Analysis
-
max time kernel
330s -
max time network
333s -
platform
macos-10.15_amd64 -
resource
macos-20240410-en -
resource tags
arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
09-06-2024 01:19
Static task
static1
General
-
Target
dfd.txt
-
Size
35B
-
MD5
206946295b10fcf003bd1bb6288edbe0
-
SHA1
504155f51c075cedb5718bee3aeffb93ab80df23
-
SHA256
0fbd7d092fa230ee22935b919f783aa0d51fb03b93483c85a211076daf2ce116
-
SHA512
530afee05bffe3bb70254685836a248637670b044aaded2546c17cf8b4268edaccc0118d60a6016bd689b19e495852cbde9629ff6bba24d354c4fdca07fdb686
Malware Config
Signatures
-
JavaScript 1 TTPs 1 IoCs
Adversaries may abuse various implementations of JavaScript for execution.
Processes:
ioc process "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar -
Resource Forking 1 TTPs 18 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes:
ioc process /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool /System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref /System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd /System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" /System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/7D1C122B-00E7-499E-B6AE-A0DD1642BF58.activeSandbox/Root / /System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update -c /System/Library/PrivateFrameworks/CoreDuetContext.framework/Resources/ContextStoreAgent /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/dfd.txt\""1⤵PID:517
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/dfd.txt\""1⤵PID:517
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/dfd.txt1⤵PID:517
-
/bin/zsh/bin/zsh -c /Users/run/dfd.txt2⤵PID:519
-
/Users/run/dfd.txt/Users/run/dfd.txt2⤵PID:519
-
/bin/shsh /Users/run/dfd.txt2⤵PID:519
-
/bin/bashsh /Users/run/dfd.txt2⤵PID:519
-
/usr/libexec/dmd/usr/libexec/dmd1⤵PID:505
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵PID:529
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵PID:529
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper1⤵PID:530
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper1⤵PID:530
-
/usr/libexec/xpcproxyxpcproxy com.apple.JarLauncher.21281⤵PID:531
-
/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher"/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher"1⤵PID:531
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar2⤵PID:533
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite1⤵PID:532
-
/usr/libexec/xpcproxyxpcproxy com.apple.siri.context.service1⤵PID:555
-
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService1⤵PID:555
-
/usr/libexec/xpcproxyxpcproxy com.apple.PerformanceAnalysis.animationperfd1⤵PID:559
-
/usr/libexec/xpcproxyxpcproxy com.apple.TextInputMenuAgent1⤵PID:560
-
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd1⤵PID:559
-
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent1⤵PID:560
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.cloudkeychainproxy31⤵PID:564
-
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy1⤵PID:564
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵PID:569
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵PID:569
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵PID:570
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵PID:570
-
/usr/libexec/xpcproxyxpcproxy com.apple.secinitd1⤵PID:571
-
/usr/libexec/secinitd/usr/libexec/secinitd1⤵PID:571
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.ContactsAccountsService1⤵PID:573
-
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService1⤵PID:573
-
/usr/libexec/xpcproxyxpcproxy com.apple.routined1⤵PID:574
-
/usr/libexec/routined/usr/libexec/routined LAUNCHED_BY_LAUNCHD1⤵PID:574
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵PID:575
-
/usr/sbin/spindump/usr/sbin/spindump1⤵PID:575
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵PID:576
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵PID:576
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent1⤵PID:577
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent1⤵PID:577
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵PID:578
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵PID:578
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemprofiler1⤵PID:580
-
/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"1⤵PID:580
-
/usr/libexec/xpcproxyxpcproxy com.apple.replayd1⤵PID:583
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵PID:584
-
/usr/libexec/replayd/usr/libexec/replayd1⤵PID:583
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵PID:584
-
/usr/libexec/xpcproxyxpcproxy com.apple.storedownloadd1⤵PID:585
-
/usr/libexec/xpcproxyxpcproxy com.apple.installd1⤵PID:587
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd1⤵PID:587
-
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd1⤵PID:585
-
/usr/libexec/xpcproxyxpcproxy com.apple.system_installd1⤵PID:589
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd1⤵PID:589
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5811⤵PID:592
-
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension1⤵PID:592
-
/usr/libexec/xpcproxyxpcproxy com.apple.nehelper1⤵PID:595
-
/usr/libexec/nehelper/usr/libexec/nehelper1⤵PID:595
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵PID:601
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵PID:601
-
/usr/libexec/xpcproxyxpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A1⤵PID:602
-
/usr/libexec/neagent/usr/libexec/neagent1⤵PID:602
-
/usr/libexec/xpcproxyxpcproxy com.apple.systempreferences.21401⤵PID:605
-
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"1⤵PID:605
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountProfileRemoteViewService 6051⤵PID:606
-
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService1⤵PID:606
-
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool1⤵PID:608
-
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool1⤵PID:609
-
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck1⤵PID:610
-
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref1⤵PID:611
-
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool1⤵PID:612
-
/usr/libexec/xpcproxyxpcproxy com.apple.CoreAuthentication.agent1⤵PID:613
-
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd1⤵PID:613
-
/usr/libexec/xpcproxyxpcproxy com.apple.nfcd1⤵PID:614
-
/usr/libexec/nfcd/usr/libexec/nfcd1⤵PID:614
-
/usr/libexec/xpcproxyxpcproxy com.apple.studentd1⤵PID:615
-
/usr/libexec/studentd/usr/libexec/studentd1⤵PID:615
-
/usr/libexec/xpcproxyxpcproxy com.apple.Photos.StorageManagementExtension 5801⤵PID:616
-
/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension1⤵PID:616
-
/usr/libexec/xpcproxyxpcproxy com.apple.messages.StorageManagementExtension 5801⤵PID:619
-
/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension1⤵PID:618
-
/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"1⤵PID:619
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.Trash 5801⤵PID:620
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension1⤵PID:620
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.iOSFiles 5801⤵PID:621
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension1⤵PID:621
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.CloudFiles 5801⤵PID:622
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension1⤵PID:622
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.Mail 5801⤵PID:623
-
/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement1⤵PID:623
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.GarageBand 5801⤵PID:624
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension1⤵PID:624
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.Applications 5801⤵PID:625
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.AppleInternal 5801⤵PID:626
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension1⤵PID:626
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension1⤵PID:625
-
/usr/libexec/xpcproxyxpcproxy com.apple.CloudDocsDaemon.StorageManagement 5801⤵PID:628
-
/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension1⤵PID:627
-
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement1⤵PID:628
-
/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension1⤵PID:629
-
/usr/libexec/xpcproxyxpcproxy com.apple.STMExtension.OtherUsers 5801⤵PID:630
-
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension1⤵PID:630
-
/usr/libexec/xpcproxyxpcproxy com.apple.iBooksX.DiskSpaceEfficiency1⤵PID:631
-
/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency1⤵PID:631
-
/usr/libexec/xpcproxyxpcproxy com.apple.CloudPhotosConfiguration1⤵PID:633
-
/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration1⤵PID:633
-
/usr/libexec/xpcproxyxpcproxy com.apple.akd1⤵PID:640
-
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd1⤵PID:640
-
/usr/libexec/xpcproxyxpcproxy com.apple.installandsetup.systemmigrationd1⤵PID:641
-
/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd1⤵PID:641
-
/usr/libexec/xpcproxyxpcproxy com.apple.storagekitd1⤵PID:642
-
/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd1⤵PID:642
-
/usr/libexec/xpcproxyxpcproxy com.apple.automountd1⤵PID:643
-
/usr/libexec/automountdautomountd1⤵PID:643
-
/usr/libexec/od_user_homes/usr/libexec/od_user_homes .localized2⤵PID:644
-
/usr/libexec/od_user_homes/usr/libexec/od_user_homes .localized2⤵PID:647
-
/usr/libexec/od_user_homes/usr/libexec/od_user_homes .localized2⤵PID:649
-
/usr/libexec/xpcproxyxpcproxy com.apple.iconservices.iconservicesagent1⤵PID:645
-
/System/Library/CoreServices/iconservicesagent/System/Library/CoreServices/iconservicesagent runAsRoot1⤵PID:645
-
/usr/libexec/xpcproxyxpcproxy com.apple.adid1⤵PID:646
-
/System/Library/PrivateFrameworks/CoreADI.framework/adid/System/Library/PrivateFrameworks/CoreADI.framework/adid1⤵PID:646
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.9BDA1F03-CD59-454E-8966-1F2CD0D89BE3 5271⤵PID:650
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵PID:650
-
/usr/libexec/xpcproxyxpcproxy com.apple.softwareupdated1⤵PID:651
-
/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"1⤵PID:651
-
/usr/libexec/xpcproxyxpcproxy com.apple.suhelperd1⤵PID:652
-
/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"1⤵PID:652
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid1⤵PID:655
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/7D1C122B-00E7-499E-B6AE-A0DD1642BF58.activeSandbox/Root /1⤵PID:656
-
/usr/libexec/xpcproxyxpcproxy com.apple.mobile.keybagd1⤵PID:657
-
/usr/libexec/keybagd/usr/libexec/keybagd -t 151⤵PID:657
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update/System/Library/PrivateFrameworks/PackageKit.framework/Resources/efw_cache_update -c1⤵PID:658
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash.Root1⤵PID:659
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash daemon1⤵PID:659
-
/usr/libexec/xpcproxyxpcproxy com.apple.mobile.keybagd1⤵PID:666
-
/usr/libexec/keybagd/usr/libexec/keybagd -t 151⤵PID:666
-
/usr/libexec/xpcproxyxpcproxy com.apple.mobileassetd1⤵PID:668
-
/usr/libexec/mobileassetd/usr/libexec/mobileassetd1⤵PID:668
-
/usr/libexec/xpcproxyxpcproxy com.apple.coreservices.useractivityd1⤵PID:669
-
/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd/System/Library/PrivateFrameworks/UserActivity.framework/Agents/useractivityd1⤵PID:669
-
/usr/libexec/xpcproxyxpcproxy com.apple.ContextStoreAgent1⤵PID:670
-
/System/Library/PrivateFrameworks/CoreDuetContext.framework/Resources/ContextStoreAgent/System/Library/PrivateFrameworks/CoreDuetContext.framework/Resources/ContextStoreAgent1⤵PID:670
-
/usr/libexec/xpcproxyxpcproxy com.apple.ScreenTimeAgent1⤵PID:671
-
/System/Library/PrivateFrameworks/ScreenTimeCore.framework/Versions/A/ScreenTimeAgent/System/Library/PrivateFrameworks/ScreenTimeCore.framework/Versions/A/ScreenTimeAgent1⤵PID:671
-
/usr/libexec/xpcproxyxpcproxy com.apple.secinitd1⤵PID:672
-
/usr/libexec/secinitd/usr/libexec/secinitd1⤵PID:672
-
/usr/libexec/xpcproxyxpcproxy com.apple.dmd1⤵PID:675
-
/usr/libexec/dmd/usr/libexec/dmd1⤵PID:675
-
/usr/libexec/xpcproxyxpcproxy com.apple.bird1⤵PID:676
-
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird1⤵PID:676
-
/usr/libexec/xpcproxyxpcproxy com.apple.trustd1⤵PID:678
-
/usr/libexec/xpcproxyxpcproxy com.apple.pluginkit.pkd1⤵PID:679
-
/usr/libexec/pkd/usr/libexec/pkd1⤵PID:679
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.B17EE640-EFBB-48C5-9A42-0C354F5B17E3 6771⤵PID:680
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵PID:680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/7D1C122B-00E7-499E-B6AE-A0DD1642BF58.activeSandbox/Boms/com.apple.pkg.IncompatibleAppList.10_15.16U1923.bom
Filesize61KB
MD52f0f49de9ad6128f83b55002ddc0c733
SHA1348b668dd78199b508fa73253568f3024a03410f
SHA2564bde0dc120c8239b758f62e655e23be5f09b41f32f666bffa05e0104e8109d46
SHA5126ed163e207886dd7661e67944197ef84c663eb129ca8c988d2fade90fa7e626b581627165521b3e9a8be77c04c12936ac40e1311750c2ad0aae4f6707910a4aa
-
Filesize
355B
MD5a6ef4856e99c9d8e1d9bb762c5a8503a
SHA125d5405ad91791b716ae5a56b37aa2b393854967
SHA256232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa
SHA512582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489
-
Filesize
355B
MD52f01f7a00c85e424f82b00b2bf794a7c
SHA1c75cb52aa31012888dd7c65373d5faba6048c425
SHA25623d6746cb1c1906c9cfb5c69f7377f7cb68965ac0708ed1d600bfd3d3c34ce32
SHA51275131e0145182653cef2edbb968853c9cb3c26c37c5821f3cd69c3ecdde7979ae37e74ecea8ad333090a473177c6dad43bc34f94a8fd104cd4c9b16c8f7b54f8
-
Filesize
124KB
MD56ba326900fa2dda7c308ebb519aa8fc7
SHA124860f2d4e9f619a6a9072da26566637eba85125
SHA2568985de2c9aaab005af4a92591f793509444ad1b7edd54ac7246a19f885d73b0a
SHA51272fee0d66aa16538f2cec13d94f8c47c7f91fc835ccbc87c33a5eebe34b6f9fc31d051418de5411dbf24a67f267a21379b0b92f26c47f01bcedcf1589857be40
-
Filesize
179KB
MD59a43af57707d2fb460832049d1f217d1
SHA1056d813f8cb5198ca82072f7e3484f38ea5267f8
SHA2567224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c
SHA5121f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7
-
Filesize
3KB
MD545470925605843090b70a58026b0aa31
SHA1dd267ff58a8c0401e701735fea784657ec5c49cd
SHA256773f492fbd23cb2e16a6f336ca9a931b86bb50fcb510b58eec0147eb3fa8daef
SHA512e52e9a24da527a5c0e8529f9511525b2908f196b9422cd5a76604208635ed513eeaf0b6be672691713d32f37138f0e0774a8572e863c3e3cc3f7eedd7a79b03e
-
Filesize
3B
MD530bb3825e8f631cc6075c0f87bb4978c
SHA1867cd58f3fe352905cc5b21cb41c523ca92da469
SHA256fbe697429f16141bc71e3b91f3823641c8dd258dd58bf076241514754954cb8c
SHA51229e8529df01d63d69bfb72b172915c6a1a67f7250760332394c3521f69032a1ecc4faa0442e4b5598fd3c70cef524c9be9033d19aa0f45e8d6254d789ad8524c
-
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/SMIncompatibleAppUpdate/CFNetworkDownload_obMSEV.tmp
Filesize324KB
MD58ac8e766276bb799857b359b3a4f2347
SHA1075fe1052e1e6de0a38aaa7711a54e8a77bb65f8
SHA256a0ee16e403dd8609ce56b56a111b2926b591d368b6e99a41c836beb280dcf687
SHA51260f88aacc4d89e7a52aa30a469b430f781006fac52b320c2acd05d8f3ace9638a042fa0b0000885293cf6ee391915e7d68ffc656f4056fcb6de3b638d52a6439
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818