755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

Resubmissions

10/09/2024, 15:40

240910-s4lvaa1bnl 4

10/09/2024, 15:37

09/09/2024, 19:05

09/09/2024, 17:16

06/09/2024, 17:04

06/09/2024, 16:46

06/09/2024, 15:44

06/09/2024, 15:42

Analysis

max time kernel
118s
max time network
123s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
10/09/2024, 15:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

BonziBuddy432.exe
Size

49.9MB
MD5

06d87d4c89c76cb1bcb2f5a5fc4097d1
SHA1

657248f78abfa9015b77c431f2fd8797481478fd
SHA256

f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
SHA512

12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9
SSDEEP

1572864:HVGKQzdb8P3XxxOtGpBXFqRDjSghMDDqRDAtzq9:HVcdeXzOoP1OjfgDOo2

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 4 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"	Process not Found
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist	Process not Found
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded	Process not Found
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/BonziBuddy432.exe\""
1⤵
PID:507

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/BonziBuddy432.exe\""
1⤵
PID:507

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/BonziBuddy432.exe
1⤵
PID:507
- /bin/zsh
  /bin/zsh -c /Users/run/BonziBuddy432.exe
  2⤵
  PID:508
- /Users/run/BonziBuddy432.exe
  /Users/run/BonziBuddy432.exe
  2⤵
  PID:508

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:517

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:517

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/Users/run/Library/Application Support/Google/Chrome/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
1⤵
PID:519

/usr/bin/profiles
/usr/bin/profiles status -type enrollment
1⤵
PID:521

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
1⤵
PID:523

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome
1⤵
PID:524

/usr/bin/tar
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
1⤵
PID:525

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
1⤵
PID:526

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake-all --system
1⤵
PID:527

/Users/run/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Users/run/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake-all
1⤵
PID:528

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=4"
1⤵
PID:0
- /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
  "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake --system
  2⤵
  PID:531
- /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
  "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=4"
  2⤵
  PID:0
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=25"
    3⤵
    PID:534
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=25"
    3⤵
    PID:535
- - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/launcher
    "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/Helpers/launcher" --internal
    3⤵
    PID:536
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=29"
    3⤵
    PID:537
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072"
    3⤵
    PID:538
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=292047982" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=59"
    3⤵
    PID:539
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=292089137" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=59"
    3⤵
    PID:540
- - /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
    /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
    3⤵
    PID:541
- - /usr/libexec/xpcproxy
    xpcproxy com.apple.SafariLaunchAgent
    3⤵
    PID:542
- - /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
    /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
    3⤵
    PID:542
- - /Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
    "/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"
    3⤵
    PID:543
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--launch-time-ticks=296101466" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
    3⤵
    PID:544
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=12" "--launch-time-ticks=296254574" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=75"
    3⤵
    PID:545
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=10" "--launch-time-ticks=296748677" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=77"
    3⤵
    PID:546
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=11" "--launch-time-ticks=297241435" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=78"
    3⤵
    PID:547
- - /usr/sbin/system_profiler
    /usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml
    3⤵
    PID:548
- - /usr/libexec/xpcproxy
    xpcproxy com.apple.spindump
    3⤵
    PID:551
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=102"
    3⤵
    PID:552
- - /usr/sbin/spindump
    /usr/sbin/spindump
    3⤵
    PID:551
- - /usr/libexec/xpcproxy
    xpcproxy com.apple.spindump_agent
    3⤵
    PID:553
- - /usr/libexec/spindump_agent
    /usr/libexec/spindump_agent
    3⤵
    PID:553
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=14" "--launch-time-ticks=303966365" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=77"
    3⤵
    PID:554
- - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
    GoogleUpdater --server "--service=update-internal" --system
    3⤵
    PID:1.8446744073709552e+19
- - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
    "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=5"
    3⤵
    PID:1.8446744073709552e+19
- - /Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
    "/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"
    3⤵
    PID:558
- - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
    GoogleUpdater --server "--service=update" --system
    3⤵
    PID:0
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=5"
      4⤵
      PID:1.8446744073709552e+19
  - - /usr/bin/profiles
      /usr/bin/profiles status -type enrollment
      4⤵
      PID:562
  - - /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
      /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
      4⤵
      PID:563
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      GoogleUpdater --server "--service=update" --system
      4⤵
      PID:0
    - - /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
        
        "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=5"
        5⤵
        
        PID:1.8446744073709552e+19
    - - /usr/libexec/xpcproxy
        
        xpcproxy com.apple.ReportMemoryException
        5⤵
        
        PID:567
    - - /usr/libexec/ReportMemoryException
        
        /usr/libexec/ReportMemoryException
        5⤵
        
        PID:567
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=63"
        5⤵
        
        PID:572
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=74"
        5⤵
        
        PID:573
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=17" "--launch-time-ticks=337641886" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=111"
        5⤵
        
        PID:574
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=92"
        5⤵
        
        PID:575
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=92"
        5⤵
        
        PID:576
    - - /bin/launchctl
        
        /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
        5⤵
        
        PID:577
    - - /bin/launchctl
        
        /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
        5⤵
        
        PID:578
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=92"
        5⤵
        
        PID:579
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=21" "--launch-time-ticks=340970464" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=92"
        5⤵
        
        PID:580
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=23" "--launch-time-ticks=341862759" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=115"
        5⤵
        
        PID:581
    - - /usr/libexec/xpcproxy
        
        xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
        5⤵
        
        PID:584
    - - /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
        
        /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
        5⤵
        
        PID:584
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=124"
        5⤵
        
        PID:585
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=124"
        5⤵
        
        PID:587
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=26" "--launch-time-ticks=358894799" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=115"
        5⤵
        
        PID:588
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=27" "--launch-time-ticks=359825160" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=115"
        5⤵
        
        PID:589
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=28" "--launch-time-ticks=359973715" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=115"
        5⤵
        
        PID:590
    - - /usr/libexec/xpcproxy
        
        xpcproxy com.apple.speech.speechsynthesisd
        5⤵
        
        PID:591
    - - /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
        
        /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
        5⤵
        
        PID:591
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=118"
        5⤵
        
        PID:594
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=115"
        5⤵
        
        PID:596
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=31" "--launch-time-ticks=367699289" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=118"
        5⤵
        
        PID:597
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=32" "--launch-time-ticks=369809394" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=118"
        5⤵
        
        PID:598
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=118"
        5⤵
        
        PID:599
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=63"
        5⤵
        
        PID:600
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=63"
        5⤵
        
        PID:602
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=63"
        5⤵
        
        PID:605
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=120"
        5⤵
        
        PID:606
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=38" "--launch-time-ticks=382737103" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:607
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:608
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=40" "--launch-time-ticks=385939949" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:609
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=41" "--launch-time-ticks=387754093" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:610
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:611
    - - /usr/libexec/xpcproxy
        
        xpcproxy com.apple.ReportMemoryException
        5⤵
        
        PID:612
    - - /usr/libexec/ReportMemoryException
        
        /usr/libexec/ReportMemoryException
        5⤵
        
        PID:612
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=43" "--launch-time-ticks=399921113" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:613
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:614
    - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
        
        "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=45" "--launch-time-ticks=403024694" --shared-files "--field-trial-handle=1718379636,r,772738107894812456,4200570384912587977,131072" "--seatbelt-client=72"
        5⤵
        
        PID:615

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
a3d33bd89d80c28b5ead5281d8c04de7

SHA1
047e1f2a3b6e7e1f85b1ebacee8b1a2792835978

SHA256
847f9df95fcfdddd750f1dea7acfd829b873d90ecc744af69899ecab3c656b27

SHA512
4220d09e0a3873c46abf6095ee90e33d8b3c5350f0503c687c22133c8d91b4705036c3922559b25c440d97a7fcb698d394c02b189ec69ebcf1bb3c8a52e0e08f

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
f41ba0c3462138dae4654578223711cb

SHA1
5ba5579a7f4fe671fe582dd17d9ab1890d8f08f7

SHA256
e8cd80f48bcd0e76611e6314f18e7de7ed1135fdb846bbcef57ae0228d3fff2c

SHA512
29b77da8ba770f58b52a37dbc01902645d5d1026199ac84f85874897067cbf5ddd30add871271b330e33892c2d2306aee2efafc08e49174c1155b39005359d9b

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
112KB

MD5
5555e52ed643be5850b81004bc3c00c0

SHA1
c15346afd56f11a4a58d087e1146887e2eeb8dea

SHA256
35f92f8615c045e7f9736bf31a4ecf03a3f74868ee4ddfd73bd545fd9d38d5b1

SHA512
1df4f0cf03103f7b65a675292746b4b7f9d7a6d494dab6990c0902857b3e3027bb59168b837c2f13df66426f94cb2c04239a1d0575a70fb1abc3df459350b88c

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
446770ce22ca0a36bda8b117921da11d

SHA1
181625da00c6285477c812b5931156e2ace0d267

SHA256
8e63318d9ae83ec429629391a88463e369032e9a41ee07a9119e6edf8ad9f5ac

SHA512
5632b66ec88ae8dcb6b9c1226f1b34691518d010f8200cb5a4e65953ba31313cb06e13c6aecf1b47860596deadb0c567c3c421ef9f1bf65c09370d92a1b517d2

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
03ae428795998e6c56d53690bef9a7aa

SHA1
16eb0ba3e0f1b1ef1c3092df8f2676c3332d6db5

SHA256
6da02ea12c41f3fcb1b664657b7b30b32920215cdd3decc8efaff08ded35e2fc

SHA512
d37a4cbbee8e86eb8f838ebb7faac97fc8db804384e2d006e4d8e39fbe355cf4cb520194fff1ad975d6071e3b9b278b82cd52da1b89538d89b7437ac2a099e73

Download Submit
/private/var/db/spindump/tailspin-trace.2024-09-10_15-39-43.tailspin

Filesize
16.3MB

MD5
e1bde6865d3dfef7093e0a06b444a068

SHA1
8b5d36db26c9eacbd0b3f7527c534d119e12820c

SHA256
9d0a0b014a215550232a1247808f3afe775c59c9f74c3ba1eaaee51fbbdc41c7

SHA512
1f354e407c87ab42f7cdd78e5905e800eb398f24b752d27d0826887bd84a63045f688163268aef3db83c2717b519a798b488b4b1f90d7ade3b2b4761fe7ed8e1

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit