Resubmissions
23-05-2024 09:12
240523-k6dmpabf5s 1023-05-2024 08:55
240523-kvsmgabd54 1023-05-2024 08:46
240523-kpqwpabb8x 1018-05-2024 14:00
240518-ra6rxseh59 10Analysis
-
max time kernel
207s -
max time network
217s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
-
submitted
23-05-2024 08:55
General
-
Target
Mixed In Key 8.dmg
-
Size
10.4MB
-
MD5
58680abd58baca826c2029f32e5b78b3
-
SHA1
98040c4d358a6fb9fed970df283a9b25f0ab393b
-
SHA256
b34738e181a6119f23e930476ae949fc0c7c4ded6efa003019fa946c4e5b287a
-
SHA512
be852ea2a0ce7a119392f6f28033dfcec27ac897f3479767287da8e5b2babd2cff95b94c399e64d5f219fbef3508a3a2f2b2f4346e057ddce416353825994d28
-
SSDEEP
196608:1kBu2wBiw00Bsqbxxf15AS2710A8O2RgXuHueFrs/7M+49/jhHh/:ig2whsQr5ASEcO28enS/7J4tT/
Malware Config
Signatures
-
EvilQuest
EvilQuest family.
-
EvilQuest payload 1 IoCs
-
Compromise Client Software Binary 1 TTPs 2 IoCs
Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server.
-
File Permission 1 TTPs
Adversaries may modify file permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Installer Packages 1 TTPs 2 IoCs
Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content. Installer packages are OS specific and contain the resources an operating system needs to install applications on a system.
-
Launch Daemon 1 TTPs
Adversaries may create or modify Launch Daemons to execute malicious payloads as part of persistence. Launch Daemons are plist files used to interact with Launchd, the service management framework used by macOS.
-
AppleScript 1 TTPs 10 IoCs
AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.
-
File and Directory Discovery. 1 TTPs 1 IoCs
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
-
Resource Forking 1 TTPs 18 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
-
Command and Scripting Interpreter 1 TTPs
Adversaries may abuse Unix shell commands and scripts for execution.
-
Launchctl 1 TTPs 10 IoCs
Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"installer -pkg /Users/run/setup.pkg -target /\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"installer -pkg /Users/run/setup.pkg -target /\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"1⤵
-
/bin/zsh/bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"2⤵
-
-
/usr/sbin/installerinstaller -pkg /Users/run/setup.pkg -target /2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵
-
/usr/sbin/spindump/usr/sbin/spindump1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent1⤵
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemprofiler1⤵
-
/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.installd1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.replayd1⤵
-
/usr/libexec/replayd/usr/libexec/replayd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.storedownloadd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.system_installd1⤵
-
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5521⤵
-
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/InstallerSandboxes/.PKInstallSandboxManager/891F6843-C1DB-42F6-ABC4-82D3BF0F75FC.activeSandbox/Root /1⤵
-
/tmp/PKInstallSandbox.GGB96Q/Scripts/com.mixedinkey.installer.Yy1SKI/postinstall/tmp/PKInstallSandbox.GGB96Q/Scripts/com.mixedinkey.installer.Yy1SKI/postinstall /Users/run/setup.pkg /Applications / /1⤵
-
/bin/bash/bin/sh /tmp/PKInstallSandbox.GGB96Q/Scripts/com.mixedinkey.installer.Yy1SKI/postinstall /Users/run/setup.pkg /Applications / /1⤵
-
/bin/mkdirmkdir /Library/mixednkey2⤵
-
-
/bin/mvmv /Applications/Utils/patch /Library/mixednkey/toolroomd2⤵
-
-
/bin/rmdirrmdir /Application/Utils2⤵
-
-
/bin/chmodchmod +x /Library/mixednkey/toolroomd2⤵
-
-
/Library/mixednkey/toolroomd/Library/mixednkey/toolroomd2⤵
-
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update -c1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/usr/bin/csrutil/usr/bin/csrutil status1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.SecureElementHelper 6011⤵
-
/System/Library/SystemProfiler/SPSecureElementReporter.spreporter/Contents/XPCServices/SecureElementHelper.xpc/Contents/MacOS/SecureElementHelper/System/Library/SystemProfiler/SPSecureElementReporter.spreporter/Contents/XPCServices/SecureElementHelper.xpc/Contents/MacOS/SecureElementHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.printtool.agent1⤵
-
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool1⤵
-
/bin/shsh -c "/usr/bin/cups-config --version --build"1⤵
-
/bin/bashsh -c "/usr/bin/cups-config --version --build"1⤵
-
/usr/bin/cups-config/usr/bin/cups-config --version --build1⤵
-
/bin/bash/bin/sh /usr/bin/cups-config --version --build1⤵
-
/usr/bin/dirnamedirname /usr/bin/cups-config2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.iBridgeDiscovery 6121⤵
-
/System/Library/SystemProfiler/SPiBridgeReporter.spreporter/Contents/XPCServices/iBridgeDiscovery.xpc/Contents/MacOS/iBridgeDiscovery/System/Library/SystemProfiler/SPiBridgeReporter.spreporter/Contents/XPCServices/iBridgeDiscovery.xpc/Contents/MacOS/iBridgeDiscovery1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.PerformanceAnalysis.animationperfd1⤵
-
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Photos.StorageManagementExtension 5491⤵
-
/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension1⤵
-
/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.iOSFiles 5491⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.GarageBand 5491⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension1⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.Mail 5491⤵
-
/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.CloudDocsDaemon.StorageManagement 5491⤵
-
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement1⤵
-
/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension1⤵
-
/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.Trash 5491⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.messages.StorageManagementExtension 5491⤵
-
/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.AppleInternal 5491⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.iBooksX.DiskSpaceEfficiency1⤵
-
/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.CloudFiles 5491⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.Applications 5491⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension1⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.OtherUsers 5491⤵
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.CloudPhotosConfiguration1⤵
-
/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AppStore.19001⤵
-
/System/Applications/App Store.app/Contents/MacOS/App Store"/System/Applications/App Store.app/Contents/MacOS/App Store"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.automountd1⤵
-
/usr/libexec/automountdautomountd1⤵
-
/usr/libexec/od_user_homes/usr/libexec/od_user_homes .localized2⤵
-
-
/usr/libexec/od_user_homes/usr/libexec/od_user_homes .localized2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.installandsetup.systemmigrationd1⤵
-
/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.storagekitd1⤵
-
/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.storeuid1⤵
-
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.iconservices.iconservicesagent1⤵
-
/System/Library/CoreServices/iconservicesagent/System/Library/CoreServices/iconservicesagent runAsRoot1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 6441⤵
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.B5F839AB-3043-4E98-BD01-EA24ABB7ADB0 5581⤵
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵
-
/bin/shsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/bin/bashsh -c "osascript -e \"do shell script \\\"launchctl load -w /Library/LaunchDaemons/com.apple.questd.plist;launchctl start questd\\\" with administrator privileges\""1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.mobile.keybagd1⤵
-
/usr/libexec/keybagd/usr/libexec/keybagd -t 151⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.softwareupdated1⤵
-
/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.suhelperd1⤵
-
/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.18641⤵
-
/System/Applications/Maps.app/Contents/MacOS/Maps/System/Applications/Maps.app/Contents/MacOS/Maps1⤵
-
/System/Applications/TV.app/Contents/MacOS/TV/System/Applications/TV.app/Contents/MacOS/TV1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Terminal.21001⤵
-
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal1⤵
-
/usr/bin/loginlogin -pf run2⤵
-
/bin/zsh-zsh3⤵
-
/usr/libexec/path_helper/usr/libexec/path_helper -s4⤵
-
-
/usr/bin/localelocale LC_CTYPE4⤵
-
-
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.accessibility.mediaaccessibilityd1⤵
-
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.mediaremoted1⤵
-
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/50A8793C-CE4F-467A-A9C2-7A0D85D6040A.activeSandbox/Root /1⤵
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update -c1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.appleseed.FeedbackAssistant.21521⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.reminders.25921⤵
-
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/MacOS/Feedback Assistant"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/MacOS/Feedback Assistant"1⤵
-
/System/Applications/Reminders.app/Contents/MacOS/Reminders/System/Applications/Reminders.app/Contents/MacOS/Reminders1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Photos.18761⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.accountsd1⤵
-
/System/Applications/Photos.app/Contents/MacOS/Photos/System/Applications/Photos.app/Contents/MacOS/Photos1⤵
-
/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.mail.25761⤵
-
/System/Applications/Mail.app/Contents/MacOS/Mail/System/Applications/Mail.app/Contents/MacOS/Mail1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.FaceTime.18601⤵
-
/System/Applications/FaceTime.app/Contents/MacOS/FaceTime/System/Applications/FaceTime.app/Contents/MacOS/FaceTime1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.iChat.18801⤵
-
/System/Applications/Messages.app/Contents/MacOS/Messages/System/Applications/Messages.app/Contents/MacOS/Messages1⤵
-
/usr/libexec/xpcproxyxpcproxy com.google.Chrome.30561⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20281⤵
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari1⤵
-
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.GameController.gamecontrollerd1⤵
-
/usr/libexec/gamecontrollerd/usr/libexec/gamecontrollerd1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/Users/run/Library/Application Support/Google/Chrome/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.CoreLocationAgent1⤵
-
/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent1⤵
-
/usr/bin/profiles/usr/bin/profiles status -type enrollment1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.videoconference.camera1⤵
-
/usr/libexec/avconferenced/usr/libexec/avconferenced1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.colorsync.useragent1⤵
-
/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.colorsyncd1⤵
-
/usr/libexec/colorsyncd/usr/libexec/colorsyncd1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome1⤵
-
/usr/bin/tar/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.sandboxd1⤵
-
/usr/libexec/sandboxd/usr/libexec/sandboxd1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=23"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.agent1⤵
-
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 6951⤵
-
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=15"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.accountsd1⤵
-
/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.WeatherService1⤵
-
/System/Library/PrivateFrameworks/WeatherFoundation.framework/Versions/A/XPCServices/WeatherService.xpc/Contents/MacOS/WeatherService/System/Library/PrivateFrameworks/WeatherFoundation.framework/Versions/A/XPCServices/WeatherService.xpc/Contents/MacOS/WeatherService1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountPolicyHelper1⤵
-
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash1⤵
-
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded1⤵
-
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler "--database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes" "--url=https://clients2.google.com/cr/report" "--annotation=plat=OS X" "--annotation=prod=Keystone" "--annotation=ver=1.3.17.192" "--handshake-fd=4"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.google.keystone.system.xpcservice1⤵
-
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=19"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=488631439" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=59"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=489095722" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=59"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.accountsd1⤵
-
/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.TextInputMenuAgent1⤵
-
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.TextInputSwitcher1⤵
-
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵
-
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent1⤵
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent1⤵
-
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--launch-time-ticks=498458936" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=76"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=12" "--launch-time-ticks=498661514" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=76"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=10" "--launch-time-ticks=498726895" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=79"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=11" "--launch-time-ticks=498922308" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=83"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=98"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.accountsd1⤵
-
/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd/System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.17801⤵
-
/System/Applications/Contacts.app/Contents/MacOS/Contacts/System/Applications/Contacts.app/Contents/MacOS/Contacts1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=14" "--launch-time-ticks=505059426" --shared-files "--field-trial-handle=1718379636,r,18280503282546683875,7203910115830509750,131072" "--seatbelt-client=81"1⤵
-
/System/Applications/Podcasts.app/Contents/MacOS/Podcasts/System/Applications/Podcasts.app/Contents/MacOS/Podcasts1⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2AppleScript
1Unix Shell
1System Services
1Launchctl
1Persistence
Compromise Host Software Binary
1Create or Modify System Process
1Launch Daemon
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Create or Modify System Process
1Launch Daemon
1Event Triggered Execution
1Installer Packages
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5eb5ba03f7e18e66f902c3080682d4476
SHA1f9fb20c25769bf24b717a18755d442b00f91ee9b
SHA25625462eb1953770cb4b44669d2480c5b772a977de699caa181c408f20835790ab
SHA51267f30b0ace358bf41322235c10262f44324f2b8e11b50702ff95afd52c39934edfcc16d7009332dd60cdfb4a416b1a375474637acfd58f319bc08cd987408dc5
-
Filesize
1.9MB
MD578349859202df2b3fe03dfcdddfe1f33
SHA14d5d157abe44202b396305a9aa0c1a5f8e64b4c1
SHA2566a7c5843439123fbec749b43782634210f96a5f83d2b331eae7e109a0c070c6f
SHA51294acd83181cd567028f5734d5fd584709df15ae1f6ee27b5e2e28003054b24dabe4c1c2fd956360ddd209118e80583737120507b5a8f7a6eba496a680709d1d9
-
Filesize
552B
MD5ade267dd9251c015a8ba6e64e884996c
SHA1ad0cffe5fd769674c8f17df298b73fcf004b0846
SHA256dc821dbcc2e81b74bb7995a8ee2b9e791971b292684418f4f5b0121789d4d7b1
SHA5121a1be590f8d7a63dd9c1c603fef33426a0c4906a5529f00d8431dbc27f71f596734851182635c92b544c5baf7a5474951a33fa3c98d9629410a40a2971f32ae4
-
Filesize
85KB
MD5322f4fb8f257a2e651b128c41df92b1d
SHA1efbb681a61967e6f5a811f8649ec26efe16f50ae
SHA2565a024ffabefa6082031dccdb1e74a7fec9f60f257cd0b1ab0f698ba2a5baca6b
SHA51233c8cf815e4b37a3481c0ba4dfb14a4735a46575f6f70d5b351a8595e4ec8886224577c89c80d726f2e3d7cf2460d0cdd983379acb5fda0a9b7310f86c988e53
-
Filesize
61KB
MD52f0f49de9ad6128f83b55002ddc0c733
SHA1348b668dd78199b508fa73253568f3024a03410f
SHA2564bde0dc120c8239b758f62e655e23be5f09b41f32f666bffa05e0104e8109d46
SHA5126ed163e207886dd7661e67944197ef84c663eb129ca8c988d2fade90fa7e626b581627165521b3e9a8be77c04c12936ac40e1311750c2ad0aae4f6707910a4aa
-
Filesize
99KB
MD50f07cb15d467adba0a80120ef583d92c
SHA19a66033fcbbd2c4a4ad82d173b7d686febcd7509
SHA256977d7b35b060620e979cd8337ef0e4972afc08388986354b7a6b57763d0450d4
SHA512e681f21eb24279dd9bf4f9c9f339f075e6e948d497fb42c4bf614425c4c62bae8fb9e71d9efc61a50f3d6957c211aaebbc20d36836a0d212d96950c252f93561
-
Filesize
82B
MD55f57248f8a15969f55f716d8e7ce1447
SHA12daf28e0b224464534eecc6576c5b87e05cad4a7
SHA25603ee1b034d79af0d5bc807f1560e7ffd5554ff56fcf29a47b3ac5db4f7fa4eb5
SHA5122d9a3e97a5b991d9d22ef5e008f1828b9a7f8b8aa35111250edf45f9ed3f772378119f2a8c18cf5d1141f34d0b04200eadc7b75f1aaa57e0c15083c28f73c5c7
-
Filesize
435B
MD5a3d34532a7dd2cd1d73cea75deb0677f
SHA13019d1c50907fb2597121c03619990c5670ff6f4
SHA256779a31e4de99f9de28de8bf064c504382e050c114e2e865cc1f694c7e6339735
SHA51252618a5f14247c909a3857b122a124d0ddd00890c128cf041976182423b3d728cab11daf5b6a1adb6845d062b54083e72380184b6f76369482305c2782bedd91
-
Filesize
314B
MD58dddd2eccec0319403f085aead8a28a6
SHA1257c763a4614b52ed900646aee04fb5bf4317203
SHA2569c99e853005363ef20f2a97895e42fa09e29ae7902aebcdf6ebb795cfdd94f88
SHA512c68f6a16eba3e091319b5ed6356cccee1c75d3e77204d7fa77e0f055ebba04ef36a83ac96eba6c3d02b2a0bb773f4a1976f99453d24147288c9844df818ba443
-
Filesize
40B
MD5fcb4024c6dc53a5b72c492fd960762d7
SHA182c43024d9e274bf2b8a5d1e505d65cf3873fb92
SHA2565cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6
SHA5125373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
339B
MD561a867b6e4a24cfcfd32ddef25ac3229
SHA187cc4516fbce1700174d8ea27c9d2cb70a60a1fd
SHA2569cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5
SHA5123678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc
-
Filesize
569B
MD5b5db1f091948de93d7fc96e14aef6da3
SHA174745f991e3dfe45037366e55c2e6df47d8e6593
SHA256b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e
SHA512d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34
-
Filesize
269B
MD56487e04972ecffd0aabf7b61bdda8119
SHA126f0b11a2529a35f6970a914deadfcf2e2d23286
SHA256241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172
SHA51244db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae
-
Filesize
136B
MD5fe382e791274914bee5950777e4f1fd3
SHA153b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67
-
Filesize
2KB
MD5e0f65ad85a40a32fa91e551005e193ce
SHA1a145766d5df23ae5fcd23dbb6937606f280f3502
SHA25618b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8
SHA512bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425
-
Filesize
288B
MD5b47a44bdd1b765b6af56b347447fd1b7
SHA18599a1870656af91e432bb35e3497863e34ddfbb
SHA25679b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06
SHA512bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0
-
Filesize
88B
MD544d48b8856347f58f97ffd5efbf6fb52
SHA1749ac5298ea842c613f3748abe9e488bfdf4b382
SHA256cd3a65a738c66abb558545cea94329fd7d882f1f4877cea4a5af32d024dbbce3
SHA512974fc97ed31ccbc19dc976128a41f1fa032e353fdb8cf1e9b7b7f07134c022e01451f7ceb07f91b0ac4b6d97bc320224a2edd471d3e44f5ab5359f41584a8a50
-
Filesize
84B
MD5e32332952b2ccee296093224aea5acf9
SHA1c0418197668954a7baa345478971e86b9ae132b0
SHA2563c247e22168f7bd24cff896e8b9200d3c4f3229d4a15f5353c4c61483dabfd52
SHA512089266dd43d52eef5fc38f15e217b3c9d7dae317757cbbfee9d0f21fb2264753de8c9b9c55736113d8e2a560c7d29a9d8ce5f13af742af380d4ccd717a04f5ec
-
Filesize
40B
MD5a30a3013aaafaa0d534dd31655d3c741
SHA15afd87ea28558f6970f1c17d5305f640ec649b06
SHA2563c3b1523ecf2d67b99ab0d14ab60ff783c4a5fafa5cd8b9facba8ad7356a4a21
SHA512412b333c4a24672dd6592e3d6005cf522ca256e6406daca8e87c56b9e000c393ba5b022354dc78c1230fff9238f4a6b13a678b94d143bd75724ffc346df0dd62
-
Filesize
104KB
MD52c84f1aefa060991f0d168991cfec372
SHA14298ee860645b0edc08aada25ec90cdeb59e673d
SHA2567729e0b2e265aa3a71beaa5da63325a813083cbcd31d26fb8172089bbed18892
SHA5125e35e3433c910a5da21dc8145636683e7983ed99b6492559ed9366f5967a3c8e66a0b0422acd8bf4a5071cd48c0b030a0894e64ac7127a6f3fcd1d008242581f
-
Filesize
423B
MD5eb73619f4e724257ff0fd951883a30ae
SHA15032251e50b32e340d8171631a598596bad8991e
SHA2566e56467f3f5502588094c91e2d58bbb1e43c4e8171093db14931dd41788e17d4
SHA512ec95c395414181bc77c7a2980fbd3fe69b718aa98c878e514c3f28b738e1669488126cbdfa96e3a182afd8536b54bc1791a044fa3535d1fd3fad54dfda337b7c
-
Filesize
410B
MD5eff4310ffc622456a471538f2d90bda1
SHA1dc5adc7993188ffca61ea067500ffc8b0b1e8ddf
SHA2563dcaa2a31d0f0330587373dede28eea088cc50c797090076160a27432155ceb4
SHA512f8dc1480ec216d96377026ec247bd9a76b6148d617eba1c38dc1fd7226b6fa80848fef23a3e94b146e07fa8c7c63c645ff0831156de4f2aa6d5cdef3d67971ae
-
Filesize
258B
MD57c1b09c1e7c6e1d2616a8c6dba140275
SHA1c30f1766c4229cee3de5c1b20c923137a70e254b
SHA2561df12bfb181c827a3cdde5684d1e35fb1232bbc064863fff7633d26d63e12b9a
SHA512cbc0ccf3da2bb8850ce58ff2901b8a4e321b52bafc1ca17c3ddf93f246099f585ebe0510b98cdfe460dec4fbf027527381ef72e8b308e286d8b6d64985d3dbae
-
Filesize
11.8MB
MD5daba6fc5bf6e8e3c535c4ea8edccdeda
SHA13446af625da0e829a8279d4afd2f8e34b0c1de4d
SHA2562f57f1cb98e9cac4865a1d2752c2b4f5050863618668a9ce65befaa0120b8255
SHA512fc364fe3d97350d54b540d67dfb2d43b9b8cd210cd93fee1871cf710498d8290d69b766c3dd4244bab168c65545d09cfb00f0f5b1421d8e82a8ca895b44a8790
-
Filesize
3B
MD57f24d240521d99071c93af3917215ef7
SHA1a4c36ded9dbf60a5a9dceb0d0a1e3b17ac92f8cf
SHA2561f09802c4beac758321ae8a9f94d752b0976c7d54baa6e511bba8a7374107bef
SHA51219c7a8d2900e7eb43ad2e9cdaa64a5a574e6e039ca67897c26678e3f7b749433e3692a6c979e2b669f1ee6fa19f1fcaf8bba152805ca9c48123cfe5d1e303702
-
Filesize
3B
MD5a9a6653e48976138166de32772b1bf40
SHA184582c1dbe026475319df14c19967d1dd0bf751f
SHA2566bcaea9882504292b2f6ea37a84b215463e71ab73b824ee90ecdc10c8dde71ed
SHA512da79b500393269c29fb78461f75af01e8108ef0bf7f9dc6635b60d271b9bd16fe1215f6f72bb8d002d0f248712606cc360a3d68b1f8eab00521b760b20fa855c
-
Filesize
190B
MD503fc4e3ef9bdbccd7ea68537970ce472
SHA17cc289badfe38c5677175fa38810e0e18c51e1d3
SHA256abcce423690c96a06414f68090db40cbdaee12b67f90d1ca64bddbdc1d11d097
SHA5126f089d9c977fabc18e0a599c8239200031b6eeed1fbbd2f8197bb82e7cdd8f695b220902bef49276c6b1ca8784ebc3503aba841146a4ce36b1b571703e832bf1
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818
-
Filesize
324KB
MD58ac8e766276bb799857b359b3a4f2347
SHA1075fe1052e1e6de0a38aaa7711a54e8a77bb65f8
SHA256a0ee16e403dd8609ce56b56a111b2926b591d368b6e99a41c836beb280dcf687
SHA51260f88aacc4d89e7a52aa30a469b430f781006fac52b320c2acd05d8f3ace9638a042fa0b0000885293cf6ee391915e7d68ffc656f4056fcb6de3b638d52a6439