Malware Analysis Report

2024-10-10 07:17

Sample ID 240611-p3pb8sxdpd
Target guildmark.bmp
SHA256 40d6a40e69b42201ed1b8a1ad95c3ce565ca5a875f0c53853b26de3116fdb346
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

40d6a40e69b42201ed1b8a1ad95c3ce565ca5a875f0c53853b26de3116fdb346

Threat Level: Likely benign

The file guildmark.bmp was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 12:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 12:51

Reported

2024-06-11 12:54

Platform

macos-20240410-en

Max time kernel

51s

Max time network

54s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/guildmark.bmp"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded N/A N/A
N/A /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 631F0539-6EDC-46B5-85FB-6ED3F3F2834F N/A N/A
N/A /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 631F0539-6EDC-46B5-85FB-6ED3F3F2834F -post-exec 4 N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/guildmark.bmp"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/guildmark.bmp"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/guildmark.bmp]

/bin/zsh

[/bin/zsh -c /Users/run/guildmark.bmp]

/Users/run/guildmark.bmp

[/Users/run/guildmark.bmp]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.google.Chrome.3056]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/run/Library/Application Support/Google/Chrome/Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=19]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=19]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=47]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]

/usr/libexec/xpcproxy

[xpcproxy com.google.keystone.system.xpcservice]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=299759999 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=60]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=299816251 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=60]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=302976085 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=73]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=303382556 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=69]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=303517606 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=78]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=303873573 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=78]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=99]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=14 --launch-time-ticks=308829669 --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=99]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=104]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,4057124330346728912,913656420407514116,131072 --seatbelt-client=99]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/usr/libexec/xpcproxy

[xpcproxy com.google.keystone.daemon]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]

/usr/bin/hdiutil

[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.XvjoAYWJJG/com.google.Keystone.dmg -plist]

/usr/bin/hdiutil

[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.XvjoAYWJJG/com.google.Keystone.dmg -plist]

/usr/bin/hdiutil

[/usr/bin/hdiutil imageinfo /tmp/KSDownloadAction.XvjoAYWJJG/com.google.Keystone.dmg -plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.hdiejectd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 631F0539-6EDC-46B5-85FB-6ED3F3F2834F]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper

[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 631F0539-6EDC-46B5-85FB-6ED3F3F2834F -post-exec 4]

Network

Country Destination Domain Proto
AU 40.79.173.41:443 tcp
DE 17.253.79.202:80 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 23.200.147.27:443 tcp
US 8.8.8.8:53 gspe35-ssl.ls-apple.com.akadns.net udp
NL 72.246.172.153:443 tcp
N/A 224.0.0.251:5353 udp
GB 104.91.71.139:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 tools.google.com udp
GB 172.217.169.46:443 tools.google.com tcp
GB 172.217.169.46:443 tools.google.com tcp

Files

/tmp/com.google.Keystone/.keystone_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Keychains/login.keychain-db

MD5 1c3449dfeccd8a434855acb448cabf60
SHA1 29c687cd99524cefbc4c17efba8150225c6e93ff
SHA256 c36815f8eae33ba96258053447f2fe33cb5d2645ef7ae5c19bd6dee4ba0aeb72
SHA512 d4401904d9eb24a9980f4c1196dac7b7e0dbeea4f51ede8f77e8678164ffbedcb04fc1edcba15be298b22a57680854e188718d427263816f57f781c62e31e0dc

/Users/run/Library/Keychains/login.keychain-db

MD5 891b56c191d133cfc798773edbad90ab
SHA1 4890120b1159bb02892b664faa71e669a60e6e14
SHA256 5e48aca7ab9acd4ac80cd32c34cbfb3f220201284bf5f3550b761e59057b75ec
SHA512 82d52b06a23e5c2eb25dd92f09911ba39ee3f93463c9306b28ec03a34988c1ebd475793e15fc340f64fae0f53bb0fe6463ada5ca3189e908407837c497cb075f

/Users/run/Library/Keychains/login.keychain-db

MD5 141123ed69e5ed9178dfa89460a79391
SHA1 e3f79773f9e5021f30dbfe84c8bea685743c54ae
SHA256 d120ad008d84ee27c3d07d25d73d112e6cf2f6fe2bd6fd31320401a099fb7157
SHA512 dd0f3f0f88a31db8a413e90458e481fc467cf1cc4202b5ca195ca84a6ea3ddd37f14654a8b996357f3e01ee0e0b182bc1bd38ec80be4a1eb7042fd956eb23936

/Users/run/Library/Keychains/login.keychain-db

MD5 60177c7f7c704b813698f473ca154834
SHA1 dd587456dc059fe8fe499888b0e7624efdca2e7a
SHA256 e9419360cc63081e7f4850da2ebea516a2c3efd0eea6c0b76cd27499c427a8c8
SHA512 d11e307f4499fc2ed6b37d92004d38755c38401c066d51270918a4eef5a3d6701549dad347eef4c2f92d94b567a4afdee6001c5dcdbafa6afc69a39274abff9c

/Users/run/Library/Keychains/login.keychain-db

MD5 3e127f22ba1c8dacf78f4e0881203084
SHA1 bb01afca55c8d8d8f3907a001adcf2c6e8d57095
SHA256 7995f05a65d0cc00deb1e65aa02eee66b28bc29a8585b29d1cf4c43b35800b82
SHA512 b5f86fdb42e347fd6b4ad185ca759b8707f5e690023b6019eefc59e0be80ee269281eaff3042ddb5bf6fc435687456e46731200f57b1822bb580153d387c2cb3

/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 fcb4024c6dc53a5b72c492fd960762d7
SHA1 82c43024d9e274bf2b8a5d1e505d65cf3873fb92
SHA256 5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6
SHA512 5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b

/Users/run/Library/Keychains/login.keychain-db

MD5 d7e9727ae2fc0c9cd865c25fe5bcd339
SHA1 c83b8bbd24388dc92ae6fc47ace9ecc54a4f3946
SHA256 3ca783f27f3a7f42e95e8125beb66bb49cc2b5d89ba5edc32dfc9d44d1a5621f
SHA512 a1cd207c6165e9ab3ee7028a1931677d4ffa2271bd643bdd63591b656d9cb0fa53689e61e240cbc0dbc2cd66de014e74fd42c61e5473387f4832c75865cd1536

/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 6487e04972ecffd0aabf7b61bdda8119
SHA1 26f0b11a2529a35f6970a914deadfcf2e2d23286
SHA256 241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172
SHA512 44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae

/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes/settings.dat

MD5 a30a3013aaafaa0d534dd31655d3c741
SHA1 5afd87ea28558f6970f1c17d5305f640ec649b06
SHA256 3c3b1523ecf2d67b99ab0d14ab60ff783c4a5fafa5cd8b9facba8ad7356a4a21
SHA512 412b333c4a24672dd6592e3d6005cf522ca256e6406daca8e87c56b9e000c393ba5b022354dc78c1230fff9238f4a6b13a678b94d143bd75724ffc346df0dd62

/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb

MD5 61a867b6e4a24cfcfd32ddef25ac3229
SHA1 87cc4516fbce1700174d8ea27c9d2cb70a60a1fd
SHA256 9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5
SHA512 3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc

/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 b5db1f091948de93d7fc96e14aef6da3
SHA1 74745f991e3dfe45037366e55c2e6df47d8e6593
SHA256 b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e
SHA512 d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34

/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 b47a44bdd1b765b6af56b347447fd1b7
SHA1 8599a1870656af91e432bb35e3497863e34ddfbb
SHA256 79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06
SHA512 bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0

/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 e0f65ad85a40a32fa91e551005e193ce
SHA1 a145766d5df23ae5fcd23dbb6937606f280f3502
SHA256 18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8
SHA512 bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425

/tmp/KSOutOfProcessFetcher.xwyxlYYMeB/download

MD5 ca53a734bbe38220d65088c61ce60c22
SHA1 f42f8a00a06c2c275ab41b0ab98470bdc29149b2
SHA256 c239cbb96768cf7fbe8f27fd3a53756ff1ea95e8d2cdbe690f08f044bd6653a8
SHA512 1244556e00132981ad49578f2967a80fcf866e0e1cdef56f5a44b5f55411084cb1ed5c399ce2c93e51c2f74f6f0648b14fe5c9353e34aa9b99130189486d2f86

/tmp/KSDownloadAction.XvjoAYWJJG/com.google.Keystone.dmg

MD5 95dd7783a6dcbc67db38065dc6890e02
SHA1 681dc1756764a00bf283682b76e7cd0a9b146ab1
SHA256 f20dd079c81dd144948ddad2f1c183ace818d98f42095b6e9ff5f44eca4a7175
SHA512 02230a3fb9175711ed7257b47ba1aa92ded977008c474537afb1cbe67adf52e68de2860d400e7fb59bfebb9b8cc0f9fb35e73dd03acfd800bd67a77f7fb8c7c1