3811b460bc6f189b318f12eadd9abf3d49f29286c11da1455cf6cb8562482136

Resubmissions

26/08/2023, 19:07

230826-xsvehaed9v 7

26/08/2023, 19:07

26/08/2023, 19:02

26/08/2023, 19:01

26/08/2023, 18:59

26/08/2023, 18:55

Analysis

max time kernel
126s
max time network
153s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
26/08/2023, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AtlasMenu/Launcher.exe
Size

3.9MB
MD5

d584177d5cc323e38cf83b84ca6a5892
SHA1

9e99946c6297fd282e15656388c6b02b16d2d411
SHA256

d67ef89bf353873771d073814192d2b63aff0df4aa683a84c60700a3301f0cc0
SHA512

4a6407d54ff53660b426c69220fbf9c51e3a2e4701f7635a38b0e1c10ff53e3ff53fc63624eb3884ac55e09b092d6a53536cd85e0b2ef05604bbf028722df6e3
SSDEEP

98304:kJamBeGILgwkjR5mXt67Yb04oCdlhsgT/R805MBn1T5:sxBefs3YA7HkJsgLe06Bnr

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:513

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/AtlasMenu/Launcher.exe\""
1⤵
PID:515

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/AtlasMenu/Launcher.exe\""
1⤵
PID:515

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/AtlasMenu/Launcher.exe\""
1⤵
PID:515

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/AtlasMenu/Launcher.exe
1⤵
PID:515

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/AtlasMenu/Launcher.exe
1⤵
PID:515
- /bin/zsh
  /bin/zsh -c /Users/run/AtlasMenu/Launcher.exe
  2⤵
  PID:517
- /bin/zsh
  /bin/zsh -c /Users/run/AtlasMenu/Launcher.exe
  2⤵
  PID:517
- /Users/run/AtlasMenu/Launcher.exe
  /Users/run/AtlasMenu/Launcher.exe
  2⤵
  PID:517
- /Users/run/AtlasMenu/Launcher.exe
  /Users/run/AtlasMenu/Launcher.exe
  2⤵
  PID:517

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:516

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:522

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 522
1⤵
PID:523

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:523

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:525

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:526

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:527

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:528

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:532

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.users.remoteservice 522
1⤵
PID:535

/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
1⤵
PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:537

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:538

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:538

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:539

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:540

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.localAuthenticationRemoteService 535
1⤵
PID:545

/System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XPCServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticationRemoteService
/System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XPCServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticationRemoteService
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.MediaLibraryService 535
1⤵
PID:546

/System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.apple.MediaLibraryService.xpc/Contents/MacOS/com.apple.MediaLibraryService
/System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.apple.MediaLibraryService.xpc/Contents/MacOS/com.apple.MediaLibraryService
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.contacts.donation-agent
1⤵
PID:548

/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
/System/Library/PrivateFrameworks/ContactsDonation.framework/Versions/A/Support/contactsdonationagent
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:551

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.diskmanagementstartup
1⤵
PID:555

/usr/libexec/diskmanagementstartup
/usr/libexec/diskmanagementstartup
1⤵
PID:555

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -p disk2s2 removable readonly
1⤵
PID:556

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -p disk2s2 removable readonly
1⤵
PID:556

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -k disk2s2
1⤵
PID:557

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -k disk2s2
1⤵
PID:557

/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs
/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs -q /dev/rdisk2s2
1⤵
PID:558

/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs
/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs -q /dev/rdisk2s2
1⤵
PID:558

/sbin/mount
/sbin/mount -t apfs -o "nobrowse,owners" /dev/disk2s2 /Volumes/Preboot
1⤵
PID:559

/sbin/mount
/sbin/mount -t apfs -o "nobrowse,owners" /dev/disk2s2 /Volumes/Preboot
1⤵
PID:559
- /sbin/mount_apfs
  /sbin/mount_apfs -o nobrowse -o owners /dev/disk2s2 /Volumes/Preboot
  2⤵
  PID:560
- /sbin/mount_apfs
  /sbin/mount_apfs -o nobrowse -o owners /dev/disk2s2 /Volumes/Preboot
  2⤵
  PID:560

/usr/libexec/xpcproxy
xpcproxy com.apple.efilogin-helper
1⤵
PID:562

/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.efilogin-helper
1⤵
PID:565

/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.iconservices.iconservicesagent
1⤵
PID:566

/System/Library/CoreServices/iconservicesagent
/System/Library/CoreServices/iconservicesagent runAsRoot
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 565
1⤵
PID:568

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.loginwindow.3402E444-B929-429B-9124-E2EB66484E75
1⤵
PID:569

/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow
/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.imklaunchagent
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.UserEventAgent-LoginWindow
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.universalaccessd
1⤵
PID:572

/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
1⤵
PID:570

/usr/sbin/universalaccessd
/usr/sbin/universalaccessd launchd -s
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.pluginkit.pkd
1⤵
PID:573

/usr/libexec/pkd
/usr/libexec/pkd
1⤵
PID:573

/usr/libexec/UserEventAgent
/usr/libexec/UserEventAgent "(LoginWindow)"
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.ViewBridgeAuxiliary
1⤵
PID:574

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.security.agent.login.00000000-0000-0000-0000-0000000186C0
1⤵
PID:575

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 575
1⤵
PID:578

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.CryptoTokenKit.ahp.agent
1⤵
PID:579

/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp
/System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.ctkd
1⤵
PID:580

/System/Library/Frameworks/CryptoTokenKit.framework/ctkd
/System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000002.activateSettings
1⤵
PID:582

/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.AmbientDisplayAgent
1⤵
PID:583

/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServices/com.apple.AmbientDisplayAgent.xpc/Contents/MacOS/com.apple.AmbientDisplayAgent
/System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServices/com.apple.AmbientDisplayAgent.xpc/Contents/MacOS/com.apple.AmbientDisplayAgent
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.CryptoTokenKit.setoken 580
1⤵
PID:585

/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.speech.speechsynthesisd
1⤵
PID:586

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:587

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 586
1⤵
PID:588

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:588

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:589

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:589

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:589

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:589

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.mobileassetd
1⤵
PID:590

/usr/libexec/mobileassetd
/usr/libexec/mobileassetd
1⤵
PID:590

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:591

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:591

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -p disk2s2 removable readonly
1⤵
PID:593

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -p disk2s2 removable readonly
1⤵
PID:593

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -k disk2s2
1⤵
PID:594

/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util
/System/Library/Filesystems/apfs.fs/Contents/Resources/./apfs.util -k disk2s2
1⤵
PID:594

/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs
/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs -q /dev/rdisk2s2
1⤵
PID:595

/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs
/System/Library/Filesystems/apfs.fs/Contents/Resources/./fsck_apfs -q /dev/rdisk2s2
1⤵
PID:595

/sbin/mount
/sbin/mount -t apfs -o "nobrowse,owners" /dev/disk2s2 /Volumes/Preboot
1⤵
PID:596

/sbin/mount
/sbin/mount -t apfs -o "nobrowse,owners" /dev/disk2s2 /Volumes/Preboot
1⤵
PID:596
- /sbin/mount_apfs
  /sbin/mount_apfs -o nobrowse -o owners /dev/disk2s2 /Volumes/Preboot
  2⤵
  PID:597
- /sbin/mount_apfs
  /sbin/mount_apfs -o nobrowse -o owners /dev/disk2s2 /Volumes/Preboot
  2⤵
  PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.efilogin-helper
1⤵
PID:598

/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
1⤵
PID:598

/usr/libexec/xpcproxy
xpcproxy com.apple.efilogin-helper
1⤵
PID:602

/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
/System/Library/PrivateFrameworks/EFILogin.framework/Resources/efilogin-helper
1⤵
PID:602

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 602
1⤵
PID:603

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:603

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:605

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:605

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:606

/sbin/umount
/sbin/umount /Volumes/Preboot
1⤵
PID:606

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Logs/DiagnosticReports/com.apple.preferences.users.remoteservice_2023-08-26-190855_tests-iMac.spin

Filesize
2.9MB

MD5
f9c8ac79401fd43c5eb565824ec29b7b

SHA1
bcf5576d905a02925c6a4ac4797dc7bcb9768b00

SHA256
1a762e2c1880f9bb500fc6fe6c9f6375adc54655490ebacbfa6ddf84c8dca27e

SHA512
ae1fb3978e3921bf25e36a353dc37fd4f5d24fd899846b9ecd8b330cceefd1391fd492b66593fbf4b9b8f3c7103cd5ca14a59e375d6eb0c44bf64b42ebca84ff

Download Submit
/Users/run/Library/Caches/.dat.nosync020a.xlvlRm

Filesize
294KB

MD5
54a6415f0ccd912e6ef418df31566b14

SHA1
4b00b5adc45cf789c2d3464c184c1f782a73b2dd

SHA256
5703d526d31fb16982bafaab18e698b2bc9c10f5bdb690ad216ea0e09db16633

SHA512
0672d0c9a787f76fedb254202c669cb0553a9f7f99ba9b2e2511005d883a308db5850822fefc4b4dde4e24b0337aae5b215a34c9bb1fa7a0934199fce86613af

Download Submit
/private/var/db/spindump/.dat.nosync0219.uEI37X

Filesize
85KB

MD5
cff876fd5e8f28c56af6acba3c28f25d

SHA1
36ffd275c7c050f678b49470a10cd449319a5457

SHA256
71fc0612a555fcc41558a2d2a2eb6fdcc5d19559d42c019f59e1710183633941

SHA512
5fedba4cd1166693a9f06e88320321ac451ad855600c9e2344fe55f4d2f233574ac5c197522e04ced9831877100d2d265abf7971cffdadc96d2403b106f5d709

Download Submit
/private/var/db/spindump/tailspin-trace.2023-08-26_19-07-43.tailspin

Filesize
17.0MB

MD5
8c31d7e17f3dbb6b49814d5413401a1e

SHA1
03e019d0ab1c79a03ff2da070376effaec3cef42

SHA256
b87bb84023c52b07d769aaf6ee806cf1b11bca17d643b174c2c89c22f8971bf8

SHA512
58648594a1b5d6b5243796ea31bce4e616a216319f19c74f90063a594e0cb0fb36c18c0893618e6896462ebe77ff67b4f4717738e3359b5caf566a4d808d0f1f

Download Submit
/private/var/db/spindump/tailspin-trace.2023-08-26_19-07-43.tailspin

Filesize
17.0MB

MD5
8c31d7e17f3dbb6b49814d5413401a1e

SHA1
03e019d0ab1c79a03ff2da070376effaec3cef42

SHA256
b87bb84023c52b07d769aaf6ee806cf1b11bca17d643b174c2c89c22f8971bf8

SHA512
58648594a1b5d6b5243796ea31bce4e616a216319f19c74f90063a594e0cb0fb36c18c0893618e6896462ebe77ff67b4f4717738e3359b5caf566a4d808d0f1f

Download Submit
/private/var/db/spindump/tailspin-trace.2023-08-26_19-07-43.tailspin

Filesize
17.0MB

MD5
8c31d7e17f3dbb6b49814d5413401a1e

SHA1
03e019d0ab1c79a03ff2da070376effaec3cef42

SHA256
b87bb84023c52b07d769aaf6ee806cf1b11bca17d643b174c2c89c22f8971bf8

SHA512
58648594a1b5d6b5243796ea31bce4e616a216319f19c74f90063a594e0cb0fb36c18c0893618e6896462ebe77ff67b4f4717738e3359b5caf566a4d808d0f1f

Download Submit
/private/var/db/spindump/tailspin-trace.2023-08-26_19-07-43.tailspin

Filesize
17.0MB

MD5
8c31d7e17f3dbb6b49814d5413401a1e

SHA1
03e019d0ab1c79a03ff2da070376effaec3cef42

SHA256
b87bb84023c52b07d769aaf6ee806cf1b11bca17d643b174c2c89c22f8971bf8

SHA512
58648594a1b5d6b5243796ea31bce4e616a216319f19c74f90063a594e0cb0fb36c18c0893618e6896462ebe77ff67b4f4717738e3359b5caf566a4d808d0f1f

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.MediaLibraryService/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.MediaLibraryService/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.MediaLibraryService/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.MediaLibraryService/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.MediaLibraryService/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.studentd/TemporaryItems/(A Document Being Saved By studentd)/isConnected

Filesize
9B

MD5
2ec0d16e4ca169baedb9b2d50ec5c6d7

SHA1
c2f9b7b4897f03f94abf92294c9ca46fea62360b

SHA256
22965568d22a14ee17af055d2870b50afcfe9fd94a83eec3196e266932297bb2

SHA512
22f8e80d23c6110fb42017d8f48db768acb5ed4c1a9153bdfc50f8fb0561dd4dc9267efcb9b88bf772200d7fb46c4c19bd86aec41432c12b52ba286729339334

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/com.apple.mobileassetd/TemporaryItems/(A Document Being Saved By mobileassetd)/AssetTypeDescriptors.plist

Filesize
1KB

MD5
7c98238e6f9a7ab3e30c4c16283fae97

SHA1
f30126016495459fd5897df0b97fadb72819c5db

SHA256
b02dd9009b3dabe37d5c139166618c17195cf401eb01acd044a207f4c7c85e34

SHA512
d6cc8716476128f4fefdc98f25e7e189b8e77443e35803927302895d32c8c1cc2cebb6114316f63770655932e21c88b1badf1cd2a3ecac39cb9547d386a008bb

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/spindump.txt

Filesize
1.3MB

MD5
9b40943301b61529e23475dfe2a39126

SHA1
dba4e429e9ec561f30b19638ef1135b4b43f060f

SHA256
bcaa1ab835d702b75613b140c561845c999cc6ebd7accdd39bb805ed167399b6

SHA512
76afb4f893df3e07e5d50d80676d54c9068995e6e5c92c6eebdf908cf08c5b20714b2ab766eb576d00c9dfca908e0cb15d41d9558a96a0452f7d43fcef5e23c4

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/spindump.txt

Filesize
136KB

MD5
5aeb647fde4a6b70ac6994d78242ddd8

SHA1
4aa8eda6f99edbfa8d8c0e28ee92224cd81b0106

SHA256
02c6559633f6b3c35c0f86d8345fd984c1b4acb23834b07a24315b92d57a25f7

SHA512
c6549156b9af21824a2fca3a7bb898645a14f3456ad48b54b41c1eb1e42e92953756b77f63b0474e92816ce1e2682ba00328a9e95b8b9bcbdd755142c6ccc5d3

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n00000bh00002w/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/log/fsck_apfs.log

Filesize
149KB

MD5
421eeca4c50a789750f29db07d98f535

SHA1
8a3900ea7a15617e76cd59c4b3d794f29a2811b8

SHA256
e11387169f3018f4b68a94e9fd0a559ff738a936d4f0b6e191678b7dd98288da

SHA512
331c786306b90a544f741589091658a8ce293ef1f6ca33c15bc2d159b3a8f826e7fe3bad4d18d9c8fe225d6e1d0586cb0a1e41a24f8c79ac8921fad43d7808e6

Download Submit
/private/var/log/fsck_apfs.log

Filesize
149KB

MD5
d1f9ca45ed8edd6c441207cbd2de8496

SHA1
6a7153b997a92bee63a340a88a87c21043d93f85

SHA256
852c78b60b4d38277466cb8ab84b0a8d36c66a6d4526e671ffc55544f9682b8b

SHA512
4ef7330c3373f39297f6403f1380af4daf4b2bd959fa9d79627dd246c4d1003301d796c034026d1a1b9dba0fee430a585a80364943d112124166dd241541d59f

Download Submit
/private/var/log/fsck_apfs_error.log

Filesize
1KB

MD5
0922ca2a9bd6142415431adba2ff9ea4

SHA1
e1f450f588e771839ee36fc4a5ffe5257ce44fdd

SHA256
9e655e462e3cc34cbc3d8e9a57502d8e69bc90e6c8418c037c97388abbda0ae9

SHA512
c6a4f4897f8990ef97d729b5d18a31fc8ce7637e352da2d8a712666e8235b17faf71966bf01408bf17383936069e8b1535f129e1d3b618b7489e0648e3c5befb

Download Submit
/private/var/log/fsck_apfs_error.log

Filesize
1KB

MD5
b5acd23f1cc957acd1da8ecdf5f2dba3

SHA1
0c49c8fc9c31f91761d04f9fc58568eca0dbbe57

SHA256
849cf25719933255ebadc1bd10e450c7a95798607ac6c49db45cc2c4f802081f

SHA512
a1e4814a56c9b2dee8c12085e4c59759c073f22ef051baa8eb42ff664f0b17150e42635ca44dc4df5266df9bfb1b581013adbef150bd16928509b86d11a9718c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads