Analysis Overview
SHA256
2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66
Threat Level: Likely benign
The file Install Parallels Desktop.dmg was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
File and Directory Discovery.
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-06 20:17
Signatures
Analysis: behavioral21
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:35
Platform
macos-20240214-en
Max time kernel
136s
Max time network
139s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]
/usr/libexec/dmd
[/usr/libexec/dmd]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 17.137.170.10:443 | tcp | |
| US | 17.137.170.34:443 | tcp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | de8229c4d147d3023070941bc9a70787 |
| SHA1 | 2c0a1d9d75794a81ea48e170b1d11b9dda9aa217 |
| SHA256 | c22a94df916618f26131ec8652071a464e03bb8d32d4a3f22843f1cd54df9df3 |
| SHA512 | 4a9e4a9d99f956fd14096b66cd4fe6975e44a97f35426edaa383eecd142d36bd3247286ba15301301f44c2bfbb78a6f1db21192825eb072581e00969f2fa6f34 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 52ef57acdaa153c35594e46bde4fe42c |
| SHA1 | c2a5b1748aa61c311b670ef319d92663e3f92b00 |
| SHA256 | 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a |
| SHA512 | defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:21
Platform
macos-20240214-en
Max time kernel
210s
Max time network
210s
Command Line
Signatures
File and Directory Discovery.
| Description | Indicator | Process | Target |
| N/A | basename "/Volumes/Google Chrome/.keystone_install" | N/A | N/A |
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2 | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53 | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53 -post-exec 4 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2 | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextInputMenuAgent]
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextInputSwitcher]
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.google.Chrome.3056]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/run/Library/Application Support/Google/Chrome/Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake-all --system --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2]
/Users/run/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Users/run/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake-all --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=4]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake --system --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=4]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/Helpers/launcher --internal]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update-internal --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=26]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=26]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=26]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=327037590 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=60]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=327086921 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=60]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=332670547 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=70]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=9 --launch-time-ticks=340372373 --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=64]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=64]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=96]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=106]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=112]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]
/usr/bin/hdiutil
[/usr/bin/hdiutil attach /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.8104qg/GoogleChrome-122.0.6261.111.dmg -plist -nobrowse -readonly]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 264B669B-C9F1-45E6-8D1C-680902E23A53 -post-exec 4]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s2 removable readonly]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s2]
/sbin/mount
[/sbin/mount -t hfs -o -u=99,-g=99,-m=755,nodev,noowners,nosuid,rdonly,nobrowse /dev/disk4s2 /Volumes/Google Chrome]
/sbin/mount_hfs
[/sbin/mount_hfs -u 99 -g 99 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o nobrowse /dev/disk4s2 /Volumes/Google Chrome]
/Volumes/Google Chrome/.keystone_install
[/Volumes/Google Chrome/.keystone_install /Volumes/Google Chrome /Applications/Google Chrome.app 101.0.4951.54]
/usr/bin/basename
[basename /Volumes/Google Chrome/.keystone_install]
/usr/bin/defaults
[defaults read /Volumes/Google Chrome/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Volumes/Google Chrome/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Volumes/Google Chrome/Google Chrome.app/Contents/Info KSProductID]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[ksadmin --ksadmin-version]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSBrandID]
/bin/mkdir
[mkdir -p /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-before /Volumes/Google Chrome/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/122.0.6261.111/ /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/122.0.6261.111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,5354534724212232174,12250703005290766939,131072 --seatbelt-client=111]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.135:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.178.10:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.73.25:443 | mobile.events.data.trafficmanager.net | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | fcb4024c6dc53a5b72c492fd960762d7 |
| SHA1 | 82c43024d9e274bf2b8a5d1e505d65cf3873fb92 |
| SHA256 | 5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6 |
| SHA512 | 5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b |
/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 6487e04972ecffd0aabf7b61bdda8119 |
| SHA1 | 26f0b11a2529a35f6970a914deadfcf2e2d23286 |
| SHA256 | 241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172 |
| SHA512 | 44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae |
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb
| MD5 | 61a867b6e4a24cfcfd32ddef25ac3229 |
| SHA1 | 87cc4516fbce1700174d8ea27c9d2cb70a60a1fd |
| SHA256 | 9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5 |
| SHA512 | 3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc |
/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | b5db1f091948de93d7fc96e14aef6da3 |
| SHA1 | 74745f991e3dfe45037366e55c2e6df47d8e6593 |
| SHA256 | b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e |
| SHA512 | d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34 |
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | b47a44bdd1b765b6af56b347447fd1b7 |
| SHA1 | 8599a1870656af91e432bb35e3497863e34ddfbb |
| SHA256 | 79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06 |
| SHA512 | bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0 |
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | e0f65ad85a40a32fa91e551005e193ce |
| SHA1 | a145766d5df23ae5fcd23dbb6937606f280f3502 |
| SHA256 | 18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8 |
| SHA512 | bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.32.0/Ruleset Data
| MD5 | 132df2b999906be7b21cc21bc247b068 |
| SHA1 | 0665be201a96e717410a4e61a263bb879b3f08d4 |
| SHA256 | fed1557c8b4e40813114db3b546c043105892dd0895c4d7c02d45a8be351173a |
| SHA512 | 6764c8a425cd010a67a4636f812d43e63bb0815943e9839cf9fa35f3e5f9ba52309ed842306dcffe32a72e7019cb0c28e1d402dfc22dca0603a0cd48d6a26451 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/87f101ae-9b53-4b4a-905e-f586b1d2bfc5/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 0cb25d5dcee81992bc12670ea1d090b9 |
| SHA1 | 38b81d83524fb8a55a60ce5eb7380085c83a00b3 |
| SHA256 | ea232a3aed46d311968c502cf38bb07f33f3941af4f50d0b5a15ac4d8ae0c865 |
| SHA512 | 342a9d83c90f691960750c72b52a894fef29325eb2891cc147f215166f99c766d91da3e41c80cb365fbda2bb61d40be8f00960f9a5b47437f8f84cb5ecda549b |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.XJeIGK/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENGB500000_j4ulfqgydb3iosc4yghs2ynkzq.crx3
| MD5 | 4fa818629f7aa7a42f048e08dfb7f3bb |
| SHA1 | 4e1bff38aa1adcedd8b719110a19d9795a054b04 |
| SHA256 | 8069f8805123f74944304604381770bb694317c9e1044e096f540222dc56c0f6 |
| SHA512 | ebbd49bf7030d9c6fd81b9bef122bbc910815fb68108f0e69bbf8beb6cd692b496f87dc1c91a4952d92579bdf734e6cf56d0e91e5c3c72e2d0c196b28e090003 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.2CQNFy/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Zcki6z/khaoiebndkojlmppeemjhbpbandiljpe_63_mac_acj4pge7wnngtgdmbzd4p5k36luq.crx3
| MD5 | dd093ee4be8228581afa24a12c4ff5ae |
| SHA1 | 744b07f0920111293fd8614a8c08b91a7a9fbd51 |
| SHA256 | 458d41f9ddcf8cb983af99e4765c6653d1e70a30d15491f5b1cbee0ce4b07907 |
| SHA512 | 4fc4a8453804b44d9e2bc54c01fa68e7b69a21a2ff0da8bc73386bd94ac9b173fa84f26fa801e13e384ac2842e44c69ea9443e509418ebe385ebea1df3ec205d |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.dfVcfw/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rF9q6Y/lmelglejhemejginpboagddgdfbepgmp_436_all_ZZ_ad4jy6rshuti5xmhmf3qw4tyig6a.crx3
| MD5 | 890532879ec821a6eefad7eec0e52e32 |
| SHA1 | 79ee11906a3bda1eb78d553729b9256de34e9c91 |
| SHA256 | 08e537cf045b43746488f2574b7b0b80add005f2cf6a4e690906e41b95c11591 |
| SHA512 | 8d92a443f7ba77bc046010f67d8230cdd0805f81ddce83b07a2bd1dc2a395c3a2b3a16ade5532b404bc69ed2420edd0d04e8d8b4f7e66915c369416b0ebfeb90 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.txfZf5/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.to0aB1/hfnkpimlhhgieaddgfemjhofmfblmnib_8581_all_adig6ljm6e4acuc56bfhzvaainka.crx3
| MD5 | 6a4090c9559ab5ab8f3cca8c20931f77 |
| SHA1 | 6c4c4795a141503bbb8bcdd90b4c1e7731a4c6d6 |
| SHA256 | c6c0f4669a3e64afd73baa4b8f864984b1d8aef503fbd9df55a628aaff777f1e |
| SHA512 | b3f7e09a6cd884b29b803882c8f47c0601a0176919837cdafbbf440f85c1f3765825671424cf3c15a5fc3eaf89cd55ef07124e80a248a75ad7b3db8d0b786860 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.OHSrCr/jflookgnkcckhobaglndicnbbgbonegd_3021_all_dtg3voljl7zpu32w754gs43oj4.crx3
| MD5 | b8c6f609e10c1b657e6d1d09c0089ada |
| SHA1 | 4f9a4478920dc673a2880e7d117626ba13cdbbec |
| SHA256 | 27a39389f56a35f783139f8ed62da6fca48e48e255a09d39bb5e5b4bc3adc6ad |
| SHA512 | a671bf5a288d1136fec1ce1662348cce6a9e5609f843938c924bce32643494d4f7848fdf2326a5e4c351a761f2714744bb5b111a675d822ab1486f9a7d1b935f |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.mGDsgI/efniojlnjndmcbiieegkicadnoecjjef_886_all_ac4ikrfwladxrhhzet7wblpcbolq.crx3
| MD5 | 811ddd83c92fdebb7ac61c3e64fd849e |
| SHA1 | 93b57f87fcd0608cb7d98b526c93c16b39947f50 |
| SHA256 | 7de21ebfaf309be79592e240ca1263052d1c2f5718711cc0f02c5e4bb47a755d |
| SHA512 | 077921c08d02e8b72b07b0b809b5f48931116d5d25af5ac72e013ba76cf32d1982490e9743bf23c111104a4ab2bc910d9500cc1cdee8695f79d6281a18b0614e |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Os35ut/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.ZFHpqG/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/log/fsck_hfs.log
| MD5 | 7e514fc0c78477f4e53ebf36ae535805 |
| SHA1 | d880bfbe24031323b192620a5adc7edf2c4963b4 |
| SHA256 | 8ce931a452604a0f4baa72f52ab83eb1fd9c648ad6bb6b2729f729a2fe095f10 |
| SHA512 | 91e02e8d0d30a63ea4b240cfcdeef9d0aac9ab83b1e5839affa57ce06afb764b2b62816a5ddbad910dfdfc24cf481fcbb378626840d44f4f4c528d71c8150271 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.CCVOiv/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.DfJSZT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | a125f78004f07a32f35880a4bb9bb71f |
| SHA1 | 9744a42cf7e5527591119d1f866651dcbd2c8b47 |
| SHA256 | 3f30e7e514f47d37a0121c801ad2c026738b09e2d9819b65802d41bfb88b9500 |
| SHA512 | 5698a8c1d002ca06085b5b5239a66f2d52107d298a9276d0e35b16e2a6da8f0ff8ef750f8ba30cb04f42319fac93ce047292168bae777b2f8fdd7485dbec6a4d |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.DfJSZT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 0fa505d26fd906c645e60aa05f12af36 |
| SHA1 | ecb1def63dba6d475dcd61c4d3a6938855e6f24a |
| SHA256 | 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2 |
| SHA512 | 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00 |
/Users/run/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rmHJb0/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 2b16fd14af9a2e78513bd0ce71da8f0a |
| SHA1 | 1870c0e684081f5dffddd5f73e71310964553485 |
| SHA256 | 7a722a4733bea9acca001fa0b36afa09c7e01ac40f55f4fe294bee578b9416b8 |
| SHA512 | 350aadb17afb6a7c4eed3c7192c75b91652e54765c14e24d08372dbea0b00da801cacbd11a865abb95534d33ca78d471584067aa3e1b2452c27b6ccf558b9af0 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rmHJb0/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | d31e8bcf0cc30c4da8eee8e3df5bbde7 |
| SHA1 | c54c5edc10fbedb192b7e1b1c34eb01a06dc495e |
| SHA256 | 58437f320d7bff6d56b1e5f0fb769cfaa3842b225c7a33544f98ee3ff176a9bc |
| SHA512 | 73f54fccd6fdb8009e71bee61e613fffb765a15c37245ab86162d4f93fca175d776fe78427fb00192ac7146c7d719e17b48ac184408e88837c193b639f15034a |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.rmHJb0/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 8303ad9de69ff2a0b2b587c963c4d2a7 |
| SHA1 | 4e38d913269d6c2422db4715186669aa27f67a49 |
| SHA256 | 1453e60c299dd0339489ddcf292bda2e09b3adb2aa3117f2354f6193fa1279c3 |
| SHA512 | 88f9b8e34673cfe37bef077d41b6d72993955b86b6045d245584617eb0f3fcc3a02e030852c07e97147a85fe0e749e83d309d91095455290f919888ee7997cec |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.Jq4Wf8/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.02.28.00_all_okdreulebf3763j45vyqf2d6iq.crx3
| MD5 | cf344985cff8043f763eae0026a30948 |
| SHA1 | aa973264711b3ee3f812056adc37129d2892cdb8 |
| SHA256 | 20a91a5eb86297ff83ed0537872c9c1dc389687f7616485cd4e2ff7b02fe125f |
| SHA512 | 4caa44d856b51e39a03a8223dd324d6a98361018194331fbe3882a71bd653f070b70d57ded9fae54acfc894178099bf820f5d83ac8d28b0b950772441e32d21b |
Analysis: behavioral12
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:31
Platform
macos-20240214-en
Max time kernel
139s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 0eecce9726bfc95e4e0ff77826858980 |
| SHA1 | 980b31fae1608aa0972d1b68f533677073d6028e |
| SHA256 | 12204612e044306649cf3b8e691a272bc94939044e54761565a57aa7b203cdc2 |
| SHA512 | 01cb0efd93387b54c3a45c28c72fcbc90f91e491e3f29dde5fbc7a68a5ff32ba5d663bb24c728f2d8e320520e23b89f57bbc1e53908023f5ff4b1a9bb8ff52e4 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:32
Platform
macos-20240214-en
Max time kernel
144s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secd]
/usr/libexec/secd
[/usr/libexec/secd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 20.42.73.24:443 | tcp | |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 17.137.170.36:443 | tcp | |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 17.171.98.2:443 | tcp | |
| US | 8.8.8.8:53 | bag.itunes.apple.com.edgesuite.net | udp |
| GB | 104.77.160.219:443 | bag.itunes.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | onedscolprdfrc02.francecentral.cloudapp.azure.com | udp |
| FR | 40.79.150.120:443 | onedscolprdfrc02.francecentral.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | courier-ab-vs.push.apple.com | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | c05b619361d2cac0288befbdef519546 |
| SHA1 | 634e507971e2bd2697df0cdbbe8772e6fbec276e |
| SHA256 | 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8 |
| SHA512 | 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 52ef57acdaa153c35594e46bde4fe42c |
| SHA1 | c2a5b1748aa61c311b670ef319d92663e3f92b00 |
| SHA256 | 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a |
| SHA512 | defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 9bbf4b7784ed189f71df8769f9614fb9 |
| SHA1 | 4fd93dd7e9ec5e50849d5c3a30b4c31f21a99c38 |
| SHA256 | 26e3048c4d58226c6c6035408ae57293df7074118e9c7b30985a9e9fb71798b4 |
| SHA512 | 2c0fd4bd986b767cd79b492056c72219aba9ad14bf3fbd68d1f9541a37a5ac657d0189c441a027212ae30d516b431535ae349b159e3ab574455f07a738057c1a |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:33
Platform
macos-20240214-en
Max time kernel
53s
Max time network
132s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]
/usr/libexec/dmd
[/usr/libexec/dmd]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/usr/libexec/neagent
[/usr/libexec/neagent]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bird]
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 17.137.170.10:443 | tcp | |
| US | 17.137.170.34:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 4097767b156473452b29f28707116638 |
| SHA1 | 338dea2005c669cdb9d8a7840d1ea11246256f7a |
| SHA256 | 95bb7973b19d5c17fc985ef23608a75b2611143862854c5eef59ed8612b5969c |
| SHA512 | 7106d233cf75bf7853d665b241f6229dba4a431efa9a51bd43868834f88e7888e621055e89e788c80a7bf3cc4f8d4c16f0e9596beda701694b1822816832b82f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
Analysis: behavioral17
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:33
Platform
macos-20240214-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 17.57.172.5:443 | tcp | |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | ecd1a161d0b14f7c3d20342e8e7ff583 |
| SHA1 | 5b5cda33f7e88cb7f97fa248e1b9bdfae4467115 |
| SHA256 | 931ae3b154007e06a25baae04308d66af6a6f4383714c175219a8de728c55910 |
| SHA512 | c50aa949f1584ca9d0dee8d9c8e14afe06f6a2e9ae82db3e4453367f9b9ec8462380392cc118a17e6c999b4dbd3150b20cbb306078afd80effd8054140dbf129 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 54ac2dfc3277cc71d095814696c9d295 |
| SHA1 | 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893 |
| SHA256 | c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da |
| SHA512 | 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b |
Analysis: behavioral28
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:39
Platform
macos-20240214-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
Network
| Country | Destination | Domain | Proto |
| GB | 17.57.146.152:5223 | tcp | |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.8:5223 | 10-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | a67fdfcb8fd71c9c075f1bd2519f785e |
| SHA1 | a684106163f7e05d6b9bb40b9d4b6cb1cf0562cc |
| SHA256 | 81ad4c9ead945fcccb662203a541b50fd14c5b579291da192a001fdb89627e7e |
| SHA512 | 116df37ed0cebfa56ad4651e5c36190d7d25437f2dd47d1d7ef3385efddcdade2810bc3742c8fcd17feef981c1310ce472b850eb9cd5907dcbb94535202b38df |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral22
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:36
Platform
macos-20240214-en
Max time kernel
136s
Max time network
157s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| GB | 17.57.146.152:5223 | tcp | |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 151.101.3.6:443 | apis.apple.map.fastly.net | tcp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 9-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 0e1265d39020abbbd22ec00c75471b91 |
| SHA1 | 9ca469610bb8a30ab21d30a7dcc79bcde3a2240a |
| SHA256 | cc07e88d7f7ccd6ce2a10e1b27a9972858d409a3311ff66366a5771814103ef2 |
| SHA512 | 91f363fc0f8caa6472b675dd941b698f31d4fc9a26375ce031e88f715f6a1047ee4d19a39cc4d08f9763397260e4f7eda65583898e269f70e4cae3094dc1671d |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral25
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:38
Platform
macos-20240214-en
Max time kernel
148s
Max time network
158s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a68.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| GB | 51.105.71.136:443 | tcp | |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 96b234ecac198a6f063e440f437c6e98 |
| SHA1 | f2b70fc1292b77ea865da7bc55b9a89179be43b8 |
| SHA256 | b69e772942856f437ff19f27e9e4e12c4e82217e1ab023eb19ef597eec1506bc |
| SHA512 | 6576071d8a4e0a2a0fa8325d80ea4b5a66a4635168e16821e4f6816fe5cb5874e3375ab1ad8c4fc0da0114759c8246945c6c941b27ae3a9404791004d539cc8c |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral26
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:38
Platform
macos-20240214-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bird]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 17.137.170.10:443 | tcp | |
| US | 17.137.170.34:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 52.182.143.208:443 | tcp | |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | ad6afe83e4abbbea148bb93a3c17855f |
| SHA1 | e6a5afdfdb497cddd6279a70a4a828ee0c995ed5 |
| SHA256 | 0f2a41171b47099cb0978777a3a269602dda1d2590dcd2fcecb7d55ce84711ce |
| SHA512 | abd9c89912d1db4ba22466dce8350f4e15a7677ec6e9656020f79c836f62edc81164c12e598f053fe711819999d1dd878c45dd74e0038f8e37bf2a8c67dd217c |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 52ef57acdaa153c35594e46bde4fe42c |
| SHA1 | c2a5b1748aa61c311b670ef319d92663e3f92b00 |
| SHA256 | 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a |
| SHA512 | defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:26
Platform
macos-20240214-en
Max time kernel
146s
Max time network
154s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 20.42.73.27:443 | mobile.events.data.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| GB | 104.84.95.239:80 | tcp | |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds-cdn.v.aaplimg.com | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 783172bca0778278de557b758901baec |
| SHA1 | 449da7b8bb68555033b87e7bca41ef83f15dfa8b |
| SHA256 | 0dedf4345b03c805346a2279c29e3897019fa9ad49e955e6acbbd7cbc226d798 |
| SHA512 | 864606e0c50b1f93fa42ff6d4554d5a0c5ca1232b2cf897c4baf000cf34e73d90202d0123262ea6e6637ba4313f7d320813302e001965ef5b8aaaf19f6d567ea |
Analysis: behavioral7
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:27
Platform
macos-20240214-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secd]
/usr/libexec/secd
[/usr/libexec/secd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 20.42.73.24:443 | tcp | |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 17.137.170.36:443 | tcp | |
| US | 8.8.8.8:53 | bag.itunes.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 17.171.98.2:443 | tcp | |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.37.220:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.150.120:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | c05b619361d2cac0288befbdef519546 |
| SHA1 | 634e507971e2bd2697df0cdbbe8772e6fbec276e |
| SHA256 | 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8 |
| SHA512 | 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 16a15c7222b5f487f9e47219bec96c9e |
| SHA1 | 47bb4748ff46c6365fb2bf5b22ca60387b4f42bb |
| SHA256 | 9ae1d6f1888fc41b8d9c6315df10394ef187eb1f57ac0abe48c5606b3277463c |
| SHA512 | 41595eb4b33c09cf1d087977c2a49c14a2894083a4d73dc88a0c9532e6c6b546f872c7cec14a16f674ebd0137c04e690124b777e197677cb964eb9336745d919 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 2706ee0efdb6b9f30d49a3d5a3b591de |
| SHA1 | 84c1b63d869899b65974fb46ee547fd01c1c3958 |
| SHA256 | 4e102c3ec646a43cbdcd584909e32d54a297764dfecea17aa1284db001934c17 |
| SHA512 | 94c03724b0b7021fce10c222da76458c4fba6bb90f8cadec0a87dc641d476f0834ed8edba6cb9e97723c2c077bce0fbd7bfb60d6fb50170ae4145113defeda10 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 5b21a7d986c41307be285d416dcfbfd4 |
| SHA1 | 99f5e69f60b6de45d6e2ef98b06d2a16b0b8dbc1 |
| SHA256 | 32e02684c812ae318d21fd46c6b34bc663c8a36279535e4f01894c01ed04deb5 |
| SHA512 | f8003c0b2274fd15567bb629a44489cffddd2e45981345c64b4d2b35b78a4673046441660e496cb834ce13c25e130607cb948a273f9c1d08481c1bb92204429c |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | e1a2731d2779227cb8ba3246b800f972 |
| SHA1 | cd5117e844b427f981aeb36bbb75df352a17463f |
| SHA256 | 24a708b64adca4de41eeb36d4585b4d15f6cd6a881a20958004f7bebf8b8f96d |
| SHA512 | e7f11f49e3b0b1695be1fd1c81b41de2a6cc877a65ba20637400250dc068398225e918c940212520c2d25337517ac13005775a115ede4ca82b901353a5c589b4 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:28
Platform
macos-20240214-en
Max time kernel
140s
Max time network
154s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| DE | 17.253.79.202:80 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 23.200.147.27:443 | tcp | |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | d71f4857c3acf8b0e38fb713b348f033 |
| SHA1 | 746202994791e188952094ee2f5a22e34f88fc31 |
| SHA256 | 894830a8da2747419c17082c9db5449edf9c49287d35b7a99a15765e9125b411 |
| SHA512 | 092216222faeb76ec04a4cd1d17eb5cf5364b3ce44c7cfb77918259da30dbf9cde3c47aac453b338c8a41ca9eef04e431d9606a28595c497ed56219c80b40b09 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 54ac2dfc3277cc71d095814696c9d295 |
| SHA1 | 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893 |
| SHA256 | c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da |
| SHA512 | 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b |
Analysis: behavioral9
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:29
Platform
macos-20240214-en
Max time kernel
140s
Max time network
155s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 151.101.67.6:443 | apis.apple.map.fastly.net | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | courier-ab-vs.push.apple.com | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | c10f9860e3491dec231c9c1d500f104f |
| SHA1 | 86e6087727a5ce0162495eb4731a226227fde941 |
| SHA256 | 001a2f353976ee1bcfa13f4389d552fb58f6e27b8b9e8e24b439045a09eada06 |
| SHA512 | 3856d9ed89ba9050f1db9a7669a9625162785008ebe068bbfcf18e5ab5be4782edb010ad85955c2ffb70c5f8c3edbfd91f67bd7d79f44b64a56e8936500f964c |
Analysis: behavioral10
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:29
Platform
macos-20240214-en
Max time kernel
143s
Max time network
154s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secd]
/usr/libexec/secd
[/usr/libexec/secd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 20.42.73.24:443 | tcp | |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | bag.itunes.apple.com.edgesuite.net | udp |
| US | 17.137.170.36:443 | tcp | |
| US | 17.171.98.2:443 | tcp | |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.150.120:443 | tcp | |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| DE | 17.253.79.204:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | c05b619361d2cac0288befbdef519546 |
| SHA1 | 634e507971e2bd2697df0cdbbe8772e6fbec276e |
| SHA256 | 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8 |
| SHA512 | 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 1a2c05e3fe640629bf441ff722dce7e2 |
| SHA1 | 860bb26cd1f3de413395bf38b8b81e1e04ef5cd2 |
| SHA256 | aba143305390580c1620bf35f7fda69c6781b958f288bb6f08d24ac69d1ea0e2 |
| SHA512 | bda11b198ccc13a4bc4ec94fde6cf4298d3fa393cd280bf9a9093437f9ecd1780b71fec5f9102eb6deefbdc656c9b70137c9feda7c175537b8e87aabf6a2b80f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 16a15c7222b5f487f9e47219bec96c9e |
| SHA1 | 47bb4748ff46c6365fb2bf5b22ca60387b4f42bb |
| SHA256 | 9ae1d6f1888fc41b8d9c6315df10394ef187eb1f57ac0abe48c5606b3277463c |
| SHA512 | 41595eb4b33c09cf1d087977c2a49c14a2894083a4d73dc88a0c9532e6c6b546f872c7cec14a16f674ebd0137c04e690124b777e197677cb964eb9336745d919 |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | c800220eddb9dc5bbc7fc89c36c6775e |
| SHA1 | 5df4ec1d9fc764050afbc916bcda61bd301a59f9 |
| SHA256 | c2e5c81425d44afb37c6a9c4da4aaba4321225b8a339e017f7ede592a39dbceb |
| SHA512 | c9fb64b2c7d48a7ced8422d9b7f04a1dd7d8b880c7e94c338cc2e84af094a3539bc35740dce66b3d128db874177163c5bdac8abf5b29c625cb0c4b8851aaaafb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 5b21a7d986c41307be285d416dcfbfd4 |
| SHA1 | 99f5e69f60b6de45d6e2ef98b06d2a16b0b8dbc1 |
| SHA256 | 32e02684c812ae318d21fd46c6b34bc663c8a36279535e4f01894c01ed04deb5 |
| SHA512 | f8003c0b2274fd15567bb629a44489cffddd2e45981345c64b4d2b35b78a4673046441660e496cb834ce13c25e130607cb948a273f9c1d08481c1bb92204429c |
Analysis: behavioral11
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:30
Platform
macos-20240214-en
Max time kernel
136s
Max time network
155s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a68.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| GB | 51.105.71.136:443 | tcp | |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | cd577b68f72baa33216c3fa0556e8307 |
| SHA1 | 4d0a6f6758a63e188e06b500a868d5d9426050d6 |
| SHA256 | 9189f6b471f1d63ac9ddd4e50214eab608774ca68fb31a1dc8a4410beaef1087 |
| SHA512 | 0a9eabd6bc0d2c8852dcf36192e25fe716c75640298fb556ca5f7779f81cdc941c5fbbbba59bd435522e24a8630a89c23c1b953e9c262e06cd7453510090ab11 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral23
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:37
Platform
macos-20240214-en
Max time kernel
144s
Max time network
155s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf\"" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 8efbd5ae794b3421461829898611852f |
| SHA1 | 43fa9dadc758b76590cfec31a7612a1aff1620cf |
| SHA256 | f96f9b223f5e1af854d28214a8a6c7ee197538c67658f993d8b134a5fb118f6a |
| SHA512 | 2b432692dd5624bf6520725f2b435a244fb907b8499041b13ecd35152b2f86960a285d7cd5ca10d135be101da81ff838d85c661b2c1223a51c6227774df81c7a |
Analysis: behavioral24
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:37
Platform
macos-20240214-en
Max time kernel
139s
Max time network
154s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secd]
/usr/libexec/secd
[/usr/libexec/secd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 20.42.73.24:443 | tcp | |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 17.137.170.36:443 | tcp | |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | onedscolprdfrc02.francecentral.cloudapp.azure.com | udp |
| FR | 40.79.150.120:443 | onedscolprdfrc02.francecentral.cloudapp.azure.com | tcp |
| US | 17.171.98.2:443 | tcp | |
| US | 8.8.8.8:53 | bag.itunes.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | c05b619361d2cac0288befbdef519546 |
| SHA1 | 634e507971e2bd2697df0cdbbe8772e6fbec276e |
| SHA256 | 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8 |
| SHA512 | 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 520bb9b65b89f03050030e5a985b9cd1 |
| SHA1 | 91defba6d4540d4c8ede177730d104d747e8f57b |
| SHA256 | 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0 |
| SHA512 | 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 52ef57acdaa153c35594e46bde4fe42c |
| SHA1 | c2a5b1748aa61c311b670ef319d92663e3f92b00 |
| SHA256 | 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a |
| SHA512 | defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 3b21caadabcd0d50fd12cba24456999f |
| SHA1 | 8864347adde5196e2ae4da93b20075b11f2db45e |
| SHA256 | 13c74386e42d2693c8475afd6760a51f1e9fc674e61ba60dcaae6e819997aeba |
| SHA512 | 5ae18eb552bef6c4412bc9a1efc65d94ee9df8c49ace7adbffe24962b43a44b75eddea3d83f836db470e8b746f0b8b7fe5e50e97864d267a1b98f756d7389421 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral27
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:37
Platform
macos-20240214-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| GB | 17.57.146.152:5223 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:20
Platform
macos-20240214-en
Max time kernel
134s
Max time network
146s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| GB | 17.57.146.152:5223 | tcp | |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| GB | 104.91.71.139:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 95.100.245.89:443 | help.apple.com | tcp |
| GB | 95.100.245.89:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 51954ef7112b2409b289f603b5f9002b |
| SHA1 | 96b4701eaa7e217c40cfce02c01cced429d1257c |
| SHA256 | 553bea0ffd610595c021ef05878c4f676932553c165767920eacb7f3c307a75f |
| SHA512 | 6c7d52b9a8ccb4a0f49a33f22c3186dd2a3e7a1c9c74ff8b68d45b6e2adb0c4ebf7fb80d0abcdae97cdff409f9a9f1a4e71f6864081195d563832f152856cda9 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:24
Platform
macos-20240214-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 151.101.67.6:443 | apis.apple.map.fastly.net | tcp |
| GB | 17.253.77.204:443 | gsp-ssl.ls.apple.com | tcp |
| GB | 104.91.71.71:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| GB | 104.84.95.239:80 | tcp | |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 02ee0ff98412172313662731ccedb068 |
| SHA1 | 75a0a2b5f2614ab00792032dee4f2c07970e98f3 |
| SHA256 | a11ab89ca2123066e53147645088ec4efbd0de0c4130b7f1327ab267bd6b0672 |
| SHA512 | 6ef7e53f63af1630140c09716f58ed571b0a94872d4c8000bbdf5af86ccd4e7cd82e9f939e63f874bbcf9bddf933a66b59190ea8e45dea0e1104f987ce3cbf9c |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 663c8d7e566ea990cce859ef481207ba |
| SHA1 | ae984c1023eb533822742892ec5f0ddb5991b7e4 |
| SHA256 | 150a02ff90e0f23641a0acd2a91af8c70e9acc17ab1a64fd117c411ddc2f033a |
| SHA512 | 69732a76eba985eab3a774029765b0a0fb23d8c9185f87b313612d7cc9067fbf4b8213833ec203a4e0fdd4ddc424b9d609541598c20fd7fb8516d71adc526c4e |
Analysis: behavioral15
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:32
Platform
macos-20240214-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf\"" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a68.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| GB | 51.105.71.136:443 | tcp | |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 47.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| IE | 17.57.146.87:5223 | 4-courier.push.apple.com | tcp |
| IE | 17.57.146.88:5223 | 4-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| RO | 82.78.25.240:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| GB | 23.37.1.157:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 38-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.8:5223 | 28-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 03aa7703ffc2fb709cbe6a5036590a63 |
| SHA1 | 7888457df1181bbe4894f2d92eeb881ce4b3a229 |
| SHA256 | cf9bcd545bf211e0ab2a0e9e85e26452858cd9e19a937ba1e102fd18176a3104 |
| SHA512 | 9fa8061144dad5662779dcaf4e0e8900f99cf67f58f037a76524307b956d74ad1fbfc9b9d44246fc0245c967e6d502f57d9dc717bfd2c4b6aa3764f034a6b1cb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:25
Platform
macos-20240214-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf | N/A | N/A |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| GB | 17.57.146.155:5223 | 14-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| GB | 104.91.71.86:443 | a1366.dscapi6.akamai.net | tcp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 6dd182304d3e8b7f10384682587db222 |
| SHA1 | d09f84171e128ef11fa3938323e59682a70416cf |
| SHA256 | 6f0df293ff13daf7ec0ebb7e16c2b0e1e54788a770a79df2ede194dbbf05b993 |
| SHA512 | 3bd709fe5934ac0bc7386ff15af15ca110ed6b8a07d48139b1623e3e56778ba9fe8f450752ab7e859574242acaf06c9b514ac5c8135a4641e7e4a65f0bbe5d72 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 54ac2dfc3277cc71d095814696c9d295 |
| SHA1 | 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893 |
| SHA256 | c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da |
| SHA512 | 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b |
Analysis: behavioral13
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:32
Platform
macos-20240214-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | gb-courier-4.push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 14ed232299ee3ae5c671776d6ce040ec |
| SHA1 | a6cc8329e5a77b5a3efb5cf14b0086b79556cc98 |
| SHA256 | edcc4470003fde92b0dd59011bc43b51ed85c80b120c7ab5a24a9599f3cda14d |
| SHA512 | 6967eef1513a968b0fbfe283ccf0f4532d3159c54cdee7de287fef07f3e5a9668ec63596cef4e8c01fc2ed51ad4c6c5250cefb7c736173d9c8290c524699779b |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:23
Platform
macos-20240214-en
Max time kernel
149s
Max time network
164s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app]
/bin/zsh
[/bin/zsh -c open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app]
/usr/bin/open
[open /Volumes/Install Parallels Desktop/Install Parallels Desktop.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.parallels.webinstaller.2300]
/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop
[/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.72.131:443 | tcp | |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | download.parallels.com | udp |
| US | 104.18.170.3:443 | download.parallels.com | tcp |
| US | 8.8.8.8:53 | reportus.parallels.com | udp |
| US | 104.18.171.3:443 | reportus.parallels.com | tcp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| GB | 17.57.146.12:5223 | 22-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.200.147.24:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 52.168.117.170:443 | mobile.events.data.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | c1580c79e4dbd627830b5861a263c9d0 |
| SHA1 | 53a0798d08e1aaefebc6258f3aae79a04aaa04f8 |
| SHA256 | 087394f9689b685502124836be985033f916690ae1cd791f0195095e178c3488 |
| SHA512 | 40c7eab3252e5c6572d7b7a883898620e73526b217f94c957b04598b7e051d401213d78de0887da5cb59d98e27727628fbf4634f24e935eeaca1d6ab2ad3a4eb |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 8e7d9c15279a26ab2d534991cc4f8465 |
| SHA1 | 67787267d216dff8e53b2a7b350f2861a0184f0e |
| SHA256 | 663c3ec6d54b0eb2b6f0ce1b563a07a02b1838b69a0ddcf90ac1687de43172db |
| SHA512 | 5c58c5eb8fa251d5a6d1e269d4664d48dfdc05f725b3d5f332c67e11b696f6f544cd402420888fb159fab54fc62bce69b75087ea1e7f469fc5f5001c9c5eeecb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | da2dab30fe7b8fc191da9744cdf54802 |
| SHA1 | e5842ae451adcad6174de79dfaac125b530441e2 |
| SHA256 | 3416fa0f33707323c3897a19b5392cc0f6659cf48d3858b7741e7ae4f20cf1ac |
| SHA512 | 74358ca08b015f4d89d612d85252e641214ab21d78ed65660954de6c284cac202ff71d7cb671126eab6d6b6dd213a9a0b6de29828c1531a29f9c30c76608aec5 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | b76f1f2942e291966738c96a3c76193a |
| SHA1 | 5390346748d3c6546be941b5cb00a06ef235b447 |
| SHA256 | 306bfecb0d36a720b2d44e804bc2184cab844d300b5fd1d236d580782d16d2fc |
| SHA512 | 020442b5fb43d6e4366a1c89495f951e03ca9114049d936d97be0bd13ef0f085a9a139ad0a818760b2c1e1d6e3ccaf3260fdd3a9aac648618152bf247c8a2c9c |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 899ab0f9698f12a52e86758a26413fe0 |
| SHA1 | 9ff89976666aa9c816a155ec93de5c44ae1c3499 |
| SHA256 | d880e375a64eef6174fcdd989ed8fab8539fbacd9ebbceea058b6a7b4df8fe03 |
| SHA512 | a9cf806a37f76ff4e387de3a46a2bfc5457db77324d832f647b786056ab0023e944f2f43f68f3be5bdf0da2b62350964b3cfc39a79da751f6d744ac975d46eb7 |
Analysis: behavioral20
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:35
Platform
macos-20240214-en
Max time kernel
143s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a68.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| GB | 51.105.71.136:443 | tcp | |
| US | 8.8.8.8:53 | 43-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.85:443 | a1366.dscapi6.akamai.net | tcp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 23.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.77.203:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | f4fcb1fc65cfa2d39fbbb644badacaa5 |
| SHA1 | 4c71b873f334aeb508d691bbcd68eacbe18fa9b4 |
| SHA256 | dad56911e99547b43f77b5954b4cac44fc024d7bf6e11470eb749a34c6204f31 |
| SHA512 | 0c36d0c22a6b6f97ca19af1e2f70a0c94cb5a67bab1bf98336f5486e4cefc93b0f3dcb15ebf8a71cc65ac5eab37f321d7eba9d19ff6cc8708bfca4a45feb8d3b |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 1340033aca269b30874eafa2ec72adfe |
| SHA1 | e1c0e123ffc93a5f22c906c7206a625a149944d1 |
| SHA256 | fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724 |
| SHA512 | 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6 |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | b3e0783929679c7efbfcadf4274dc952 |
| SHA1 | feaee6dcb2a1af2c9ad07278573cf8e238f7fc7e |
| SHA256 | 770c6166698ec68f7e7ef1da9a10eb4b42c84e1f3a4f258c2474ca024a5f4c50 |
| SHA512 | fbf9acc54a51945389422f42f9a70fb41c8a7cf4a4381aa125b5454de82b112bae6361ef5a196baf5f7fb162a7b11953f3ea961e0494d0a81bd8837606383ed2 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 54ac2dfc3277cc71d095814696c9d295 |
| SHA1 | 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893 |
| SHA256 | c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da |
| SHA512 | 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b |
Analysis: behavioral18
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:34
Platform
macos-20240214-en
Max time kernel
88s
Max time network
158s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf | N/A | N/A |
Processes
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged]
/usr/libexec/dmd
[/usr/libexec/dmd]
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| DE | 17.253.79.204:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 32.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 0.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 992970083316c1c47a445a1e0f42c959 |
| SHA1 | 7e8b1e86097a6fb3a41395082ba4c736a1d262b1 |
| SHA256 | 54fe2616a5b4a92b1ddf75b30ecf82a4b8d0b3724cbfef3e75c77d805c525147 |
| SHA512 | d311c247519c2fe66f0fffa1cb1d085e313ed4e2f4e58222e2bfec23032e1c8d43ac7281c398281df0a2ef51d638c8e85fd4ea82caadeae1fbb78c3a54a3f71f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 64442775f7a11fc090f88988c8c46b5c |
| SHA1 | 3baab3554a4522c137adaf1a3a21f8323ea4048c |
| SHA256 | cebb23cd23883fefce23c47ea5d3f48740973c40f9502f79f8f36141af5b891e |
| SHA512 | b7795ae967a024e3807d709e879e95688a2bea838d36a42f7377ddb83c81d1b20c506971feb0bd3d7eba3e1ede04bbbb6126cb50f8d1a28cdf18aeb0d2e7651b |
Analysis: behavioral19
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:34
Platform
macos-20240214-en
Max time kernel
102s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secd]
/usr/libexec/secd
[/usr/libexec/secd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
Network
| Country | Destination | Domain | Proto |
| US | 20.42.73.24:443 | tcp | |
| US | 17.137.170.36:443 | tcp | |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 17.171.98.2:443 | tcp | |
| US | 8.8.8.8:53 | bag.itunes.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 21.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 36.courier-push-apple.com.akadns.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15.courier-push-apple.com.akadns.net | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | c05b619361d2cac0288befbdef519546 |
| SHA1 | 634e507971e2bd2697df0cdbbe8772e6fbec276e |
| SHA256 | 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8 |
| SHA512 | 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95f24d2f9121654acd5a1c44e572082b |
| SHA1 | ea13b61b35ef396ebe42f09e638a39f13b93fd9b |
| SHA256 | 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e |
| SHA512 | d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 602e03ff57a5a8ae5860e0f9bbae247b |
| SHA1 | 0f226aa6a2145d2a3d051cd334c4396842a9ab0b |
| SHA256 | d8cd750d7f1a1e09325b3743cd59068330271a9be4e6f2b854b355c6a3f2ca3f |
| SHA512 | eb8213f2a147d7b7ac3ccd1c227aee1f5e803626489ea7881c06455f728045c98bb805bfc0af0833cd6b045c78ac9433b5f85d6983634e804e48811cc4e8676d |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 41531bfeb1fcaa0616c0cac52bb384d3 |
| SHA1 | 4c17da98d22bc143f3ce373027ed8c9088a1d35d |
| SHA256 | e011a72bbc74022b95a19b372a056dea8fc8a79528ec31ce0187a0192460c842 |
| SHA512 | 20ce2edfe1860d8d79350ba8646ec6cf269aaba05f144fd57388c06ddb7db2e8248729c6775932400e3cd07759b4bf99a41bc3b83f17601814214239eb274325 |
Analysis: behavioral29
Detonation Overview
Submitted
2024-03-06 20:17
Reported
2024-03-06 20:40
Platform
macos-20240214-en
Max time kernel
87s
Max time network
156s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf\"" | N/A | N/A |
| N/A | sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf" | N/A | N/A |
| N/A | /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf" | N/A | N/A |
| N/A | /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]
/bin/zsh
[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]
/Users/run/Install
[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 151.101.67.6:443 | apis.apple.map.fastly.net | tcp |
| US | 151.101.131.6:443 | apis.apple.map.fastly.net | tcp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 9-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 6f0c00a8cc304649a1367a9a1b0aed31 |
| SHA1 | ccd889e628d60a327600676a578f852109139b51 |
| SHA256 | 8611912c9692b9e995a929629a2cd2d37fa83f0467163cbd3464097253927d3c |
| SHA512 | ada1f607ddeb4260e5c8dff907bac315c06e20443787ba89d7b1367dcd3196c3f306039bb456284a686e386552701e67d94e8649ebe5db75e5c92e6751c0dd9c |