Analysis
-
max time kernel
217s -
max time network
217s -
platform
macos-10.15_amd64 -
resource
macos-20241101-en -
resource tags
-
submitted
27/03/2025, 11:12
Errors
General
-
Target
NotLockBit.zip
-
Size
8.7MB
-
MD5
ac5f961f0869cc3e3f83085d9d4211aa
-
SHA1
78907647c468627cc7b9ec6165c51d298d0a686b
-
SHA256
21d9a8a8a9cb07b13bd2c8508d7a826d716c3411bea9ed6fcd160a18198cbd3a
-
SHA512
8661cf8c1b6c86e81af5a13b1e57e2f8585a294199b92db5153be820043ea3b33965d143d9f7863b73f526b353fa18e9589363a39b9b56acf4d280381b135ec7
-
SSDEEP
196608:eJrDAf2SJkm3CrGLrhMgubQaeoAj7u0IW2H02VzQ3GG1dw:4AOSFEGLtHay6W2zQ3LM
Malware Config
Signatures
-
Detects Fake LockBit family 1 IoCs
-
Fake Lockbit
Fake Lockbit is a cross-platfrom ransomware written in Golang targetting Windows and macOS.
-
Fakelockbit family
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Resource Forking 1 TTPs 14 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/NotLockBit.zip\""1⤵
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/NotLockBit.zip\""1⤵
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/NotLockBit.zip1⤵
-
/bin/zsh/bin/zsh -c /Users/run/NotLockBit.zip2⤵
-
-
/Users/run/NotLockBit.zip/Users/run/NotLockBit.zip2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵
-
/usr/libexec/xpcproxyxpcproxy com.google.Chrome.30561⤵
-
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"1⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.GameController.gamecontrollerd1⤵
-
/usr/libexec/gamecontrollerd/usr/libexec/gamecontrollerd1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/Users/run/Library/Application Support/Google/Chrome/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"1⤵
-
/usr/bin/profiles/usr/bin/profiles status -type enrollment1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome1⤵
-
/usr/bin/tar/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,121134253510825641,4480821821923206528,131072" "--seatbelt-client=28"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" --shared-files "--field-trial-handle=1718379636,r,121134253510825641,4480821821923206528,131072" "--seatbelt-client=26"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,121134253510825641,4480821821923206528,131072" "--seatbelt-client=27"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui --shared-files "--field-trial-handle=1718379636,r,121134253510825641,4480821821923206528,131072"1⤵
-
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded1⤵
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake-all --system1⤵
-
/Users/run/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Users/run/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake-all1⤵
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=4"1⤵
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=367847346" --shared-files "--field-trial-handle=1718379636,r,121134253510825641,4480821821923206528,131072" "--seatbelt-client=59"2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump2⤵
-
-
/usr/sbin/spindump/usr/sbin/spindump2⤵
-
-
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=368118963" --shared-files "--field-trial-handle=1718379636,r,121134253510825641,4480821821923206528,131072" "--seatbelt-client=59"2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20282⤵
-
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari2⤵
-
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake --system2⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.History2⤵
-
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History2⤵
-
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=4"2⤵
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent3⤵
-
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent3⤵
-
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/Helpers/launcher"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/Helpers/launcher" --internal3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.F8607435-CF4E-409E-A843-6BCF104E3591 5333⤵
-
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent3⤵
-
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.E91C8869-5F12-45C6-BD42-250527FCF2AA 5333⤵
-
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SearchHelper 5333⤵
-
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service3⤵
-
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.093FE3AE-EA2C-42FF-A828-1B2E8734C4C9 5333⤵
-
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent3⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind3⤵
-
-
/usr/libexec/tailspind/usr/libexec/tailspind3⤵
-
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdaterGoogleUpdater --server "--service=update-internal" --system3⤵
-
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=5"3⤵
-
-
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"3⤵
-
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdaterGoogleUpdater --server "--service=update" --system3⤵
-
/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=5"4⤵
-
-
/usr/bin/profiles/usr/bin/profiles status -type enrollment4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash.Root4⤵
-
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash daemon4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException4⤵
-
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException4⤵
-
-
/bin/shsh -c /usr/sbin/kextstat4⤵
-
-
/bin/bashsh -c /usr/sbin/kextstat4⤵
-
-
/usr/sbin/kextstat/usr/sbin/kextstat4⤵
-
-
/bin/shsh -c /usr/sbin/kextstat4⤵
-
-
/bin/bashsh -c /usr/sbin/kextstat4⤵
-
-
/usr/sbin/kextstat/usr/sbin/kextstat4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.7C18A592-4A0E-468E-8EA5-5AED4F3CDC78 5334⤵
-
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.909D43B7-8077-4EF6-9A5B-01D31F790FD2 5334⤵
-
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.BD7CC789-E88C-409B-BFE5-F32D5C9D6D5A 5334⤵
-
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SandboxBroker 5334⤵
-
-
/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite4⤵
-
-
/usr/libexec/xpcproxyxpcproxy "com.apple.xpc.launchd.oneshot.0x10000001.Archive Utility"4⤵
-
-
/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility" -psn_0_2212384⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.XprotectFramework.AnalysisService 4154⤵
-
-
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService4⤵
-
-
/usr/bin/macbinary/usr/bin/macbinary probe --verbose /Users/run/Downloads/true.zip4⤵
-
-
/usr/bin/file/usr/bin/file -b /Users/run/Downloads/true.zip4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.archiveutility.auhelperservice 5874⤵
-
-
/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"4⤵
-
-
/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 5874⤵
-
-
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper4⤵
-
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.xpc.launchd.oneshot.0x10000002.TextEdit4⤵
-
-
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit/System/Applications/TextEdit.app/Contents/MacOS/TextEdit -psn_0_2294324⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.PerformanceAnalysis.animationperfd4⤵
-
-
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper4⤵
-
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper4⤵
-
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper4⤵
-
-
/usr/bin/hdiutil/usr/bin/hdiutil attach /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3tnQ1J/GoogleChrome-128.0.6613.138.dmg -plist -nobrowse -readonly4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.hdiejectd4⤵
-
-
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd4⤵
-
-
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 2052CAFE-1BE2-4EBB-9084-7F779B65CA534⤵
-
-
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 2052CAFE-1BE2-4EBB-9084-7F779B65CA53 -post-exec 44⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.systempreferences.21404⤵
-
-
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountProfileRemoteViewService 6064⤵
-
-
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService4⤵
-
-
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool4⤵
-
-
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool4⤵
-
-
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck4⤵
-
-
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref4⤵
-
-
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.nfcd4⤵
-
-
/usr/libexec/nfcd/usr/libexec/nfcd4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.studentd4⤵
-
-
/usr/libexec/studentd/usr/libexec/studentd4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.preference.security.remoteservice 6064⤵
-
-
/System/Library/PreferencePanes/Security.prefPane/Contents/XPCServices/com.apple.preference.security.remoteservice.xpc/Contents/MacOS/com.apple.preference.security.remoteservice/System/Library/PreferencePanes/Security.prefPane/Contents/XPCServices/com.apple.preference.security.remoteservice.xpc/Contents/MacOS/com.apple.preference.security.remoteservice4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysextd4⤵
-
-
/System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd/System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.preferencepane.security.PrivacyAnalytics 6164⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.preferencepane.security.AdvertisingExtension 6164⤵
-
-
/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/PrivacyAnalytics.appex/Contents/MacOS/PrivacyAnalytics/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/PrivacyAnalytics.appex/Contents/MacOS/PrivacyAnalytics4⤵
-
-
/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/MacOS/AdvertisingExtension/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/MacOS/AdvertisingExtension4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountPolicyHelper4⤵
-
-
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper4⤵
-
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.agent4⤵
-
-
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8.8MB
MD506bd47b8ec7e6277dc6c8842d00f7243
SHA123f3b070aad47f72ddf2d148f455cce2266901fd
SHA25614fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31
SHA512299febd21383786c542d8fa79dc6d04aba61675c82ab889da9987404d2a78fd036ffab8b88712152b1ec57f06db4960e9391b6fc1c5fed447e48effb8aefbd50
-
Filesize
265B
MD578192fda83b692092f93b8029e278ce1
SHA1a23df49a56a8f379fafc5f140882197c0df205b7
SHA256ebd721232fdd3123cfea9e1bdfe1aebd794e3ca18b2323407da54709b5ec8b2e
SHA51216a4e39fec32909759f61489c0eef01779e3ff7b5850ef6adc12f156277a1b4538d93089e0a4d5695dc7adf567ed103937a0a6af15520317970382dfe0c2b671
-
Filesize
8.7MB
MD5ac5f961f0869cc3e3f83085d9d4211aa
SHA178907647c468627cc7b9ec6165c51d298d0a686b
SHA25621d9a8a8a9cb07b13bd2c8508d7a826d716c3411bea9ed6fcd160a18198cbd3a
SHA5128661cf8c1b6c86e81af5a13b1e57e2f8585a294199b92db5153be820043ea3b33965d143d9f7863b73f526b353fa18e9589363a39b9b56acf4d280381b135ec7
-
Filesize
40B
MD5fcb4024c6dc53a5b72c492fd960762d7
SHA182c43024d9e274bf2b8a5d1e505d65cf3873fb92
SHA2565cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6
SHA5125373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
339B
MD561a867b6e4a24cfcfd32ddef25ac3229
SHA187cc4516fbce1700174d8ea27c9d2cb70a60a1fd
SHA2569cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5
SHA5123678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc
-
Filesize
569B
MD5b5db1f091948de93d7fc96e14aef6da3
SHA174745f991e3dfe45037366e55c2e6df47d8e6593
SHA256b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e
SHA512d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34
-
Filesize
269B
MD56487e04972ecffd0aabf7b61bdda8119
SHA126f0b11a2529a35f6970a914deadfcf2e2d23286
SHA256241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172
SHA51244db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae
-
Filesize
136B
MD5fe382e791274914bee5950777e4f1fd3
SHA153b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67
-
Filesize
114KB
MD5d84701b216e20954bf9ab31f4b800a56
SHA1a84c7d5a56a41185a2b950cf7c789149eecc895f
SHA256d4357fddcf82b4604dc4380a46bb89aa2edfcef7c32be847a15d3d96a1804676
SHA512f5404c9bce42c8bc38b75fd5810ce89c6e6ad94111a9db584951f2eda06c241bf256f80c91bc06a8000da62526880874f767eebe267feb371461c84218aeb182
-
Filesize
114KB
MD5636b8088f63f07b636285ce644844bc5
SHA122fce1076b5b6b86c45881af5caf8ab3ebbdcb8e
SHA256b4a53c7f4046a812f9c282b71ca4630ed6fda488b4f80d236f159a54bd8a2c13
SHA512b5c1b72941e397bf4619bfa12b81bcb859b16671f46e450b759c2f24af1c4b64a09fff1fa7d6620002da2c25ae03225b3ab28652bac8a9c1dfd8d297b0e330ce
-
Filesize
112KB
MD5b65163e9d8e393fb731372cdf729804b
SHA1b3755e3629529c9e1d45e1f2e73a4208cdb619b9
SHA256018304205d12b8479b0e2d8a2351b96c6c711a14fb289e14849dfd3f6950e533
SHA512988c6a416dfd175098e2b81a0f00556b0bf467e40c0d4782db1ceef7c2c82102a0ed5f0f67811aa33be99099100c14c590ddf148d5c8e157e19f947c8ccef565
-
Filesize
114KB
MD5a598ffd4c348c4cc60cd072473d85dfc
SHA1e313571ed593fe3e017a35b1fc0eba6025e5e0ea
SHA256ff3f283158b6871342d39188b0715c6c712df857d837b82c49e1e63d9117061a
SHA512a694d88f6b6bb11ef1bf806cfb108a0888f0187a8c5086339c6b12414697f0a0cadbf2def56490eef8e9e704177065d164e060a5a4d621bcd26d2424ad2c5dd4
-
Filesize
114KB
MD5f94733a2acf54099617e0d43fd10ed6b
SHA14eb1630d5827b016438e708df2b40dd246075f07
SHA2560a664b6d19830f4527696c33ab11a1cb574e55e71d8274afcc92b31020aa23ce
SHA5121694ba9af1425028cdf371066afb7dfa027033a0ef771801f5140e027b3b91d9ab9f5b8f6432a2b17e59d9d131b54ec3bb0d536f26dda3d7aa58ad31d331d265
-
Filesize
112KB
MD5c8025764c37cec1f208f9b80b7a58840
SHA1c99b3557271310029caf1b3ae6514f8bf91f4ddc
SHA256f447d46cd30b5746f5ab595dc35f042e6df00ad86eb72a30294e60cf0c09f743
SHA512ccfbe9aa6a9ed04a423811dcbb89513669aa14d492698c9432eaf244c4db958c9cbd1e35d00859c1850337c235f22fc0da1de244a449ecc9158f967f554864c0
-
Filesize
5KB
MD5a383ed48037cd6d23aba4d9ca5e922a3
SHA190adf56648791d2577a20b7a2f9df371ed78a8ba
SHA2569f9079dda64edfb00e12b02fa9cdb993aaece202b42430a8e8b03860bdf7552c
SHA512e7b1384ab70d046bd6e6132035668df67f4263bbc066ee4c08915ec8638bb677f8e6635312e086f369e03b462f432bdf63ef7a0aa33cabf1790c762b775d1535
-
Filesize
18.7MB
MD5f4216457fdc45604e996b07fb58f3dc9
SHA11c1a4bc521d5d67fc7c6c4f8784cc3d7c6688d20
SHA25670ff932a4996c67ff089a97e0471da6707861bb29c228b34a17c2f31cc99a7f3
SHA512d09e5a1f16d9b6ca1c9448ba3d2eee82769503bec2bd8b5949ffeae5fec4240ac239043c8d45e0453db1eaa140199515b5a31f438e7a33a2d6e1de73b5f1e420
-
Filesize
181B
MD52de6a04cdba79ed13580c47dfd70cc5f
SHA1bcefe0558555914d731c16b1778c49e77fe06b99
SHA25697704a8960b4facceef54397a08fb5d0a456247c3627359215aa2a27df22656c
SHA512605dc81b28c530fc8ebcf3c5a28486af8bbd3303ee5df53b5424e492e5dbe01baa0468fa4da1398451a62dff4d45067a2bf765f7def9ca0890883484de38a13b
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818
-
Filesize
294KB
MD519f5e7fcce3d5cdd440e6ca067f115b8
SHA1ff6ee9e2df6084b946922180010deacc3beee246
SHA2569f16f4646fb9679abc57881219703585d85cedc6440c21e0d58a3bb416aae2a1
SHA51216a70611844a8d9244b453b4269e238d7bfc7843fa9ce573de3f6c198368ecad722585718e5534a9f5145036bb6abb7eca31217bced796c112965697f661c0dc
-
Filesize
17.2MB
MD5cbbba011d60cc108ae7dfc014cb36f91
SHA120af86c103b85f7f85f393f1196b7faee4f8f6ee
SHA25653c6a1102ed5a9ed016629229ec8bf40b17fd0f67d1d00abc7ced87cb261cacd
SHA512fc6b13d7ccfca7cd7a00394ad9e5525f6ca194b100ddd89a740946d3722b1e5a8ad8c723516d9443fa7a702886a896dfa7c524e9363c6421df8adf86162d7c10
-
Filesize
133KB
MD5c32033599f8c353e731906420a0835b7
SHA199e6bdae4938adeca5be358763ee44bc810d5d45
SHA25664a90ff88941e1053b7e86f4818cce113bf21e46dbfb795ed83e8024f2a751db
SHA512c863ecb6c26c652605484463c8de1bb70d91b180e61aec65a33ed09fc43aaf4f7eaf98a129bf28465d9711650ef7e2c033d230e321bb0ddcee6f16fee0a510bd
-
Filesize
2.1MB
MD5db2de24addbd0484501e41e720fcce44
SHA1a767d4a1a69fa1fd2f53fe53c65d2d0825a6264a
SHA25675c676f5fcdd621d44e7f563e9e8131687e2266ab3f45e45e2ba1e8cf402b6a6
SHA5124191df34421e99c3fd8e9833bd41e6c5e4f195ffb5a7d4541b375c659a7cfc4b50320d05258d6e22a586d9d9fee5a23a87fe4f21ba52b779ebd8d26d89ba9f0e
-
Filesize
3.8MB
MD5bf79b393bc60c75d7afcc7eefebc8070
SHA17e20b4a0794fa3e1c762908c8b09f4821c94497a
SHA25658e22fbd4cd41cbfe37f9f2fe6fd058eae63692b32e243fe3b8fa90b2f2c3951
SHA512b65fe2282213404de041e99402551d1b1486a1001bde11efcea316d7babda7f1378d7acfaf928f64c053c7128176b380d8d26197ffdfb6ef2ff807e892c03182