2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66

Analysis

max time kernel
906s
max time network
884s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
11-05-2024 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install Parallels Desktop (5).dmg
Size

1.9MB
MD5

24f906cfda1e856380787927a7443af2
SHA1

9acda3749161f99d8be9408eb618694c56eaa0f9
SHA256

2e697828d0bb36a4aa0085997b62a9cc6a83e13afe94c299e4a707f3282b2a66
SHA512

a58c4c901491b1f18b127a32647844f15abe3a25e40fce04f5361f9f2f5ac4840a607e0f23c4d315da3746a7fcb7081d170910d95ed7e1c936a34f227a865292
SSDEEP

49152:JSyJQgxOqeh6dwzVQm2V4htQgHH4WZaDJ2VVXun:c2QgxOqXMgV4r4WZaDJ2en

Score

7^/10

discovery evasion

Malware Config

Signatures

Queries the macOS version information. 1 TTPs 1 IoCs

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

discovery

System Information Discovery

T1082

ioc	Process
sw_vers -productVersion	Process not Found

File and Directory Discovery. 1 TTPs 1 IoCs

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

discovery

File and Directory Discovery

T1083

ioc	Process
dirname "/Applications/Parallels Desktop.app"	Process not Found

Resource Forking 1 TTPs 17 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found
/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager	Process not Found
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9268C5D8-72B6-4679-8DB5-D4DFB8B7B67C -post-exec 4	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s1	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s1	Process not Found
"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s1 removable readonly	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s1	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s1	Process not Found
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9268C5D8-72B6-4679-8DB5-D4DFB8B7B67C	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s1 removable readonly	Process not Found
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"	Process not Found
/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/Install\\ Parallels\\ Desktop/Install\\ Parallels\\ Desktop.app\""
1⤵
PID:528

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/Install\\ Parallels\\ Desktop/Install\\ Parallels\\ Desktop.app\""
1⤵
PID:528

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/Install\\ Parallels\\ Desktop/Install\\ Parallels\\ Desktop.app"
1⤵
PID:528
- /bin/zsh
  /bin/zsh -c "open /Volumes/Install\\ Parallels\\ Desktop/Install\\ Parallels\\ Desktop.app"
  2⤵
  PID:529
- /usr/bin/open
  open "/Volumes/Install Parallels Desktop/Install Parallels Desktop.app"
  2⤵
  PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:530

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 530
1⤵
PID:531

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:531

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:534

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:535

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:536

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:537

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:538

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:540

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:541

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.softwareupdate.remoteservice 530
1⤵
PID:543

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.softwareupdated
1⤵
PID:544

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.suhelperd
1⤵
PID:545

/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd
"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.parallels.webinstaller.2300
1⤵
PID:548

/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop
"/Volumes/Install Parallels Desktop/Install Parallels Desktop.app/Contents/MacOS/Install Parallels Desktop"
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.SoftwareUpdateNotificationManager
1⤵
PID:549

/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:550

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:551

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:553

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:552

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:553

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:556

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:562

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.rtcreportingd
1⤵
PID:570

/usr/libexec/rtcreportingd
/usr/libexec/rtcreportingd
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.desktopscreeneffect.desktop.remoteservice 530
1⤵
PID:574

/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice
/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 574
1⤵
PID:575

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 286
1⤵
PID:576

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.mobile.keybagd
1⤵
PID:578

/usr/libexec/keybagd
/usr/libexec/keybagd -t 15
1⤵
PID:578

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:580

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:580

/usr/bin/hdiutil
/usr/bin/hdiutil verify /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/ParallelsWebInstaller/Downloads/8D35715F-7AA0-4906-B12B-09E6A3A23B9F/Image.dmg
1⤵
PID:584

/usr/bin/hdiutil
/usr/bin/hdiutil attach /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/ParallelsWebInstaller/MountCopies/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Image.dmg -nobrowse -readonly -mountpoint /Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6
1⤵
PID:585

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9268C5D8-72B6-4679-8DB5-D4DFB8B7B67C
1⤵
PID:586

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9268C5D8-72B6-4679-8DB5-D4DFB8B7B67C -post-exec 4
1⤵
PID:587

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s1 removable readonly
1⤵
PID:590

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s1
1⤵
PID:591

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s1
1⤵
PID:592

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk4s1 removable readonly
1⤵
PID:593

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk4s1
1⤵
PID:594

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk4s1
1⤵
PID:595

/sbin/mount
/sbin/mount -t hfs -o "-u=502,-g=20,-m=755,nodev,noowners,nosuid,rdonly,nobrowse" /dev/disk4s1 /Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6
1⤵
PID:596
- /sbin/mount_hfs
  /sbin/mount_hfs -u 502 -g 20 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o nobrowse /dev/disk4s1 /Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6
  2⤵
  PID:597

/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Install.app/Contents/MacOS/Install
/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Install.app/Contents/MacOS/Install --web-installer --cep 1
1⤵
PID:599

/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app/Contents/MacOS/prl_client_app
"/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app/Contents/MacOS/prl_client_app" --install --skip-update-check --dont-show-eula --set-cep 1
1⤵
PID:600
- /Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app/Contents/MacOS//inittool2
  "/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app/Contents/MacOS//inittool2" check_disk_space -b "/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app" -t "/Applications/Parallels Desktop.app"
  2⤵
  PID:603
- - /bin/bash
    /bin/bash -s -- check_disk_space -b "/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app" -t "/Applications/Parallels Desktop.app" "/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app"
    3⤵
    PID:604
  - - /usr/bin/sw_vers
      sw_vers -productVersion
      4⤵
      PID:606
  - - /usr/bin/logger
      logger -t pdfm-bootstrap -p install.info -s "inittool[604]: Disk space check: source size: 625344 Kb (938016 Kb will require) "
      4⤵
      PID:611
  - - /usr/bin/dirname
      dirname "/Applications/Parallels Desktop.app"
      4⤵
      PID:612
  - - /usr/bin/logger
      logger -t pdfm-bootstrap -p install.info -s "inittool[604]: Disk space check: 1042280072 Kb is available "
      4⤵
      PID:617
- /usr/bin/codesign
  /usr/bin/codesign --verify --verbose -R "=anchor apple generic and certificate leaf[subject.OU] = \"4C6364ACXT\"" "/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app"
  2⤵
  PID:618

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs -update
1⤵
PID:605

/usr/bin/du
du -sk "/Users/run/Library/Caches/com.parallels.webinstaller/MountPoints/2BA64C2B-BC23-4718-B5D1-051BA6AEAAA6/Parallels Desktop.app"
1⤵
PID:609

/usr/bin/cut
cut -f1
1⤵
PID:610

/bin/df
df -k /Applications
1⤵
PID:614

/usr/bin/sed
sed -n 2p
1⤵
PID:615

/usr/bin/awk
awk "{print \$4}"
1⤵
PID:616

/usr/libexec/xpcproxy
xpcproxy com.apple.security.agent
1⤵
PID:619

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
1⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:620

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:620

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:621

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authhost.00000000-0000-0000-0000-0000000186A6
1⤵
PID:623

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
1⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountPolicyHelper
1⤵
PID:624

/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
1⤵
PID:624

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkreporter
1⤵
PID:631

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:631

/usr/libexec/xpcproxy
xpcproxy com.apple.ActivityMonitor.1800
1⤵
PID:633

/System/Applications/Utilities/Activity Monitor.app/Contents/MacOS/Activity Monitor
"/System/Applications/Utilities/Activity Monitor.app/Contents/MacOS/Activity Monitor"
1⤵
PID:633

/usr/libexec/xpcproxy
xpcproxy com.apple.colorsync.useragent
1⤵
PID:634

/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
1⤵
PID:634

/usr/libexec/xpcproxy
xpcproxy com.apple.colorsyncd
1⤵
PID:635

/usr/libexec/colorsyncd
/usr/libexec/colorsyncd
1⤵
PID:635

/usr/libexec/xpcproxy
xpcproxy com.apple.AssetCacheManagerService
1⤵
PID:636

/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService
/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService
1⤵
PID:636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

File and Directory Discovery

T1083

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Printers/InstalledPrinters.plist

Filesize
495B

MD5
3439dcb6d4ce19d3ea022b8bb17cba7a

SHA1
e412c16548b6fcc5fd488315cd70b324ca4d782e

SHA256
aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b

SHA512
8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

Download Submit
/Users/run/Library/Logs/parallels.log

Filesize
284B

MD5
9d731c5229c2d64930cd03b6f86082ea

SHA1
4bbe6a47151bc7b442eb0f817472e3ec36bd22d9

SHA256
30fbdaeb56d1f60f84f1e1b1eb328ef55231323d89f915e3fe095d19b10284bc

SHA512
67ab328413a343ece220bf35090477aa2e19df69fd9d17a9ca6139ec8302333e4eb63e8df4b11c0c39407c49434c379139407caf1a5a492ad9c45dd0514532e0

Download Submit
/Users/run/Library/Logs/parallels.log

Filesize
448B

MD5
0081e64928c59f60172c7f273e4b0260

SHA1
72c4de02b9d5e8bdd8267be5bcca91b478c4aac1

SHA256
efe640d01e26f6020bbb7cce218445672e8399f35d6760dcfcbac57772b6ecf8

SHA512
e6f851cbe8dfbb4cdafb2f9c1e882c7438b8624ea96a15d5045da9b776c3b20a04e8201637c774f79f2126e459cf26440d7ae10403d11ddd640e06d86febb9eb

Download Submit
/Users/run/Library/Logs/parallels.log

Filesize
1KB

MD5
d4e841065743e9d543867fd27ab6d73c

SHA1
d02dabb1a401962c676fa397130c8b4d728b193a

SHA256
c4dba1e05a49ae80f89af2ee87abf2fb5d6e95b89be5b318b573702634624439

SHA512
5fa424584a0a61e06e843185289dce1b11f95a730cb477b7934432d1770b202f36a4ee053a6ea0bb8a3f0bdcb09cba35fcfc6d18030d0fc09511adf01b553dfe

Download Submit
/Users/run/Library/Logs/parallels.log

Filesize
1KB

MD5
a557d29bb1abdd3f861e214c8ab3c5b6

SHA1
d481f81c7eb8a3e79681453b69c387412556ce02

SHA256
80817d6a1d925704ea58c75d6ca77c2c340ecc2d9f0c764ae10004594dfb70f9

SHA512
5dbd4ae0d63a42ef245d48bada998ab3421ab23f7c36232f37c07b501ab88563e05291d1a9c2e588ce6cbaf394b37d785a7596be55f2cf9df6c8a9fa95632ba0

Download Submit
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

Filesize
3KB

MD5
588992ab28c7468d0881544422e87cda

SHA1
06b97ebcbdb4f32ab3992c570cc24fd7650f9983

SHA256
e9156c03ed1335ef5231d36a4e491e161bf92e2d7467df7b6b24ac73021647fd

SHA512
7b999d1cccea3e12fd465a54fb5e82beb8a90134dda84afdb19ec20c4cbcb8c0e3b5b565e099f8ed0a906b28b0ba30a6c181e5b7638709e6c3d975f3e0be4e0e

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.colorsync.profiles.502

Filesize
21KB

MD5
c83acc9b827045c4372a27cd5e8e8f9e

SHA1
7e81d219b7406160b1d75697343deb36bc117694

SHA256
227f5e8731cae1e372c83d2cd81565fe1f98a4d115638c3e64541c6f87099dea

SHA512
b74c6102a388768b962beaef6c4d5711c8e1425576795b75455c6bfdb6785c45f2f8383fcfdd1eca5253a825e51f7f3733ca9c0bf0fbd64d7d14b726465d8723

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/ParallelsWebInstaller/Downloads/8D35715F-7AA0-4906-B12B-09E6A3A23B9F/Image.dmg

Filesize
308.5MB

MD5
3639c84c34cb51aef5cf7bd090fe00b2

SHA1
de3b7460c711d216c6820583552ae03efc5ccdcc

SHA256
98f113662088fe2eb1277fa8ba8b8329a570ac0c4ae5cafa2fa035ea812022a9

SHA512
6d9abbe1523a8441b5f67a985134a3d5ca3740d8329bb76f8d90a2ec3e8a70f07215da1274c2b61b105c40b822ce602e82e1b90f45e5bbf00da23047c037a9fd

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-93231_D52C21CC-64AF-4A24-87B6-B042C0EC4492/MajorOSInfo.pkg

Filesize
1.3MB

MD5
6d8afd08c5949562e136fea58a8c0fb0

SHA1
e8dd773c008073c3af60f128377355385ab83e17

SHA256
21cea63c61fc638ff8557e2e79d74f5a5ca99403fc0e13febbf39b1f28dea2b8

SHA512
21eb5af93eb59f376fd7cdda1a8f6732f258397dead3701c052573093ab75ca3a691e223bc0bdbd6747d0d31f25d2817782f552edc65a8c9297b4311e34df20c

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-93231_D52C21CC-64AF-4A24-87B6-B042C0EC4492/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

Filesize
861B

MD5
333836a7eb95f49b44940b2080fb9fc2

SHA1
3a3ae4545749d078fb34d7c01afedb11798ca663

SHA256
f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685

SHA512
2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-93231_D52C21CC-64AF-4A24-87B6-B042C0EC4492/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

Filesize
1.4MB

MD5
6691db1a52f872d5e2558838b1300191

SHA1
1aae9d9580239f60271c9221dd07e45fe672ef76

SHA256
0dcf31da652109b8f6c02f07085dd415256b8f75fe284dfc4cf1f59df16e05f7

SHA512
39a515bcfb179000d824b504874ed5c23bd4fde10c87b6792ddf33990f35e53253e0864b7be76804acfdca4c3549a0e424b4db2086c74594a47436b39c10dcd5

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-93231_D52C21CC-64AF-4A24-87B6-B042C0EC4492/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

Filesize
148B

MD5
8b4ece7adf04487c3c0892458e42d9de

SHA1
5f54a72c67c2d88ff32b57ff5b24a919e872286c

SHA256
525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb

SHA512
57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

Filesize
1.1MB

MD5
699960709f7edf5720fac2faa6c7781b

SHA1
dcf938302830678653e6e4475ae583901ed0655f

SHA256
209246c53de8783f0946a6a8b5ece3d339cd7f4a085ea8f2453a791965275eb3

SHA512
abd74968bcfe2602f783ce006c6196c0306d36011dd256420ab1c2606b330e2fc6e38a217740575ba1014cc6922d3f164a2da00a86f4af0c244141b394751b00

Download Submit
/var/log/fsck_hfs.log

Filesize
15KB

MD5
41d486ff6a766a544d9e69c76da6f973

SHA1
df0b43da73cf54b4f980e5709297fda729d0f0e3

SHA256
377fe9411530c29e8768e7d8bdb32cb05aada76646cb903d0e4717a83019d050

SHA512
b585eb92e9da1c6c917e7b1bf064803b35809456541e1f5903f62edccabc4208c5fca5af7b60b809959bd1109a5b4680f4a43956ed4c501858aaa9d19e1f6503

Download Submit