frauddefensed

JSON
executablemacOS1.6 MBx86_64, arm64

System service — manages background tasks, keychain access, and cloud synchronization

Runs as a background system daemon with access to keychain credentials, code signing certificates, and iCloud synchronization. Schedules and executes background tasks while maintaining persistent network connections to nine endpoints for data sync and analytics. Exposes five XPC services for inter-process communication with other system components. Accesses multiple private file storage areas and leverages 39 frameworks including eight private Apple frameworks. Submits telemetry events to Apple's unified analytics system and maintains exception entitlements for extended file path and Mach service access.AI

Fingerprint

Platform
macOS
Type
executable
Arch
x86_64, arm64
Min OS
26.1.0
SDK
26.1.0
File Size
1.6 MB
UUID
0720775E-BF7A-3890-8B21-88157E115482
Analyzed
2026-04-09T09:49:50Z
CDHash
50627e54767a95032a7f108f19e8b46416cb1e17432118fed12589551a0b90cb

Entitlements22

com.apple.aned.private.ANEAccess.allowtrue
com.apple.aned.private.allowtrue
com.apple.application-identifiercom.apple.frauddefensed
com.apple.developer.icloud-container-environmentProduction
com.apple.developer.icloud-services
CloudKit-AnonymousCloudKit
com.apple.mobileactivationd.device-identifierstrue
com.apple.mobileactivationd.spitrue
com.apple.private.assets.accessible-asset-types
com.apple.MobileAsset.UAF.TKModelMessagescom.apple.MobileAsset.TKModelMessages
com.apple.private.assets.bypass-asset-types-checktrue
com.apple.private.ciphermld.allowtrue
com.apple.private.security.daemon-containertrue
com.apple.private.security.storage.AppDataContainerstrue
com.apple.security.attestation.accesstrue
com.apple.security.exception.files.absolute-path.read-only
/private/var/MobileAsset/AssetsV2/locks/com.apple.UnifiedAssetFramework/
com.apple.security.exception.files.home-relative-path.read-only
/Library/UnifiedAssetFramework
com.apple.security.exception.mach-lookup.global-name
com.apple.ciphermldcom.apple.mobileactivationdcom.apple.siri.uaf.servicecom.apple.mobileassetd.v2com.apple.mobileasset.autoassetcom.apple.cloudd
com.apple.security.exception.shared-preference.read-only
com.apple.messagescom.apple.UnifiedAssetFramework
com.apple.security.iokit-user-client-class
AGXDeviceUserClientH11ANEInDirectPathClientIOSurfaceRootUserClient
com.apple.security.network.clienttrue
com.apple.security.temporary-exception.shared-preference.read-write
com.apple.UnifiedAssetFrameworkcom.apple.messages
com.apple.trustkit.frauddefensedtrue
keychain-access-groups
trustkit

Interesting Strings

File Paths(53)

/AppleInternal/Library/BuildRoots/4~B_wuugCnQpVXPyKlH-x-rlJ5x80ACwink0wYTDI/Library/Caches/com.apple.xbs/Sources/TrustKit/TrustKit/Source/AdHocSignaturesBackgroundActivity.swift/AppleInternal/Library/BuildRoots/4~B_wuugCnQpVXPyKlH-x-rlJ5x80ACwink0wYTDI/Library/Caches/com.apple.xbs/Sources/TrustKit/TrustKit/Source/AttestationManager.swift/AppleInternal/Library/BuildRoots/4~B_wuugCnQpVXPyKlH-x-rlJ5x80ACwink0wYTDI/Library/Caches/com.apple.xbs/Sources/TrustKit/TrustKit/Source/BackgroundActivityManager.swift/AppleInternal/Library/BuildRoots/4~B_wuugCnQpVXPyKlH-x-rlJ5x80ACwink0wYTDI/Library/Caches/com.apple.xbs/Sources/TrustKit/TrustKit/Source/CloudKitManager.swift/AppleInternal/Library/BuildRoots/4~B_wuugCnQpVXPyKlH-x-rlJ5x80ACwink0wYTDI/Library/Caches/com.apple.xbs/Sources/TrustKit/TrustKit/Source/CloudKitRecord.swift

Network Surfaceentitled

Networking Frameworks

CoreFoundationFoundationlibswiftCoreFoundation.dyliblibswift_DarwinFoundation2.dyliblibswift_DarwinFoundation3.dylib

Endpoints(9)

Ipv60:8:16
Urlhttp://www.apple.com/DTDs/PropertyList-1.0.dtd">
Hostnamewww.apple.com
Hostnamemacosx26.1.internal
HostnameCcom.apple.security.temporary-exception.shared-preference.read-write05
Urlhttp://www.apple.com/appleca/root.crl0
Urlhttp://crl.apple.com/codesigning.crl0
Hostnamecrl.apple.com
Urlhttps://www.apple.com/appleca/0

API Usage

DNA Capability Vector

Location
0
Keychain
1
Network
2
Storage
3
Hardware
0
IPC
1
Analytics
1
Security
1
System
1

Behavioral Profile

URL Endpoints
5
Telemetry Strings
23
File Paths
53
Bundle IDs
112
IOKit Constants
0
Library Functions
1

Structural HashesSHA-256

Code308a36a565e24ff6e6ad187fc65755d77122cdbe03f9a74be39ccf43d86ab55f
Importscc7791bfa6ed847e4eabe9a5d1cd2a127e757dcb406633bc6d5b9ca7208e73ea
Frameworksa505c4624f4e89c9216995a5a413c4892361d3ccbc7077a348f668cacdd70956
Classese3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Entitlements11934863c0108706389eaa40001d2947fc65ddc6b6d05267a6801e17e39bd2c4
Symbolscc7791bfa6ed847e4eabe9a5d1cd2a127e757dcb406633bc6d5b9ca7208e73ea

Static Libraries0 / 2067 functions identified

Function Matches(1)

PEM_read_bioopenssl 3.2High

Functions(2067)

0x100001c58sub_100001c58
0x100001e9csub_100001e9c
0x100001eb8sub_100001eb8
0x100001ec4sub_100001ec4
0x100002294sub_100002294
0x1000022dcsub_1000022dc
0x1000022f8sub_1000022f8
0x1000024d0sub_1000024d0
0x1000025ecsub_1000025ec
0x100002658sub_100002658
0x1000026ccsub_1000026cc
0x100002938sub_100002938
0x100002a9csub_100002a9c
0x100002ae0sub_100002ae0
0x100002b98sub_100002b98
0x100002bd0sub_100002bd0
0x100002c7csub_100002c7c
0x100002d70sub_100002d70
0x100002dbcsub_100002dbc
0x100002dccsub_100002dcc

Imports751 symbols from 27 dylibs

libswiftCore.dylib314Foundation156libswift_Concurrency.dylib52libSystem.B.dylib35libswiftos.dylib26

Exports1

_mh_execute_header0x0

Similar Binaries1,470 comparable

modelcatalogdump
45.3%
modelmanagerd
44.7%
online-auth-agent
43.9%
mlhostd
43.8%
aonsensed
43.3%
audioanalyticsd
43.1%
feedbackd
43.1%
findmylocateagent
43.0%
diagnosticspushd
42.8%
linkd
42.5%