Malware Analysis Report

2024-10-16 06:32

Sample ID 240609-g9cb9aeh4y
Target facebook-svgrepo-com.svg
SHA256 dc8be90498f2be6a1776ea47dc99a25bec472dd7d17622022c043e1047481ed6
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

dc8be90498f2be6a1776ea47dc99a25bec472dd7d17622022c043e1047481ed6

Threat Level: Likely benign

The file facebook-svgrepo-com.svg was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 06:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 06:29

Reported

2024-06-09 07:35

Platform

win10-20240404-en

Max time kernel

1200s

Max time network

1596s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\facebook-svgrepo-com.xml"

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424681678" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e4adec8eef71c34b8c7112265bf4da7b00000000020000000000106600000001000020000000a18afd1db1df8b42f3564198b4c11132817d00da35ede4d893f2dddf27ed9f38000000000e8000000002000020000000f74f175751e8b7b4124bff87277efa5a74523a96720c0a98f9f78120934ccdf320000000376c072a0dd0eb89a7659b9e0ae57ffbf6207740580e4088f6e0ee161e701f75400000006a8b52091a7ef6b8e22f4bf4fdc7419c8e6bdbe2094a36bc526251fb913d82846ad1cec6490edf4ad922f16fbcf551419cc7a51e7b6636c3004ddae9b2a41f53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31111739" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e4adec8eef71c34b8c7112265bf4da7b0000000002000000000010660000000100002000000082c001b64779cfb484865f42985a208ee6ca190bbc269804bd3bcbcf67afa60a000000000e80000000020000200000001c7b966b7a014e56d6fb32479f5a92ad0b3a4c1ebe8c84c3caab182eebb52ec5200000004a200f1484b4c4436775e3ddc81217ad23969df0de56fe5334891a5055c926d54000000045eff9987ed10243dfd23a09eda8d8e8bf6284af82b2b4695216ecba8db90e6b6ab42d50dd7b9f9354bc9fc6a525e30eca5d141203165d934d53ef42715c640d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "424730263" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31111739" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1823888934" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1824513860" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1824513860" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f093c46c3bbada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31111739" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "424698272" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31111739" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{981D1B22-262E-11EF-A2FF-6E58476EE47C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1823888934" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\facebook-svgrepo-com.xml"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\facebook-svgrepo-com.xml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:212 CREDAT:82945 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.234.16.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

memory/5116-0-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-2-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-3-0x00007FFEB04C5000-0x00007FFEB04C6000-memory.dmp

memory/5116-1-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-4-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-5-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-7-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-6-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-8-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-11-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-15-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-14-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-21-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-23-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-22-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-19-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-20-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-18-0x00007FFE704B0000-0x00007FFE704C0000-memory.dmp

memory/5116-17-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-16-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-13-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-12-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-10-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

memory/5116-9-0x00007FFEB0420000-0x00007FFEB05FB000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 2e4c622928c87b27dbe1fce59908903e
SHA1 d9523243f087a1977c8688e4809a7afe4ce602e0
SHA256 1bfff9beefb632ccbcd61cc1db292cdbcdd5c58a7dba56856958b3a3ab4cc04e
SHA512 b8abf9937082e8157e3bb6819d9896391f909851dfd2ab46abd6c53f9c29a2c4336ed7103e58f4c7a9de5401fd77375853f3301e1935a201170370daba18f334

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 a0b8838b5e1e357917707b0c1cd14279
SHA1 03cf736d219d33c4ffb39d1cedd4d6c0b88ce40f
SHA256 a9d3880a9d177d54f998cd31f44d8cd74892e3dd45ffefcd26558ebdcadd02b1
SHA512 7ea2ce281ddeb80c026a49ecd69d5d3c5aaeab9e2ef3ebb8b32a27fde54314562dbcb1e7feea438337efd1932ddb278c1f47f93cb829da854dcd51fb3b9e3a7b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verDB5C.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\9K60ZYX4.cookie

MD5 bcc59c66efc7a3706d53876712866f85
SHA1 516b2b0deb3f5c2e32cb2064026a25f865af5c99
SHA256 d9a1c695e17db78138446bc9a07c9713d48fbaf32b864e2f7af01c7d33b80996
SHA512 fc7dd4a378f932029a6debbc2969a544e7b21c989ae6090b02586a5ad48f7de14a0c8ccdce05bec0920d3610ea75205e8066e41c054c057b921b43da42961062

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8S7W85J5\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 06:29

Reported

2024-06-09 07:35

Platform

macos-20240410-en

Max time kernel

1499s

Max time network

1582s

Command Line

[xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer N/A N/A
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer]

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer

[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/facebook-svgrepo-com.xml"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/facebook-svgrepo-com.xml"]

/usr/libexec/xpcproxy

[xpcproxy com.oracle.java.Java-Updater]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/facebook-svgrepo-com.xml]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/bin/zsh

[/bin/zsh -c /Users/run/facebook-svgrepo-com.xml]

/Users/run/facebook-svgrepo-com.xml

[/Users/run/facebook-svgrepo-com.xml]

/bin/sh

[sh /Users/run/facebook-svgrepo-com.xml]

/bin/bash

[sh /Users/run/facebook-svgrepo-com.xml]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.oracle.java.Java-Updater]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
IE 17.57.146.88:5223 tcp
US 8.8.8.8:53 10-courier.push.apple.com udp
GB 17.57.146.155:5223 10-courier.push.apple.com tcp
GB 17.57.146.154:5223 10-courier.push.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A