Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
CapCut_7376205375613272081_installer.dmg
|
zlib compressed data
|
initial sample
|
||
/Users/bernard/Library/Application Support/app_shell_cache_562354/app_package_447fdc9fc7.zip
|
zlib compressed data
|
dropped
|
||
/Users/bernard/Library/Keychains/login.keychain-db.sb-07d82885-4gJ2WD
|
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 963362762505407623593984.000000, slope 303834226087943251262072422400.000000
|
dropped
|
||
/dev/null
|
ASCII text
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsDirectory.db_
|
Mac OS X Keychain File
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsObject.db_
|
Mac OS X Keychain File
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/automatic_scaling_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/chroma_keying_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/intelligent_subtitles_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/keyframe_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/speech_synthesis_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/text_style_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/visual_effects_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/water_world_en.png
|
PNG image data, 1280 x 720, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
-
|
||
/usr/bin/open
|
/usr/bin/open /Volumes/CapCut Downloader/CapCut-Downloader.app
|
||
/usr/libexec/xpcproxy
|
-
|
||
/Volumes/CapCut Downloader/CapCut-Downloader.app/Contents/MacOS/CapCut-Downloader
|
/Volumes/CapCut Downloader/CapCut-Downloader.app/Contents/MacOS/CapCut-Downloader
|
||
/usr/bin/hdiutil
|
-
|
||
/usr/bin/security
|
-
|
||
/usr/bin/security
|
-
|
||
/bin/sh
|
-
|
||
/usr/bin/hdiutil
|
-
|
||
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
|
-
|
||
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
|
-
|
||
/usr/libexec/xpcproxy
|
-
|
||
/usr/libexec/nsurlstoraged
|
/usr/libexec/nsurlstoraged --privileged
|
There are 3 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://curl.se/docs/hsts.html
|
unknown
|
||
https://lf16-capcut.faceulv.com/obj/capcutpc-packages-us/packages/CapCut_2_6_0_834_capcutpc_0_creato
|
unknown
|
||
https://editor-api-sg.capcut.com
|
unknown
|
||
https://sgali-mcs.byteoversea.com
|
unknown
|
||
https://curl.se/docs/http-cookies.html
|
unknown
|
||
https://editor-api.capcutapi.com/service/2/app_alert_check/
|
unknown
|
||
https://sgali-mcs.byteoversea.com/v1/json
|
unknown
|
||
https://mcs.byteoversea.net/v1/json_test
|
unknown
|
||
https://editor-api.capcutapi.com/service/2/desktop/device_register/https://editor-api.capcutapi.com/
|
unknown
|
||
https://curl.se/docs/alt-svc.html
|
unknown
|
||
https://editor-api-sg.capcut.com/service/2/desktop/device_register/
|
unknown
|
||
https://maliva-mcs.byteoversea.com
|
unknown
|
||
https://editor-api-sg.capcut.com/service/2/app_alert_check/
|
unknown
|
||
https://editor-api.capcutapi.com/service/2/desktop/device_register/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
105034000
|
page readonly
|
|||
1112c6000
|
page read and write
|
|||
1112c1000
|
page read and write
|
|||
102a1d000
|
page read and write
|
|||
1027d9000
|
page read and write
|
|||
1063f0000
|
page execute read
|
|||
10b1a8000
|
page read and write
|
|||
104c47000
|
page readonly
|
|||
1112fa000
|
page readonly
|
|||
10278c000
|
page readonly
|
|||
105571000
|
page readonly
|
|||
1027f3000
|
page execute read
|
|||
1062b7000
|
page readonly
|
|||
102aa4000
|
page readonly
|
|||
102a3f000
|
page readonly
|
|||
1063e8000
|
page execute read
|
|||
111242000
|
page execute read
|
|||
102760000
|
page execute read
|
|||
1027ed000
|
page read and write
|
|||
1027b9000
|
page execute read
|
|||
1027dd000
|
page read and write
|
|||
104827000
|
page readonly
|
|||
1063ec000
|
page readonly
|
|||
1062b6000
|
page execute read
|
|||
102780000
|
page read and write
|
|||
1045e0000
|
page readonly
|
|||
1063f7000
|
page readonly
|
|||
10630e000
|
page readonly
|
|||
1027e1000
|
page readonly
|
|||
1058c3000
|
page read and write
|
|||
102a42000
|
page readonly
|
There are 21 hidden memdumps, click here to show them.