eab608774ca68fb31a1dc8a4410beaef1087
SHA512 0a9eabd6bc0d2c8852dcf36192e25fe716c75640298fb556ca5f7779f81cdc941c5fbbbba59bd435522e24a8630a89c23c1b953e9c262e06cd7453510090ab11

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral23

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:37

Platform

macos-20240214-en

Max time kernel

144s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf\"" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 8efbd5ae794b3421461829898611852f
SHA1 43fa9dadc758b76590cfec31a7612a1aff1620cf
SHA256 f96f9b223f5e1af854d28214a8a6c7ee197538c67658f993d8b134a5fb118f6a
SHA512 2b432692dd5624bf6520725f2b435a244fb907b8499041b13ecd35152b2f86960a285d7cd5ca10d135be101da81ff838d85c661b2c1223a51c6227774df81c7a

Analysis: behavioral24

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:37

Platform

macos-20240214-en

Max time kernel

139s

Max time network

154s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
FR 40.79.150.120:443 onedscolprdfrc02.francecentral.cloudapp.azure.com tcp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 27-courier.push.apple.com udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 33-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 52ef57acdaa153c35594e46bde4fe42c
SHA1 c2a5b1748aa61c311b670ef319d92663e3f92b00
SHA256 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a
SHA512 defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 3b21caadabcd0d50fd12cba24456999f
SHA1 8864347adde5196e2ae4da93b20075b11f2db45e
SHA256 13c74386e42d2693c8475afd6760a51f1e9fc674e61ba60dcaae6e819997aeba
SHA512 5ae18eb552bef6c4412bc9a1efc65d94ee9df8c49ace7adbffe24962b43a44b75eddea3d83f836db470e8b746f0b8b7fe5e50e97864d267a1b98f756d7389421

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral27

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:37

Platform

macos-20240214-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 17.57.146.152:5223 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:20

Platform

macos-20240214-en

Max time kernel

134s

Max time network

146s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
GB 17.57.146.152:5223 tcp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
GB 104.91.71.139:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 51954ef7112b2409b289f603b5f9002b
SHA1 96b4701eaa7e217c40cfce02c01cced429d1257c
SHA256 553bea0ffd610595c021ef05878c4f676932553c165767920eacb7f3c307a75f
SHA512 6c7d52b9a8ccb4a0f49a33f22c3186dd2a3e7a1c9c74ff8b68d45b6e2adb0c4ebf7fb80d0abcdae97cdff409f9a9f1a4e71f6864081195d563832f152856cda9

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:24

Platform

macos-20240214-en

Max time kernel

150s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

Network

Country Destination Domain Proto
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 151.101.67.6:443 apis.apple.map.fastly.net tcp
GB 17.253.77.204:443 gsp-ssl.ls.apple.com tcp
GB 104.91.71.71:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 50-courier.push.apple.com udp
GB 104.84.95.239:80 tcp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 02ee0ff98412172313662731ccedb068
SHA1 75a0a2b5f2614ab00792032dee4f2c07970e98f3
SHA256 a11ab89ca2123066e53147645088ec4efbd0de0c4130b7f1327ab267bd6b0672
SHA512 6ef7e53f63af1630140c09716f58ed571b0a94872d4c8000bbdf5af86ccd4e7cd82e9f939e63f874bbcf9bddf933a66b59190ea8e45dea0e1104f987ce3cbf9c

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 663c8d7e566ea990cce859ef481207ba
SHA1 ae984c1023eb533822742892ec5f0ddb5991b7e4
SHA256 150a02ff90e0f23641a0acd2a91af8c70e9acc17ab1a64fd117c411ddc2f033a
SHA512 69732a76eba985eab3a774029765b0a0fb23d8c9185f87b313612d7cc9067fbf4b8213833ec203a4e0fdd4ddc424b9d609541598c20fd7fb8516d71adc526c4e

Analysis: behavioral15

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:32

Platform

macos-20240214-en

Max time kernel

150s

Max time network

154s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf\"" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
IE 17.57.146.87:5223 4-courier.push.apple.com tcp
IE 17.57.146.88:5223 4-courier.push.apple.com tcp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
GB 17.57.146.8:5223 28-courier.push.apple.com tcp
US 8.8.8.8:53 14-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 03aa7703ffc2fb709cbe6a5036590a63
SHA1 7888457df1181bbe4894f2d92eeb881ce4b3a229
SHA256 cf9bcd545bf211e0ab2a0e9e85e26452858cd9e19a937ba1e102fd18176a3104
SHA512 9fa8061144dad5662779dcaf4e0e8900f99cf67f58f037a76524307b956d74ad1fbfc9b9d44246fc0245c967e6d502f57d9dc717bfd2c4b6aa3764f034a6b1cb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:25

Platform

macos-20240214-en

Max time kernel

150s

Max time network

154s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 14-courier.push.apple.com udp
GB 17.57.146.155:5223 14-courier.push.apple.com tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 23.200.147.24:443 tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 25-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 6dd182304d3e8b7f10384682587db222
SHA1 d09f84171e128ef11fa3938323e59682a70416cf
SHA256 6f0df293ff13daf7ec0ebb7e16c2b0e1e54788a770a79df2ede194dbbf05b993
SHA512 3bd709fe5934ac0bc7386ff15af15ca110ed6b8a07d48139b1623e3e56778ba9fe8f450752ab7e859574242acaf06c9b514ac5c8135a4641e7e4a65f0bbe5d72

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral13

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:32

Platform

macos-20240214-en

Max time kernel

149s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 gb-courier-4.push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 14ed232299ee3ae5c671776d6ce040ec
SHA1 a6cc8329e5a77b5a3efb5cf14b0086b79556cc98
SHA256 edcc4470003fde92b0dd59011bc43b51ed85c80b120c7ab5a24a9599f3cda14d
SHA512 6967eef1513a968b0fbfe283ccf0f4532d3159c54cdee7de287fef07f3e5a9668ec63596cef4e8c01fc2ed51ad4c6c5250cefb7c736173d9c8290c524699779b

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:23

Platform

macos-20240214-en

Max time kernel

149s

Max time network

164s

Command Line

[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app]

/bin/zsh

[/bin/zsh -c open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app]

/usr/bin/open

[open /Volumes/Install Parallels Desktop/Install Parallels Desktop.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.parallels.webinstaller.2300]

/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop

[/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 download.parallels.com udp
US 104.18.170.3:443 download.parallels.com tcp
US 8.8.8.8:53 reportus.parallels.com udp
US 104.18.171.3:443 reportus.parallels.com tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
GB 17.57.146.12:5223 22-courier.push.apple.com tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.168.117.170:443 mobile.events.data.trafficmanager.net tcp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c1580c79e4dbd627830b5861a263c9d0
SHA1 53a0798d08e1aaefebc6258f3aae79a04aaa04f8
SHA256 087394f9689b685502124836be985033f916690ae1cd791f0195095e178c3488
SHA512 40c7eab3252e5c6572d7b7a883898620e73526b217f94c957b04598b7e051d401213d78de0887da5cb59d98e27727628fbf4634f24e935eeaca1d6ab2ad3a4eb

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 8e7d9c15279a26ab2d534991cc4f8465
SHA1 67787267d216dff8e53b2a7b350f2861a0184f0e
SHA256 663c3ec6d54b0eb2b6f0ce1b563a07a02b1838b69a0ddcf90ac1687de43172db
SHA512 5c58c5eb8fa251d5a6d1e269d4664d48dfdc05f725b3d5f332c67e11b696f6f544cd402420888fb159fab54fc62bce69b75087ea1e7f469fc5f5001c9c5eeecb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 da2dab30fe7b8fc191da9744cdf54802
SHA1 e5842ae451adcad6174de79dfaac125b530441e2
SHA256 3416fa0f33707323c3897a19b5392cc0f6659cf48d3858b7741e7ae4f20cf1ac
SHA512 74358ca08b015f4d89d612d85252e641214ab21d78ed65660954de6c284cac202ff71d7cb671126eab6d6b6dd213a9a0b6de29828c1531a29f9c30c76608aec5

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 b76f1f2942e291966738c96a3c76193a
SHA1 5390346748d3c6546be941b5cb00a06ef235b447
SHA256 306bfecb0d36a720b2d44e804bc2184cab844d300b5fd1d236d580782d16d2fc
SHA512 020442b5fb43d6e4366a1c89495f951e03ca9114049d936d97be0bd13ef0f085a9a139ad0a818760b2c1e1d6e3ccaf3260fdd3a9aac648618152bf247c8a2c9c

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 899ab0f9698f12a52e86758a26413fe0
SHA1 9ff89976666aa9c816a155ec93de5c44ae1c3499
SHA256 d880e375a64eef6174fcdd989ed8fab8539fbacd9ebbceea058b6a7b4df8fe03
SHA512 a9cf806a37f76ff4e387de3a46a2bfc5457db77324d832f647b786056ab0023e944f2f43f68f3be5bdf0da2b62350964b3cfc39a79da751f6d744ac975d46eb7

Analysis: behavioral20

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:35

Platform

macos-20240214-en

Max time kernel

143s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 39-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.77.203:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 f4fcb1fc65cfa2d39fbbb644badacaa5
SHA1 4c71b873f334aeb508d691bbcd68eacbe18fa9b4
SHA256 dad56911e99547b43f77b5954b4cac44fc024d7bf6e11470eb749a34c6204f31
SHA512 0c36d0c22a6b6f97ca19af1e2f70a0c94cb5a67bab1bf98336f5486e4cefc93b0f3dcb15ebf8a71cc65ac5eab37f321d7eba9d19ff6cc8708bfca4a45feb8d3b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 b3e0783929679c7efbfcadf4274dc952
SHA1 feaee6dcb2a1af2c9ad07278573cf8e238f7fc7e
SHA256 770c6166698ec68f7e7ef1da9a10eb4b42c84e1f3a4f258c2474ca024a5f4c50
SHA512 fbf9acc54a51945389422f42f9a70fb41c8a7cf4a4381aa125b5454de82b112bae6361ef5a196baf5f7fb162a7b11953f3ea961e0494d0a81bd8837606383ed2

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral18

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:34

Platform

macos-20240214-en

Max time kernel

88s

Max time network

158s

Command Line

[xpcproxy com.apple.nsurlstoraged]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged]

/usr/libexec/dmd

[/usr/libexec/dmd]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

Network

Country Destination Domain Proto
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 3-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
DE 17.253.79.204:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 992970083316c1c47a445a1e0f42c959
SHA1 7e8b1e86097a6fb3a41395082ba4c736a1d262b1
SHA256 54fe2616a5b4a92b1ddf75b30ecf82a4b8d0b3724cbfef3e75c77d805c525147
SHA512 d311c247519c2fe66f0fffa1cb1d085e313ed4e2f4e58222e2bfec23032e1c8d43ac7281c398281df0a2ef51d638c8e85fd4ea82caadeae1fbb78c3a54a3f71f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 64442775f7a11fc090f88988c8c46b5c
SHA1 3baab3554a4522c137adaf1a3a21f8323ea4048c
SHA256 cebb23cd23883fefce23c47ea5d3f48740973c40f9502f79f8f36141af5b891e
SHA512 b7795ae967a024e3807d709e879e95688a2bea838d36a42f7377ddb83c81d1b20c506971feb0bd3d7eba3e1ede04bbbb6126cb50f8d1a28cdf18aeb0d2e7651b

Analysis: behavioral19

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:34

Platform

macos-20240214-en

Max time kernel

102s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 602e03ff57a5a8ae5860e0f9bbae247b
SHA1 0f226aa6a2145d2a3d051cd334c4396842a9ab0b
SHA256 d8cd750d7f1a1e09325b3743cd59068330271a9be4e6f2b854b355c6a3f2ca3f
SHA512 eb8213f2a147d7b7ac3ccd1c227aee1f5e803626489ea7881c06455f728045c98bb805bfc0af0833cd6b045c78ac9433b5f85d6983634e804e48811cc4e8676d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 41531bfeb1fcaa0616c0cac52bb384d3
SHA1 4c17da98d22bc143f3ce373027ed8c9088a1d35d
SHA256 e011a72bbc74022b95a19b372a056dea8fc8a79528ec31ce0187a0192460c842
SHA512 20ce2edfe1860d8d79350ba8646ec6cf269aaba05f144fd57388c06ddb7db2e8248729c6775932400e3cd07759b4bf99a41bc3b83f17601814214239eb274325

Analysis: behavioral29

Detonation Overview

Submitted

2024-03-06 20:17

Reported

2024-03-06 20:40

Platform

macos-20240214-en

Max time kernel

87s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

Network

Country Destination Domain Proto
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 151.101.67.6:443 apis.apple.map.fastly.net tcp
US 151.101.131.6:443 apis.apple.map.fastly.net tcp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 50-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.141.154:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 6f0c00a8cc304649a1367a9a1b0aed31
SHA1 ccd889e628d60a327600676a578f852109139b51
SHA256 8611912c9692b9e995a929629a2cd2d37fa83f0467163cbd3464097253927d3c
SHA512 ada1f607ddeb4260e5c8dff907bac315c06e20443787ba89d7b1367dcd3196c3f306039bb456284a686e386552701e67d94e8649ebe5db75e5c92e6751c0dd9c