Malware Analysis Report

2025-08-11 02:18

Sample ID 240306-y3wwrage63
Target Install Parallels Desktop.dmg
SHA256 2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66

Threat Level: Likely benign

The file Install Parallels Desktop.dmg was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-06 20:19

Signatures

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:46

Platform

macos-20240214-en

Max time kernel

117s

Max time network

134s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf\"" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
GB 17.253.77.201:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ccb22bdae76f1a1aa577d81c5c64e921
SHA1 b82e25c7730ced8fe47c8bdf948fcdea9a80aeae
SHA256 7aeced383eae78e025df5aca9000515166e3ee9ccc9a67c59ddf470166f6ef10
SHA512 a10c9874ef4dbc30d9a5df90460dc37d03138ad7e15fddef7e70defc71abe87e224be5d874e7f5207bdf44ecff479a5dd6de9546ec01af3f65f686c722f77beb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral26

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:56

Platform

macos-20240214-en

Max time kernel

133s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
FR 40.79.150.120:443 onedscolprdfrc02.francecentral.cloudapp.azure.com tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 28-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 46-courier.push.apple.com udp
IE 17.57.146.86:5223 46-courier.push.apple.com tcp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 d9a660f0a55b23a4a03780527def167d
SHA1 5c8d4b939c035d0e7169f157eaf15392100feba6
SHA256 418c18b7edb874f913d58adf0396017b4b5ee064ac20be20dfcacd7948db0fc5
SHA512 19a269169c2f3a717c7fb0d943cbd09f19d5ed77703e312fc64f8e70424c6e2e90273243ac25e80c01e0c07d21c6c1806810ae92bf4dac065c7f9b287b807115

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral4

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:42

Platform

macos-20240214-en

Max time kernel

136s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 6-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
IE 17.57.146.88:5223 47-courier.push.apple.com tcp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 4afa926accf85c68a64a720e63f16f10
SHA1 f1ff333ea04ae5504fbe9b67aaac498775e527f5
SHA256 9e7bc59ce391365936264eb9cac93146acae73578022482b4352967854100af4
SHA512 7a974ada243301dc59cf7ce4ac85476abd78d283d4e9bea94d6025c0770fadcdc736d52aaf7234e79343251c1ad1b0af07b31de8dce9401c3b69654901a6255f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral7

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:43

Platform

macos-20240214-en

Max time kernel

139s

Max time network

145s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 41531bfeb1fcaa0616c0cac52bb384d3
SHA1 4c17da98d22bc143f3ce373027ed8c9088a1d35d
SHA256 e011a72bbc74022b95a19b372a056dea8fc8a79528ec31ce0187a0192460c842
SHA512 20ce2edfe1860d8d79350ba8646ec6cf269aaba05f144fd57388c06ddb7db2e8248729c6775932400e3cd07759b4bf99a41bc3b83f17601814214239eb274325

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 1a897be318dc7b23151b66d16b22b2d7
SHA1 186c05af624541e6c1c72d2171d9e57fc272c682
SHA256 a555e726afa660959c26827dbea14177b550c28c142ad21506ba9782fcacbf0c
SHA512 65b21dcd8d467de198f29477dbd473c27e0a73eac2ee5b4b09ab9cc6a8dccab63f1fb95aaaa05e2211125a49868edac9665f1ba6a8d0e65239c4f763de96301b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 5b21a7d986c41307be285d416dcfbfd4
SHA1 99f5e69f60b6de45d6e2ef98b06d2a16b0b8dbc1
SHA256 32e02684c812ae318d21fd46c6b34bc663c8a36279535e4f01894c01ed04deb5
SHA512 f8003c0b2274fd15567bb629a44489cffddd2e45981345c64b4d2b35b78a4673046441660e496cb834ce13c25e130607cb948a273f9c1d08481c1bb92204429c

Analysis: behavioral12

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:47

Platform

macos-20240214-en

Max time kernel

141s

Max time network

148s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
GB 23.73.138.152:443 tcp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 0225ef2a89358c3393186915771bf8dd
SHA1 b43c102e3d68457a5fec8d5e278eb7edea2e6fe3
SHA256 950b18c2a3f47614d827e0432c075fe21a8a19cc5856e722cec8551517846ebb
SHA512 7d94c35ea2a175e7b07b12c8eac616ab80df66be1d3f07656de9faf75341c0d2dd33179f8aa32d7ada2d2e0917dbb6d84ea1878b293391e70d1cee2ec4ff09d7

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral13

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:47

Platform

macos-20240214-en

Max time kernel

132s

Max time network

158s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/fr.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 151.101.3.6:443 apis.apple.map.fastly.net tcp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 20-courier.push.apple.com udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
GB 17.253.77.201:80 valid.apple.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 40-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 9daa5dc58c119bd5b1a2ab6007aad4dc
SHA1 328c3ca0b7c754059129075d6c6d0da1b53012c6
SHA256 f3e7f9d85d328a6ada86324c89fe161b49f2d4017db857f3f07de2161f3a7ef1
SHA512 e40076c8a3cab0cb1551cc5a5f65c6a3d9b590899fc12af0581993344d9155fb363d24dac84186fb4511f84497e08f3b31def277471a6b47326ccf3bdab93a17

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral8

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:45

Platform

macos-20240214-en

Max time kernel

132s

Max time network

158s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 caf553a274bc4b9ada23c0e3a4257577
SHA1 d87eea47f801e1124659b8ec2f4edfc5f9a2f3a4
SHA256 7f3c089e5808dc678a318582266c58e3a664f6ad23ffccf557da577dcd4376d8
SHA512 11e769a2a8107a86ae27b0fc1cc19d3a5410595e9c69109c25bf0161c371e42bd441238a74f946c33ca05dff9ef75084a85b18180f7ab86142ca518c68be876b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral14

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:48

Platform

macos-20240214-en

Max time kernel

142s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
FR 40.79.150.120:443 onedscolprdfrc02.francecentral.cloudapp.azure.com tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
IE 17.57.146.87:5223 48.courier-push-apple.com.akadns.net tcp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.77.203:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 affb7f32602e1648564eec6d816da0f7
SHA1 d423ba84b69fe79a3fe0061d100d1e2ca0b9df58
SHA256 f87fc7510d903331bd7f436fa173cbefe34c64aa756f407180ea47fdbc2bfcf1
SHA512 7da96cb27c35c129818aefe94ecc1629889d11e7d467adcf1ce47fe0d8fd608d826f902fcba89a73462d334bf611b08b416b10aa932053a8de0c819fa10545ed

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 63a7803fe724db3692e6d14da0e7e278
SHA1 dd50467425375e5106fc761c6ff5216119ec05f5
SHA256 0a8785eabecafcf8f42dd401cbd0abc841d274c85fbe6f3bbbb1b1646a17c821
SHA512 209bf6351eb709bd079542b38b278127f65092788770f9a97ee1ca0f7d1ad00183cd602687cac39573916e39419cdb4f8bcfa917fc56a9ed72488e0fae3a3140

Analysis: behavioral21

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:53

Platform

macos-20240214-en

Max time kernel

137s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
DE 17.253.79.204:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 63aaf32e10235049c6d07f8bdf01ccf7
SHA1 57e7abe8f01c8ec987aeb0565b29fa6aacca087b
SHA256 3467f7360119a835435021980886e5c2c2adae1e8d27329d7d011a7345756fad
SHA512 53729e05e43a4734102c2b570145d3caee27eac74cb332cfa84de78fd9b278cc4306a504a5ef550693f1c1c6915109cad73b60d230d3964c54216f2712a96975

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 63549eb29ee01a129402cc4c10e6db29
SHA1 a827092a9f360125c22b84aee40bda7f10ec54c7
SHA256 fa566d19cbf0d039269fb09564228201183b59f04b8bd4c0fe4ba81d95f617c8
SHA512 6c1f023afa41195dc20f2aa4afe118a2e8f2ee225d183226790a6be34625a08a382355434dfae7f5a0fa19f8b12cd77ee2a0eb5e35a1fa65a0f21909f6584256

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral16

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:49

Platform

macos-20240214-en

Max time kernel

151s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 fdff32f1ae29445a143b1111f7033347
SHA1 065646fd566f14e06ea7ddd533ece3f52252f0bf
SHA256 cdd1bcfc434881be5ff3c751bd572a06903051c2c516648a4f31ead8b051e778
SHA512 25963f97a785b431819c6ee51fe874be2f8b864b5f0d13feb454be0b86c39d633aeb4ee4e14ad73e88c881bb7b2d0d1a16ab9004ebd8080907046ac03b27448f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral17

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:50

Platform

macos-20240214-en

Max time kernel

150s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ja.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 23.200.147.24:443 tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.77.203:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 8be908defdeccebb268fef0ab0d25439
SHA1 dc1605245398eb17d7c777cc0404ea0e5ee46130
SHA256 f09b6587b5a612d6079e9b17716bcffc210a4b9175638cf102d636588b2ad481
SHA512 8aefa95746cdd0fa5ef3d722719878db5bcb92e62f6148adbc8634231f914a413af04de75766407ce0395e6bafd5d95439417302644840b78cd25942262dba3d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 e35f8e4609f2ef1fbe2f9640e702b85e
SHA1 b8beb62a00250dab65ca9167d3dc4ff1b186d93c
SHA256 833641840878f998636c5b6511bed50b36a7b55dcff701a73dc7f11feecbeeee
SHA512 3c13a8a572d5b9ab5ee2e8d3a44a86f9e50263a2d30df790e2d72a79550cd9b989d94465e7e591359b2fce784d4711b35918b0a06f15c913bb10f55ae5808ba9

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral20

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:52

Platform

macos-20240214-en

Max time kernel

148s

Max time network

158s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pl.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
IE 17.57.146.88:5223 50-courier.push.apple.com tcp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 d7deee7bace835463d1a3cdf161dec2c
SHA1 8015e3aea8fb0d2171b7d247f5703f5966c8ed68
SHA256 1a1f4257abdb2239f99890540d634fdbe66874309ec57d60cbe388e7cca33dce
SHA512 3401cd4aba41e42ccc0f0ac5f6e35cdf32c9abb5984f7e4b8be6079ec9652381c9415a0879e487983f42fa4b764d8c25a2a61d363a7f65ce0955d58ed1faf0f0

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral24

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:55

Platform

macos-20240214-en

Max time kernel

140s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 0da1da53f330b559567aa7171aa19366
SHA1 afe53463e72868ba418cba7bb3d601f8ddc9da42
SHA256 d1df3ba14ae8e5cdf8c0f5eb4073a519d8d89e1b81d4bfd7030b32c3b0fb25f1
SHA512 5c7f67a2ca7ee88f50126c90f0ac3f39fbf01c482c38adebfff6bda4141f33dc7e628e550910da69a0d08531604369c428aeaa12e6fa333af6be3c24aee9ef14

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral25

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:55

Platform

macos-20240214-en

Max time kernel

146s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ru.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 23-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 7624646a2b143308fff9857cea394bb9
SHA1 8bbf8b8cb8b85936c54088007252737560d60ac9
SHA256 ce26414df7962d5beef6768f5cce88902156b9195f3cc3d25afcf9e89a774b63
SHA512 18c8596480228d065dd5e805f7571cf260cb87b71f0433b589fc6370b961ee7beb5a747501f61144ce1f328e7099e93feb45ddd78dbd964d514b28ed8a00e77f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral27

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:57

Platform

macos-20240214-en

Max time kernel

144s

Max time network

152s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hans.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 bc0374d68d9a1341d2bf863ca2303753
SHA1 02f5b14d5d524de7e48f2466f5ef47380d13626c
SHA256 ce14ff3c5c6f3c3a5161721c6c6a8004bcdd3741ff920000e1a43127709cf1ca
SHA512 1729abaa2d3631cf09140002bb0f96f73eb543babe18c961b95b1d0ef3782aa2c5ebc922182c1676f8e62060a7a6da81399224ce3ae8a141e427806c618a2537

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:40

Platform

macos-20240214-en

Max time kernel

142s

Max time network

164s

Command Line

[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app]

/bin/zsh

[/bin/zsh -c open /Volumes/Install\ Parallels\ Desktop/Install\ Parallels\ Desktop.app]

/usr/bin/open

[open /Volumes/Install Parallels Desktop/Install Parallels Desktop.app]

/usr/libexec/xpcproxy

[xpcproxy com.parallels.webinstaller.2300]

/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop

[/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.150.120:443 tcp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 download.parallels.com udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 104.18.170.3:443 download.parallels.com tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 reportus.parallels.com udp
US 104.18.170.3:443 reportus.parallels.com tcp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.77.204:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 43-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 f88f2cc259b2015ae1881edabcc1822b
SHA1 3f2e46e90340914e84f4867c0efd04ac37bdf02c
SHA256 d002d04c84ff6e6367642b93e4854c1094edc453af55d53f8c496329244eee29
SHA512 3760ebf4da7e639827f91863de2265757cc7918f4dd33dadd3e5da5ec6a2ae65de55ee9c1a5257b3f4fe3b8154a64823bb42afaeb002bbb1dc59c91833f06a40

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 f71c9e71e7a5c7f935de4e2f93167bd9
SHA1 f5b9ab73f9773e428624a8f90161ff6f5ccc9acd
SHA256 6f32cc28e01044919be3d4ccf807c9aad21a991acb3e7c3356226d7a93218717
SHA512 7873b3c970719167d92d7463c6237aeb4ab1c420028544ebf68997c866eded2c3b1250d71c85a928280e80c985ca9b5cf20520bc7302a50116de33042e42548f

Analysis: behavioral10

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:44

Platform

macos-20240214-en

Max time kernel

37s

Max time network

47s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/es.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gb-courier-4.push-apple.com.akadns.net udp
US 8.8.8.8:53 46-courier.push.apple.com udp
GB 17.57.146.11:5223 46-courier.push.apple.com tcp
US 8.8.8.8:53 5-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

Analysis: behavioral19

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:51

Platform

macos-20240214-en

Max time kernel

135s

Max time network

140s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 3b4960dd2cd2b2b154ac0410ca044971
SHA1 53f97bb5859894ae7792d0a19085ad51da76cdcd
SHA256 ca586e7dbb57220371eb389f403df0390ff62f9281dc1fd411c6b19718f47090
SHA512 45e85bc136bb5aebb83adbeb5db2158467fea98e442c84320bfbf6c0735276a18df4a203521b757fa3801a5112b74da0e0b8be88483031da1d2c5a87258aa11e

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral22

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:53

Platform

macos-20240214-en

Max time kernel

150s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 16-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 3a023c98a581fbcd985f11ec026a552c
SHA1 5966d0c4606ffd48f1a5be96137570a496ccddd8
SHA256 4cbbf46fa71b63e600fb4a7534c39b0e94d3b43a6b163d6e3cf4f851be17efea
SHA512 d379131d4fc247c7421ceccc3073a5d6d0cd655fd4652b9e0593cb5a125d5afd0853e68a42a030634972b2cf63def735e73cb5846dc4a8237a9f8f2bfc1ad26a

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 41531bfeb1fcaa0616c0cac52bb384d3
SHA1 4c17da98d22bc143f3ce373027ed8c9088a1d35d
SHA256 e011a72bbc74022b95a19b372a056dea8fc8a79528ec31ce0187a0192460c842
SHA512 20ce2edfe1860d8d79350ba8646ec6cf269aaba05f144fd57388c06ddb7db2e8248729c6775932400e3cd07759b4bf99a41bc3b83f17601814214239eb274325

Analysis: behavioral23

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:54

Platform

macos-20240214-en

Max time kernel

124s

Max time network

139s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf\"" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/pt-BR.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ba6716217c44200824b31b41378c8903
SHA1 1efa018cbbf13e873832926674183b023a1e1658
SHA256 6d618b43151ef1b19fbf543680f6a5b0643ac85ceb779b369da2c7530c553181
SHA512 a8c6d33677dc4ab30556b424ce48a1a8b8e83b49d345748eb7380aed662e3513175fd69bad2146de45f4b6f9f9b453ab00e0fe3cfc9616e045bc9fd8efb92e20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 52ef57acdaa153c35594e46bde4fe42c
SHA1 c2a5b1748aa61c311b670ef319d92663e3f92b00
SHA256 58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a
SHA512 defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

Analysis: behavioral28

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:57

Platform

macos-20240214-en

Max time kernel

149s

Max time network

158s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 50-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 4e71c84ac08098a88aaef1d89c129524
SHA1 a7b83de98488b3c1ad64e05a7e44b45f27af49da
SHA256 6b64a955a16d5e87b7ba7cb586609f817e37066505fd7d9004e1a1fdaa7e3a08
SHA512 65598b748b2b99732a9a7f56793349b6963a1879b818192fcad984407622cda6366aef8bbb52f404addf8a81217d3916255e1fad28ac61f81dc630901290d698

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral6

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:43

Platform

macos-20240214-en

Max time kernel

85s

Max time network

161s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/de.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
GB 17.57.146.9:5223 29-courier.push.apple.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 a479.dscd.akamai.net udp
US 8.8.8.8:53 a479.dscd.akamai.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 15ee642d3517318fbdf74a9e662766a5
SHA1 2f00fe8865da1851f2afe861e7e4cc3daf09efa1
SHA256 533b808b61c5ec1e16d02cdae3ef27c14b44795c7615b806499d615b6a0b1d68
SHA512 30bf55eec8bc7b38277a3877e93a199af4ef3db74285f910da45a7003eb64916247fa09fd413cca6e5df2dfb8c975738c2118c5e9bd90ce4dd256e8ef705c3e5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral15

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:49

Platform

macos-20240214-en

Max time kernel

150s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/it.lproj/License.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.29.218:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 955bd67496009ae98d748d1968d29ba9
SHA1 db68d20af1ffa6cab5e8950e65851ce536344364
SHA256 b08241dc880a100e234d7db485bba24959d46e3181d730eda5a586b505676522
SHA512 742bb5d7fde8e976d49fd180a3a94b12d9ab389db1eb915eca77f85ddb24a7fc6cd2f85778458649804385779d991dcf0cb2a2f734652968e5e3cb0ebdbcd83c

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 103b14b31224718db434d4ad3969a87b
SHA1 e4f4e96f0062261d3a93ba439fc1444ef931bbba
SHA256 cd596d940fd346acbe52102405549eff11e9342c6d6cdda222560c8d78ad4446
SHA512 9a783a8cfcdb196a90ad41a014b16a9186f2b55fb16ef64fba8d36d7aa4e71265d199a00a11cf1ac1381f7ab0b54e5c79d21b243bddc75e3cf594d9ec4381e31

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

Analysis: behavioral18

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:51

Platform

macos-20240214-en

Max time kernel

149s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/ko.lproj/CepAgreement.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 17.137.170.36:443 tcp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
GB 104.91.71.86:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
GB 104.84.95.239:80 tcp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 23.37.1.157:443 help.apple.com tcp
GB 23.37.1.157:443 help.apple.com tcp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 84689023bf8d710482ca240358f4e945
SHA1 fba0812ffd4bec25efc56cafae72952290500569
SHA256 8f1eabdf335d8f997312815afb52529be1e9d3b4e41c0abeadfba909f545eef1
SHA512 7bd97c7e98146ab80587f7cd6cbce89a83ddc9b1e54f85866c811de82cf0e40718f62d3ce6e1bbdf452ec4ddb7acdf50b56c8b09365188ef7d12b91706cec54c

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

Analysis: behavioral5

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:43

Platform

macos-20240214-en

Max time kernel

97s

Max time network

137s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/cs.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
RO 82.78.25.240:443 tcp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 17.137.170.36:443 tcp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
IE 17.57.146.88:5223 27-courier.push.apple.com tcp
IE 17.57.146.86:5223 27-courier.push.apple.com tcp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 25-courier.push.apple.com udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
GB 104.84.95.239:80 tcp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 a08850280bfa229181bd40d8553b0831
SHA1 08e75e0709b1750af21ad7f03f1cc86ab84e4094
SHA256 47ac1195405231fd60745af5377058b20cada9ea6cbed3948a9e9fbd2ff876c5
SHA512 1a43f9a811a12228ed764ade9351a48f5ab3668414c466074670311164cfe24ff3eb56ac79cf9a01b4a3f290431973c668529e1b4a61f10df9b6dc5ba71b366d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral9

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:45

Platform

macos-20240214-en

Max time kernel

150s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
RO 82.78.25.240:443 tcp
US 17.137.170.36:443 tcp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
GB 104.91.71.85:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27-courier.push.apple.com udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
RO 82.78.25.240:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
GB 95.100.245.89:443 help.apple.com tcp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 24-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 bb3ef5280532447c69cb6be9af316b62
SHA1 e49d586095a3d6ceddb696aab420b5cd0b8b93a4
SHA256 117ed418d6a72ffac01da99b760ef8b9be852074f6145ba13b30af72758945a0
SHA512 4a35c43e5377044888620f909ac3592300ad827296a34e349907bd646c653650d39419c24857cc822c1f53a526b851d45c103b44e070320fbe875f0d7c2309bd

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

Analysis: behavioral29

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:56

Platform

macos-20240214-en

Max time kernel

31s

Max time network

37s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf N/A N/A
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/zh-Hant-TW.lproj/License.rtf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater4B941C11/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
GB 17.57.146.152:5223 tcp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.72.131:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 23.200.147.24:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:40

Platform

macos-20240214-en

Max time kernel

133s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95f24d2f9121654acd5a1c44e572082b
SHA1 ea13b61b35ef396ebe42f09e638a39f13b93fd9b
SHA256 2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e
SHA512 d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 bebf788b918c73081e5de950be8859a0
SHA1 7f1b6a95b5264a717b995a06e3a45f8841dbe8d4
SHA256 51a084ed1d74899b7c6ded7973c7610aab5674b798bc3175ce2509bdca0ebf14
SHA512 c60155f9beaafd2817d14b48bfb61e6562486f5e88e5b962a319d631fe99ffaaa32c27d41867c94909d4e424c8daeb81d259c3135848952f9d98f4ec07b60d8d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 1340033aca269b30874eafa2ec72adfe
SHA1 e1c0e123ffc93a5f22c906c7206a625a149944d1
SHA256 fb10f63de2c68693f4360c0c8cb0dd64e163dde54ffb9c97932d804df4a4f724
SHA512 587feb19b7dcfc422a0feb360fc1a855a766e518d8a16b0e6b1df509706c0b703270449e5688bcc584002f277981d6f1edbed996abdd81b8a402ba968c2d08e6

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-06 20:19

Reported

2024-03-06 20:41

Platform

macos-20240214-en

Max time kernel

88s

Max time network

131s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf\"" N/A N/A
N/A sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf" N/A N/A
N/A /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf" N/A N/A
N/A /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]

/bin/zsh

[/bin/zsh -c /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]

/Users/run/Install

[/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/LicenseBetaPD.rtf]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

Network

Country Destination Domain Proto
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 41531bfeb1fcaa0616c0cac52bb384d3
SHA1 4c17da98d22bc143f3ce373027ed8c9088a1d35d
SHA256 e011a72bbc74022b95a19b372a056dea8fc8a79528ec31ce0187a0192460c842
SHA512 20ce2edfe1860d8d79350ba8646ec6cf269aaba05f144fd57388c06ddb7db2e8248729c6775932400e3cd07759b4bf99a41bc3b83f17601814214239eb274325

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 5303f7aad334b526983e94d3c60a8e4b
SHA1 8bd985ad720466bdec0ddedc65e650ecde4ca332
SHA256 771c48bb7227928924e6c38fc221854afaa37c93430adcc7666acc601494e889
SHA512 68b7b31be6ee1f537709860fe84147c6623e2a96d1adc4198b39e0744da81fe8c2c5bc640d5c15fd2ec999f6b79c30b9390771a7be1eeb3e1972b829ec2ba9a7

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 6b8134f77d2fd419047c9d0bb534965f
SHA1 7f039e7008aa5d4c2eb3facf85338227194bff16
SHA256 2c82a98c41f75fdcd5ea79ed490d58381e6736464e9e5e86db3a3ecc793b0393
SHA512 027cca6d7c53d8e6fb96101b080e73f76eb40d200ab5933854ca85993c0a12be3efd7a18ff489488545baec9e31e84a8b1f5a961f44834a3ac4861dcf40f433b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 54ac2dfc3277cc71d095814696c9d295
SHA1 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893
SHA256 c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da
SHA512 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20