9e95222b65e9828db3c08ea768860f08770ee862992545b4053cce0e687f2cf3

Analysis

max time kernel
283s
max time network
285s
platform
macos-10.15_amd64
resource
macos-20240611-en
resource tags

arch:amd64arch:i386image:macos-20240611-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
26-06-2024 21:55

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe
Size

1.5MB
MD5

ac432710be3034102b6e8c410cef68d0
SHA1

e3860c3c4ad0e5cada323c0ea3da16ff8345b8a9
SHA256

6d24667f79a928f9c78e96ca0050113590d21dbd0180be145b88cd9f0e6855bb
SHA512

058932076551c3b73beb99c99055bd49de0d9063de645c0a8a9fce86d279dbff1fe1b2244c60f18fac1e981f9b8502ec4fa3f51b90584e4e26e17b69cf06e050
SSDEEP

24576:49l/xuBpt6eBtKWxSvwR8FQ8NQo0wngODSVXT5Xwdsrya3AWOE:Ulit68K4Sv+8TQ1XT5X4sr1w4

Score

7^/10

evasion persistence privilege_escalation

Malware Config

Signatures

Login Items 1 TTPs 1 IoCs
Adversaries may add login items to execute upon user login to gain persistence or escalate privileges. Login items are applications, documents, folders, or server connections that are automatically launched when a user logs in.
persistence privilege_escalation

Login Items
T1547.015

Processes:

ioc process

"/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"

ioc	process
"/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"

Resource Forking 1 TTPs 17 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -k disk2s2
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -p disk2s2 removable readonly
/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs -q /dev/rdisk2s2
/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/PrivateFrameworks/AppleMediaServices.framework/Resources/amsaccountsd

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe\""
1⤵
PID:522

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe\""
1⤵
PID:522

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe"
1⤵
PID:522
- /bin/zsh
  /bin/zsh -c "/Users/run/PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe"
  2⤵
  PID:524
- /Users/run/PC
  /Users/run/PC Building Simulator 2 v1.0-v1.6 Plus 9 Trainer.exe
  2⤵
  PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:528

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:529

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:530

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:531

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:553

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:554

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:555

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:557

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:559

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:562

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:563

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:565

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:568

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:569

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 560
1⤵
PID:571

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:576

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:581

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:582

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:583

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:585

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:586

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:587

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.nehelper
1⤵
PID:589

/usr/libexec/nehelper
/usr/libexec/nehelper
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.Terminal.2100
1⤵
PID:590

/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
1⤵
PID:590
- /usr/bin/login
  login -pf run
  2⤵
  PID:594
- - /bin/zsh
    -zsh
    3⤵
    PID:597
  - - /usr/libexec/path_helper
      /usr/libexec/path_helper -s
      4⤵
      PID:599
  - - /usr/bin/locale
      locale LC_CTYPE
      4⤵
      PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:592

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountPolicyHelper
1⤵
PID:595

/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
1⤵
PID:595

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:603

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:603

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:614

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:614

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:615

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:615

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 615
1⤵
PID:616

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:616

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:617

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:618

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:619

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:620

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:621

/usr/libexec/xpcproxy
xpcproxy com.apple.CoreAuthentication.agent
1⤵
PID:622

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:623

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:625

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:625

/usr/libexec/xpcproxy
xpcproxy com.apple.Localization.remoteservice 615
1⤵
PID:626

/System/Library/PreferencePanes/Localization.prefPane/Contents/XPCServices/Localization.remoteservice.xpc/Contents/MacOS/Localization.remoteservice
/System/Library/PreferencePanes/Localization.prefPane/Contents/XPCServices/Localization.remoteservice.xpc/Contents/MacOS/Localization.remoteservice
1⤵
PID:626

/usr/libexec/xpcproxy
xpcproxy com.apple.sharingd
1⤵
PID:627

/usr/libexec/sharingd
/usr/libexec/sharingd
1⤵
PID:627

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:628

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:628

/usr/libexec/xpcproxy
xpcproxy com.apple.adid
1⤵
PID:629

/System/Library/PrivateFrameworks/CoreADI.framework/adid
/System/Library/PrivateFrameworks/CoreADI.framework/adid
1⤵
PID:629

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:631

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:631

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:632

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:632

/usr/libexec/xpcproxy
xpcproxy com.apple.CoreLocationAgent
1⤵
PID:635

/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent
/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent
1⤵
PID:635

/usr/libexec/xpcproxy
xpcproxy com.apple.icloud.fmfd
1⤵
PID:636

/usr/libexec/fmfd
/usr/libexec/fmfd
1⤵
PID:636

/usr/libexec/xpcproxy
xpcproxy com.apple.iCloudHelper
1⤵
PID:637

/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper
/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper
1⤵
PID:637

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:638

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:638

/usr/libexec/xpcproxy
xpcproxy com.apple.CalendarNotification.CalNCService 312
1⤵
PID:639

/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService
/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService
1⤵
PID:639

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:640

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:640

/usr/libexec/xpcproxy
xpcproxy com.apple.languageassetd
1⤵
PID:641

/usr/libexec/xpcproxy
xpcproxy com.apple.systemadministration.writeconfig
1⤵
PID:642

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:643

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:644

/usr/libexec/xpcproxy
xpcproxy com.apple.sharingd
1⤵
PID:645

/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig
/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig
1⤵
PID:642

/usr/libexec/xpcproxy
xpcproxy com.apple.amsaccountsd
1⤵
PID:646

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:643

/usr/libexec/languageassetd
/usr/libexec/languageassetd
1⤵
PID:641

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:644

/usr/sbin/nvram
/usr/sbin/nvram "prev-lang:kbd=en-GB:252"
1⤵
PID:647

/usr/libexec/sharingd
/usr/libexec/sharingd
1⤵
PID:645

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -p disk2s2 removable readonly
1⤵
PID:648

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -k disk2s2
1⤵
PID:649

/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs
/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs -q /dev/rdisk2s2
1⤵
PID:650

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:651

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:652

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:652

/System/Library/PrivateFrameworks/AppleMediaServices.framework/Resources/amsaccountsd
/System/Library/PrivateFrameworks/AppleMediaServices.framework/Resources/amsaccountsd
1⤵
PID:646

/usr/libexec/xpcproxy
xpcproxy com.apple.DictionaryServiceHelper
1⤵
PID:653

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.xpc/Contents/MacOS/com.apple.DictionaryServiceHelper
1⤵
PID:653

/sbin/mount
/sbin/mount -t apfs -o "nobrowse,owners" /dev/disk2s2 /Volumes/Preboot
1⤵
PID:655
- /sbin/mount_apfs
  /sbin/mount_apfs -o nobrowse -o owners /dev/disk2s2 /Volumes/Preboot
  2⤵
  PID:656

/usr/libexec/xpcproxy
xpcproxy com.apple.efilogin-helper
1⤵
PID:658

/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
1⤵
PID:658

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:660

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:660

/usr/sbin/nvram
/usr/sbin/nvram "prev-lang:kbd=ru:252"
1⤵
PID:661

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:664

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:664

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:665

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:665

/usr/libexec/xpcproxy
xpcproxy com.apple.iconservices.iconservicesagent
1⤵
PID:667

/System/Library/CoreServices/iconservicesagent
/System/Library/CoreServices/iconservicesagent runAsRoot
1⤵
PID:667

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:670

/usr/libexec/xpcproxy
xpcproxy com.apple.sharingd
1⤵
PID:671

/usr/libexec/sharingd
/usr/libexec/sharingd
1⤵
PID:671

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:670

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:672

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:672

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:651

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 658
1⤵
PID:673

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:673

/usr/libexec/xpcproxy
xpcproxy com.apple.suggestd
1⤵
PID:674

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:675

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:675

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1⤵
PID:674

/usr/libexec/xpcproxy
xpcproxy com.apple.mobile.keybagd
1⤵
PID:676

/usr/libexec/keybagd
/usr/libexec/keybagd -t 15
1⤵
PID:676

/usr/libexec/xpcproxy
xpcproxy com.apple.speech.speechsynthesisd
1⤵
PID:677

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
1⤵
PID:677

/usr/libexec/xpcproxy
xpcproxy com.apple.languageassetd
1⤵
PID:679

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:680

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:680

/usr/libexec/xpcproxy
xpcproxy com.apple.sharingd
1⤵
PID:681

/usr/sbin/nvram
/usr/sbin/nvram "prev-lang:kbd=ru:252"
1⤵
PID:682

/usr/libexec/languageassetd
/usr/libexec/languageassetd
1⤵
PID:679

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:683

/usr/libexec/sharingd
/usr/libexec/sharingd
1⤵
PID:681

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:683

/usr/sbin/nvram
/usr/sbin/nvram "prev-lang:kbd=ru:252"
1⤵
PID:684

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:685

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:685

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:686

/usr/sbin/nvram
/usr/sbin/nvram "prev-lang:kbd=ru:252"
1⤵
PID:687

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:686

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:688

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:688

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:690

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:690

/usr/sbin/nvram
/usr/sbin/nvram "prev-lang:kbd=ru:252"
1⤵
PID:691

/usr/libexec/xpcproxy
xpcproxy com.apple.sharingd
1⤵
PID:692

/usr/libexec/sharingd
/usr/libexec/sharingd
1⤵
PID:692

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:693

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:693

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:695

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:697

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:697

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:698

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:699

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:699

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:698

/usr/libexec/xpcproxy
xpcproxy com.apple.systemevents.2156
1⤵
PID:701

/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events
"/System/Library/CoreServices/System Events.app/Contents/MacOS/System Events"
1⤵
PID:701

/usr/libexec/xpcproxy
xpcproxy com.apple.FolderActionsDispatcher
1⤵
PID:703

/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher
/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd
1⤵
PID:703

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:704

/usr/libexec/xpcproxy
xpcproxy com.apple.rtcreportingd
1⤵
PID:705

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:704

/usr/libexec/rtcreportingd
/usr/libexec/rtcreportingd
1⤵
PID:705

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:706

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:706

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:707

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:707

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:710

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:711

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:711

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:712

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:712

/usr/libexec/xpcproxy
xpcproxy com.apple.sessionlogoutd
1⤵
PID:713

/System/Library/CoreServices/sessionlogoutd
/System/Library/CoreServices/sessionlogoutd
1⤵
PID:713

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:714

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:714

/usr/libexec/xpcproxy
xpcproxy com.apple.notificationcenterui.agent
1⤵
PID:715

/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter
/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter
1⤵
PID:715

/usr/libexec/xpcproxy
xpcproxy com.apple.dmd
1⤵
PID:716

/usr/libexec/dmd
/usr/libexec/dmd
1⤵
PID:716

/usr/libexec/xpcproxy
xpcproxy com.apple.FolderActionsDispatcher
1⤵
PID:718

/usr/libexec/xpcproxy
xpcproxy com.apple.ncplugin.stocks 715
1⤵
PID:719

/usr/libexec/xpcproxy
xpcproxy com.apple.ncplugin.weather 715
1⤵
PID:720

/usr/libexec/xpcproxy
xpcproxy com.apple.iCal.CalendarNC 715
1⤵
PID:721

/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
1⤵
PID:719

/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
1⤵
PID:721

/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
1⤵
PID:720

/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher
/System/Library/CoreServices/FolderActionsDispatcher.app/Contents/MacOS/FolderActionsDispatcher launchd
1⤵
PID:718

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:722

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:722

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:724

/usr/libexec/xpcproxy
xpcproxy com.apple.imklaunchagent
1⤵
PID:725

/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
1⤵
PID:725

/usr/libexec/xpcproxy
xpcproxy com.apple.PressAndHold 725
1⤵
PID:726

/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension
"/System/Library/Input Methods/PressAndHold.app/Contents/PlugIns/PAH_Extension.appex/Contents/MacOS/PAH_Extension"
1⤵
PID:726

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:727

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:728

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:728

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:729

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:732

/sbin/shutdown
/sbin/shutdown -r now
1⤵
PID:0
- /bin/sh
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:735
- /bin/bash
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:735
- /usr/bin/wall
  /usr/bin/wall -n
  2⤵
  PID:735
- /System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
  iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin
  2⤵
  PID:1.8446744073709552e+19
- /usr/sbin/spindump
  spindump -shutdownstall 2 -timelimit 5
  2⤵
  PID:737
- /bin/sh
  sh -c /usr/sbin/kextstat
  2⤵
  PID:739
- /bin/bash
  sh -c /usr/sbin/kextstat
  2⤵
  PID:739
- /usr/sbin/kextstat
  /usr/sbin/kextstat
  2⤵
  PID:739
- /bin/bash
  bash /private/var/install/shutdown_installer_tasks
  2⤵
  PID:741
- /bin/bash
  bash /private/var/install/deferred_install
  2⤵
  PID:742

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

T1547.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

T1547.015

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
443B

MD5
95d1f6a479ea836bed553646ebef85c1

SHA1
19da469018294e373c788d888e5c55e0bb18695e

SHA256
fc78047a7293b7fba3abe949497f397804f86e2ff04c29c4a549df60aa877aa2

SHA512
3f9b8aa7efc6cbbcf6672e0d08a630178c653894d800e9125ed18774de105bc564b097120e98b5711cec5d05d95b41fe822019bc10038055eabf341b0c12845d

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
443B

MD5
b5ed1a4aa9f5eb7122af5b836de7cefc

SHA1
50f9e5dbb61125650245824f2bc6b466ede59bf6

SHA256
c81bb42621fd0e666a3863f06db96ab6f5f2631cf135d41e2916c25d973c1056

SHA512
3986a6f6457f3f794a04034f6d905cdb7ab37e67fd3d266a1aa7bf5deaeb544097d0c8668642288f2a6dfb33f343147241d2130abbff33f20140c6608f4a1211

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
499B

MD5
9340b88202324ed91858f73825b4576c

SHA1
139e2b4d614ef442ebfbfcd1566bee4be72424e3

SHA256
6727270ec28d600fc7422c36ec040eff5ae61f2f7972416846c43b43b23a2108

SHA512
09d6f5e3cd9c0759d5b9d697c6d54f8a4800a8a2a825a0dc6145cf3ee2c8010ecec0efe4872dcfe48c9e30f556bf2bea334a908c6b072d41a5efeca9428d0b88

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
529B

MD5
e14c2e8fa1749f0fc36f99f589628010

SHA1
9171aa3866d23dabc2e2d4b1429b625db8890061

SHA256
0740dd931d74792d7c74c0dd0a8f3693d744280760da2e9a5b5b16e5bdd8fab4

SHA512
7af8052409f9301813a4cf579fefa45e519b03e3ecbe1c49547b5cbd64e408f9999100c5e6bfe5c4ced6cfa6697334b9194d709afa022f645e09760ec5f225ae

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
529B

MD5
46436618dc51cff74f62f5c3bf19767d

SHA1
9967b0fce2aa86c0734ca425dd1ff22ff5137399

SHA256
9d130d113e900eab3b79dc090c080c25379eb1a70149d2d4a97425ee323ac7f0

SHA512
0daa9ef3fb852e344202433870363e8f2e1747deedea309655a575ba019a62212866767623672fa12ac57fae54fd0cdeeaac4b63402fb32b28c8142f026e48da

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
529B

MD5
2562e32262b0934bebd14551ea40a5ea

SHA1
f24f4b47421afb6f714eb159fddeb19d670fcc3f

SHA256
1da1a90b64e1ef1873b6f28a0382c7f484475397ba2e0a924034a082663fa8bc

SHA512
df8c71a6ebdb11cb6e65cacfeb964293e4390063ec0b2f4c69f27cedac78a3af7cadb9f08c07cfe4ed149aadaaa55bce3da566442307deb0ff52887d1f99c4a6

Download Submit
/Users/run/.CFUserTextEncoding

Filesize
7B

MD5
d4b4eaace597f859436a392eb100a171

SHA1
f9d103af5e9fefd7f10c8c3427606759589218a1

SHA256
bd605d2eae2bc28178ba94d69e189242f971d699c5846addae706d7e52bc69fd

SHA512
ab717f09c492a964bea99d795a4bae22efa92e7eac441c77cc390b877633c939874440f36e6248f1e122be236ba82927fc768c03f4df59ebd6f3dee44e7c0dd2

Download Submit
/Users/run/.CFUserTextEncoding

Filesize
8B

MD5
0af442a87f6301bd32f8ca06fe8487a6

SHA1
f2e0abd4e87880dc8d2ae2c230b488b17236beb2

SHA256
a0a557b8e500ae0ca05425c0efeb9c6256e1dcf553edbfbfe2271df8ee1f901c

SHA512
4f78c95a1d2a6c811ff07eeae9868e1caabb796ae22594faddd40ecf13bb43456c92711dd708b68bb3ae53722e4d57bbe3a6359fc785777b522bbbda8b7ad070

Download Submit
/Users/run/Library/Application Support/com.apple.spotlight/parsecResources.plist

Filesize
413B

MD5
62c1bdb601e6743006bff4b179dfeac2

SHA1
037929708a4818dc49ba063101c370181854ad94

SHA256
1d1f58869d07b92bd772a1e26d6f963a0acfc63fcf092353b7c3651175526998

SHA512
ad0d2666d95a16c1b418f3cf91666f86341a08a76183925bb30eb83f6ca728e5ae263e889283ef1a2f7a9d2cb06f55fb6ff2728c3f97c0f97bfa32dc0e11b5f6

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
771517fd16736a68de6285bf8812e696

SHA1
e975f399eed1d76351eb7929df44a75a4832c8ba

SHA256
3ddbb9455931c392c9cb99a2609ac15224afd9129d497aaa6ce4b9366ac7179a

SHA512
da11cfaafdab6d32d6c5eb148f5b0d3d362454ceb0ee75cc50027a32ab282762f3a0da0faf72c220a7901005ebb89a07915b4cb3fee683240ea734f60a5925f6

Download Submit
/Users/run/Library/Caches/GeoServices/ResourceManifest.pbd

Filesize
248KB

MD5
3b197703ab5216868882d2d147dc3d9a

SHA1
be9f7fb1d230797e7ebcc1cd1b0f96dab506b2d1

SHA256
194f70521f315a743d7c51c78efaa8a5a64607424fcf3cd95d20968287b11662

SHA512
c88daa537e83f21e53a8e211e987ab94b8c298b09bd57278a88e5f7308d1cd58b497c7600fadfa921e98470f02c85f3244e07a9ab78133df4068304f0b6ffd0f

Download Submit
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml

Filesize
179KB

MD5
9a43af57707d2fb460832049d1f217d1

SHA1
056d813f8cb5198ca82072f7e3484f38ea5267f8

SHA256
7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c

SHA512
1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7

Download Submit
/Users/run/Library/Preferences/com.apple.security.cloudkeychainproxy3.keysToRegister.plist

Filesize
640B

MD5
14798ea64c710aadfdc1694b0b3c596c

SHA1
7788e2cc3bf6a656b570446cd668cb8319d113b9

SHA256
8201fe862ae9353835d600f5af778d0ef72559d41d7b9f07a59421f02ee6b1c3

SHA512
de70b800ea2dd56b76992e7d7e57890ed224488bb40e270067bf9965152f20f65f1487b14a06fd6dafe80b6bddb8d9b50ddc8e5ca1a4eb7b550232ed56098902

Download Submit
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

Filesize
4KB

MD5
81826f8bb6688855dc94ea40318fcef8

SHA1
c7f445d4ee8cd1022ad2df946c0cc14a1988505f

SHA256
1a99b3fd1780ae47102bf8c4b9caccdf164e152503e8038e6e19926ed8a2408b

SHA512
9b04160edd9309495dee95f9b8418f8c0c697f86b85e7d528c7937d8b546e742be4b82a11c53ec02ba5388e5202273d877adf66317d2f6e235a8b3a4cba6fd16

Download Submit
/Users/run/Library/Saved Application State/com.apple.terminal.savedState/data.data

Filesize
1008B

MD5
4a5cc5c670366db82dd887f1b654bcbd

SHA1
2f1b7deb75fd746ee76e41a650a420c12001ac0a

SHA256
58dfb033c8040354ecee8ec648ca6a22194dfa9da3c1b22128858449f53b5683

SHA512
190f231e37c5824c1056ed87b1a2ce6e45fca1c7fa86bef4b0ac5d73aa2db1c137d1e9297b00a018abfc3abe13859d3457d6b8e0208ecd8bb971949f2e155dac

Download Submit
/dev/ttys000

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/var/db/locationd/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
8c654c8fc1a60c67f83a4dd6f3d95115

SHA1
8a59b80cf114b6aaebe9551f26f2a4a82318813e

SHA256
c799c79a819f7010ab1d8c32317830b46fe75b60a4173b2f7acd9051721869cc

SHA512
4f961c65df1f4d25ef80d656e784de1ce3136e98dc528eb590904cfda1fe08c7921973a96c5a704fff4760cf8b56d09b6d48dcf84bc7d7e169db1501dc638d16

Download Submit
/var/db/locationd/Library/Caches/GeoServices/ResourceManifest.pbd

Filesize
248KB

MD5
63eba826d6b4747fb50dccd97b3687eb

SHA1
309f8be63d851cd711cb2a657fe4883ec3631233

SHA256
352fc2aa53b2fb834851b078dec96ef37148da2fda946db76a7d9b421f204b12

SHA512
38b40d453f95379213afb4581ed4b5f5696a18b3b2ca3d069d1ab837578d6017d223aa01c66bdff44fc0f7863842ff3b24c0f9f561bf0c391eee15b09beeddf8

Download Submit
/var/db/locationd/Library/Caches/GeoServices/networkDefaults.plist

Filesize
6KB

MD5
57487c5e523f4e461e97ab98b41803aa

SHA1
c631fbf25dc6f23be44ccc2670b334278800c63e

SHA256
67725d05a0ce28bf4ccbfcde82acfcaa627c0eeb7678d5c8e5b7649a7f158f8d

SHA512
9d9826379ab15e2da65a2a32bc3584b201d79e89e3a7d6e554b2398b7a0ada77241144be6d69fc749526029838293d5107f96f45392fe6a07a05dd2f4d07a3bf

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
181KB

MD5
cb7fade982e6b0bbf54e2b831f64f989

SHA1
ca9c3e587a8de9e4bb226c5c25936556178762af

SHA256
a0066551acd20bd394d4d8622fd5635d5c047f90c8452c30eed245e599ca1357

SHA512
6f3b9098f1372c8e4b1431adfef4a51d047c2fba359f153fc5149ff1b51675b59aa91484f5d2303c49708cb42d8cdc3659fd1d361fa13eef5fd575e67b721605

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit