556fd6a1478c7ef931b891b6bf66a56b58f0aacc2af20b95084b638d7382b063

Analysis

max time kernel
1439s
max time network
2281s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
14/07/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-07-13 8.23.12 PM.png
Size

27KB
MD5

0f21015a4e03df1d0512369a4a476a6c
SHA1

52509e4698ef7656978e34876c0b5a567e1e0c20
SHA256

556fd6a1478c7ef931b891b6bf66a56b58f0aacc2af20b95084b638d7382b063
SHA512

12db1e3a0645f07282c6c0e940dbb65230a40d2fdbd0f96cbcd5ac40bb0758e101c83737d60c17382a188856b2760f9448492a196ee578bc72e84eace0d302c6
SSDEEP

768:rtbyeZym3QSpdMz3e3itsXwwpUcCNBD+OfZNU5DZi:5wuQSjMDe3AXz/Dnc5DZi

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 16 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd	Process not Found
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy	Process not Found
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Screenshot 2024-07-13 8.23.12 PM.png\""
1⤵
PID:472

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Screenshot 2024-07-13 8.23.12 PM.png\""
1⤵
PID:472

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Screenshot 2024-07-13 8.23.12 PM.png"
1⤵
PID:472
- /bin/zsh
  /bin/zsh -c "/Users/run/Screenshot 2024-07-13 8.23.12 PM.png"
  2⤵
  PID:473
- /Users/run/Screenshot
  /Users/run/Screenshot 2024-07-13 8.23.12 PM.png
  2⤵
  PID:473

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:509

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:509

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:510

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:510

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.44E44536-30C0-45FB-AC6E-9E0F4B640A02 509
1⤵
PID:511

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:511

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:517

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.6A305599-805E-437C-A42A-4B1B653B680B 509
1⤵
PID:518

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:518

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 509
1⤵
PID:522

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:523

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.E19F4F24-1523-41A4-BFE0-194A03791A0E 509
1⤵
PID:526

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.9267A4E3-5ECA-4742-B3BA-B6C25127DDCD 509
1⤵
PID:533

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:543

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 526
1⤵
PID:544

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:545

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:547

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:548

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.FE61F46D-FAF4-490C-A8BF-65116DD9B1C9 509
1⤵
PID:549

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.DBA436B2-48E9-4B1E-AEBC-66E7A9BC1B07 509
1⤵
PID:550

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:550

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.CC4B2EFA-27D4-443A-99EB-BFD2F3BE105C 509
1⤵
PID:551

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.30D89043-0CA3-4CF9-BC8D-BC1B17B343D4 509
1⤵
PID:552

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2CF5B143-9595-4ECA-AB55-E7BFE78B52EA 509
1⤵
PID:553

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 552
1⤵
PID:554

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.6EC925D3-44A6-419A-8ABA-6C4C52B785D9 509
1⤵
PID:555

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.56A3208A-540B-4548-8950-1093DF7D2899 509
1⤵
PID:556

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.16770BC2-1AF1-4B99-8013-D9FB064E7EB3 509
1⤵
PID:557

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.D35034C7-FC72-4CA8-B74D-C0CBA58E1534 509
1⤵
PID:558

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.34D390A7-1863-4E6F-A41C-5D6B35A3732D 509
1⤵
PID:559

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SandboxBroker 509
1⤵
PID:561

/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.3F646189-5F04-4E8D-82C5-54804CC21A1E 560
1⤵
PID:563

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy "com.apple.xpc.launchd.oneshot.0x10000001.QuickTime Player"
1⤵
PID:564

/System/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player
"/System/Applications/QuickTime Player.app/Contents/MacOS/QuickTime Player" -psn_0_221238
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.XprotectFramework.AnalysisService 498
1⤵
PID:565

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 563
1⤵
PID:566

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 563
1⤵
PID:568

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 564
1⤵
PID:570

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.StreamingUnzipService 172
1⤵
PID:571

/System/Library/PrivateFrameworks/StreamingZip.framework/Versions/A/XPCServices/com.apple.StreamingUnzipService.xpc/Contents/MacOS/com.apple.StreamingUnzipService
/System/Library/PrivateFrameworks/StreamingZip.framework/Versions/A/XPCServices/com.apple.StreamingUnzipService.xpc/Contents/MacOS/com.apple.StreamingUnzipService
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:572

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 287
1⤵
PID:574

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:575

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:576

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:576

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:577

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:578

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:579

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:580

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:583

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:584

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:585

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 585
1⤵
PID:586

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:586

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:587

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:588

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:589

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:590

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:591

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.users.remoteservice 585
1⤵
PID:592

/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:593

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:593

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:594

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:594

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:594

/usr/libexec/xpcproxy
xpcproxy com.apple.localAuthenticationRemoteService 592
1⤵
PID:595

/System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XPCServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticationRemoteService
/System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XPCServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticationRemoteService
1⤵
PID:595

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.1780
1⤵
PID:596

/System/Applications/Contacts.app/Contents/MacOS/Contacts
/System/Applications/Contacts.app/Contents/MacOS/Contacts
1⤵
PID:596

/usr/libexec/xpcproxy
xpcproxy com.apple.contacts.donation-agent
1⤵
PID:597

/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
1⤵
PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.AppStore.1900
1⤵
PID:600

/System/Applications/App Store.app/Contents/MacOS/App Store
"/System/Applications/App Store.app/Contents/MacOS/App Store"
1⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.storeuid
1⤵
PID:601

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
1⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 600
1⤵
PID:602

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:602

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:607

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:612

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:613

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:614

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:613

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:607

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:614

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:612

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 605
1⤵
PID:618

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:618

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.mobile.keybagd
1⤵
PID:620

/usr/libexec/keybagd
/usr/libexec/keybagd -t 15
1⤵
PID:620

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:622

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.quicktimeplayer.SharedPrefsVendor 564
1⤵
PID:623

/System/Applications/QuickTime Player.app/Contents/XPCServices/com.apple.quicktimeplayer.SharedPrefsVendor.xpc/Contents/MacOS/com.apple.quicktimeplayer.SharedPrefsVendor
"/System/Applications/QuickTime Player.app/Contents/XPCServices/com.apple.quicktimeplayer.SharedPrefsVendor.xpc/Contents/MacOS/com.apple.quicktimeplayer.SharedPrefsVendor"
1⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:624

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:624

/usr/libexec/xpcproxy
xpcproxy com.apple.coreduetd
1⤵
PID:625

/usr/libexec/coreduetd
/usr/libexec/coreduetd
1⤵
PID:625

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:626

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:626

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:628

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:628

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:631

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:631

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:632

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:632

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:634

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:634

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Downloads/ssvid.net - How To Create User Accounts On Mac_v720P.mp4

Filesize
3.2MB

MD5
2b6e38dc81c6377570f7e8aad7c63603

SHA1
777b5050b5d8b79606a190e716ff1adee6c67e8d

SHA256
30ade4e3d0198a975be5c0a05a567d9f3c044980b5275c6a680531433feb5ca1

SHA512
90f870868c8c11ca5907d30dd35c9e7aef5884a14fd52bccbe8664920e3d1f787b57a9d427196edab768511587e31ff37ace01dd7b17877909377ad36d14801d

Download Submit
/Users/run/Library/Application Support/AddressBook/Metadata/.info

Filesize
278B

MD5
9e73d29f5c7431eae700c0f71fc337a5

SHA1
5fc51e96e673de6d96ee0adb24899c7d551d120f

SHA256
37206e12aa6ad61e343bd7a2b5d599992c5d44577546ebb0ddd95021c8503b9e

SHA512
f3b02337afe6692314cb6a280c2a8f705e3f0119e2b25b0ce460c8c5986b2bc9a84e2bb38969b4906a4fdf2f125cb25ee971feee3caf258725654ff3fa3436eb

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/07A1E48FAA41FC6F097F8DD7C02E6E2C

Filesize
5KB

MD5
0bf7d9f91ab870bddd5e0812657f39ed

SHA1
e51c681eb3e83b818400787a74924fc5b2201b68

SHA256
b81cc4360a8d8d9b7952dff3d0783218d76513d379cba476e482e233341b743e

SHA512
0d7d613025f29d3cd292cf2f976b1b234233d6a1834702a20dde2a56ac68e23d15a9383dbb4318a7dd0d01499f06df1ff7c87c30f7c80f142ae4b25312966a66

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/0E6073674FB92443FB999C1D638FE10D

Filesize
5KB

MD5
0b038a7a7498d6c62f4256cd5ea649f6

SHA1
efdbd7999d20108c44de32a661eb504b9d6cfdf1

SHA256
1013ffd709cd7e1922ad2b1058d65efc9bcbd603e327aa7ea7cdb512b253768f

SHA512
9ddc9527752d8fe1ed06345e96f7e346f78ae4870a2d760212d59676b964bf30faf491fde7517ec6e69a9e76fde58ea1a58948051a8b88f845ab355dc7657126

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/333A9168F4F8132C7FC041147A608836

Filesize
14KB

MD5
1e3cfce0c296c15bda0ae22868d9b18d

SHA1
e4d2394d3463a69fb0e4b848458780a19c0e51db

SHA256
24025a3392c1460404296602b442858ed49d0b1b9a1d592b81fb2cfcdf609426

SHA512
a8d5a31243fd012caedfef32d3dcc3e6689eea181ade539eb1323ac1c64639b29257f88b533454ad14ccb998d9ed0a70366b8a6b737bd84d155a2052041edf44

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/457A706258CB5B0E5F41AE205348E2B9

Filesize
5KB

MD5
80f7367cb52983d2b58c2570460a9e9b

SHA1
8b1020b84f2c57bc43c0b0e504529fbd176fc694

SHA256
d7dd223f488a3dc314edecff758abc774093909d8cdaabb5c6b3f5a84a6f4be7

SHA512
ec16f486883b31551597eaa82406989c159a5e186ec33fcc8fbc85093d1ac758bfab065a9a8f91ef3087456cc2a0b2b097dbb074f567280f5ccf8f3838eaceb3

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/82BCBFD7DC3C3F92CC8EEF7598CFB1C7

Filesize
5KB

MD5
c5d69061ed12a86e59734a26e3fc854a

SHA1
83b3f9abc56670cbdeff3f153f057efb61dbcc8b

SHA256
1db56cf290fbd4843803ab6f2cef65aaad6cbf989b5f6d8090ecf3f0af78562f

SHA512
38886ea4bedfcc0275fa39c3ddea116266ef94e9919da3c1432b25881c70785769af4c2e67bdc42be5f742663358d55059d731149fd1c4b5d0d70299fdc60bf4

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/A27B79EF97F9421A32AC47DF97B71097

Filesize
5KB

MD5
b1d93af012a8b948b8eaebe20a4ca838

SHA1
c3d1a9778e88922c38152b08700a90a8ff9c083c

SHA256
32d88e1590bd2714c7552c028eb4e40537606857a799a91d23333454c508c246

SHA512
d173c4ffcbd42af35a571a3fc5fefb14fe9304edd365e5e573788aff5a9722ed4a1636af3d9f4d904cb3bd5207c6d680f95c91ffb4701ecbad52438b6eabbb74

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/A8123B89FBA31E2688314D562CDC2698

Filesize
5KB

MD5
caa145027d2487ceef2f84b876b3513f

SHA1
311135ce7b2ace5e4931f3305cea685095049006

SHA256
6424de13b0f6adc2e4baa4300f86017b3cba2e83d264b2b73fd9c440922ed929

SHA512
df4e6b25458934225e42a17cc40d1f283b20ee31277f14047efacdb8668ad2bb09e8b50371f099fc24026111ac77f162b5edb24eab01114052695b2253fd53f4

Download Submit
/private/var/db/spindump/tailspin-trace.2024-07-14_04-16-22.tailspin

Filesize
16.5MB

MD5
8f6348951513108a1fe9e09a51fe8267

SHA1
51236447079c1c7100c6c5e131aa8596583a94bd

SHA256
c8a852741bc7c421cb167deb84c682f3d5796563c093e2baebfd298ede582911

SHA512
c16725e669717a1dafbf908a4d5d1d989a009d04ffcb5f9489c2241a274ed39bc57a563b6a0496523a03018b92f7aa9b1167f82c2b5250f9a416d4f10f5e780d

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
216KB

MD5
2c80f126beeb5ed30e8ffc810562026f

SHA1
1fab65e8ffbda94142d5c0323a509097121097db

SHA256
4d181ec5c9e1b62b654471ba1446361b53873084128b198adfb034937c479e90

SHA512
58fd75d6913080e1413b15ccfbd92fa810bca86ee5edd4e3e9bfd6b0c095905bdddf5db2fb0199ac6c5930f7a7e01cd390ce08323ade54f0af7687a9b39c2019

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
21.8MB

MD5
667bf0963a267e81bfaae751754614a4

SHA1
57b6c7f61489b3723f07f06f8be962e069e5a178

SHA256
e014fb52b4882eba5024bebbc3ba286e9f5e70966ca34dce8d0f6f17f15bd080

SHA512
cdd9674da15a94699989d10f0f45b2328c1fa6d17bc85e3846307a6ef59fb3e326ddf8717ddf870b0f9b103e95f1ce8e7314dbf7d16152f15a15bb0976868b88

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
128KB

MD5
9eefeb4a26293f8688c68c1e19207000

SHA1
888f83f50d6c4b1c6781bf888c498b03906642df

SHA256
e583a98b4ecb0390c35fa1a6cc7d76d099826eadd5b61b7bf9b6d60f9fb6e845

SHA512
90a8b0316b80d44fecabedb2584ec6f4a1b66de1b11789e6ac4673c1240fabe38a06ee0699f68a95e46fb8cc2849d108b47616ffa72290e38005878852464336

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
55KB

MD5
5ba74e5269efbbbbb2dc8cfce376af00

SHA1
2c0c996a445be7e0f427a41cd3ad7068ac05aa37

SHA256
d42d75fb741400ef67f94c1d821909243058cf471ca8c8bce19a088afc6bd927

SHA512
b9976873cdde54a6e4b90ba39b656f757da34f6ad289b666c97013e5fa2be3ca0e1340dfd2dc328b3f5de5adb80481581f757bcc43fdf04ffdf38ddfb1131514

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
6.0MB

MD5
c1a7f5ca7f3a13165601f119615b096e

SHA1
c29fa938310074da1c53dc7e3cc9c371d45a6205

SHA256
6f5d9d45cb23ebaa248c3600dea25f8ad43e1055e9ff8d9bc1bb554f374cbd0f

SHA512
fe3c524f8f8fb5f1bedf704cecbd6c8828268f5fd29a22922dcd95fa05f71f86f8cc9cc7dcfb65064b46c11ce843f38b03ca6d5597697ee1b135eb09c0aa55be

Download Submit