Resubmissions

23/02/2024, 12:50

240223-p2341aga6v 7

Analysis

  • max time kernel
    143s
  • max time network
    162s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240214-en
  • resource tags

    arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    23/02/2024, 12:50

General

  • Target

    Slack_mac.dmg

  • Size

    527KB

  • MD5

    3b927bc865267cdc3b125597fc3805f5

  • SHA1

    0e1587d74b953b794f32c54d805c450be12d4535

  • SHA256

    361a1afce4df0787df73f1d3dc1beb8917d7f0f943806bff27219db611d56b9f

  • SHA512

    4e4c1a8a73b1c9172c8c61ff323aed56b25691a6071e8bae0cf0603e587eb6a78b9c59a08526c825359631a7e61c969bea6840d41c941b74dec375eadded10dd

  • SSDEEP

    12288:5Gfqyd/S2QsWh1kQ6G5LruXTC20BdGMJNRC+JjwkFh4BHZSjOk4:5q1JS9sWh1iG5LK2x7bCiFhC

Malware Config

Signatures

  • Queries the macOS version information. 1 TTPs 2 IoCs
  • System Checks 1 TTPs 2 IoCs
  • AppleScript 1 TTPs 10 IoCs
  • Resource Forking 1 TTPs 1 IoCs

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"open /Volumes/Slack_mac\""
    1⤵
      PID:577
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"open /Volumes/Slack_mac\""
      1⤵
        PID:577
      • /usr/bin/sudo
        sudo /bin/zsh -c "open /Volumes/Slack_mac"
        1⤵
          PID:577
          • /bin/zsh
            /bin/zsh -c "open /Volumes/Slack_mac"
            2⤵
              PID:578
            • /usr/bin/open
              open /Volumes/Slack_mac
              2⤵
                PID:578
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.nehelper
              1⤵
                PID:582
              • /usr/libexec/nehelper
                /usr/libexec/nehelper
                1⤵
                  PID:582
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.spindump
                  1⤵
                    PID:587
                  • /usr/sbin/spindump
                    /usr/sbin/spindump
                    1⤵
                      PID:587
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.tailspind
                      1⤵
                        PID:588
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.spindump_agent
                        1⤵
                          PID:589
                        • /usr/libexec/tailspind
                          /usr/libexec/tailspind
                          1⤵
                            PID:588
                          • /usr/libexec/spindump_agent
                            /usr/libexec/spindump_agent
                            1⤵
                              PID:589
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.TextInputMenuAgent
                              1⤵
                                PID:590
                              • /System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
                                /System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
                                1⤵
                                  PID:590
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.TextInputSwitcher
                                  1⤵
                                    PID:591
                                  • /System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
                                    /System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
                                    1⤵
                                      PID:591
                                    • /usr/libexec/xpcproxy
                                      xpcproxy com.apple.quicklook.ui.helper
                                      1⤵
                                        PID:592
                                      • /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                                        /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                                        1⤵
                                          PID:592
                                        • /usr/libexec/xpcproxy
                                          xpcproxy com.apple.metadata.mdwrite
                                          1⤵
                                            PID:593
                                          • /usr/bin/login
                                            login -pf run
                                            1⤵
                                              PID:594
                                              • /bin/zsh
                                                -zsh
                                                2⤵
                                                  PID:596
                                                  • /usr/libexec/path_helper
                                                    /usr/libexec/path_helper -s
                                                    3⤵
                                                      PID:597
                                                    • /usr/bin/locale
                                                      locale LC_CTYPE
                                                      3⤵
                                                        PID:598
                                                      • /Volumes/Slack_mac/Slack_mac
                                                        /Volumes/Slack_mac/Slack_mac
                                                        3⤵
                                                          PID:599
                                                    • /usr/libexec/xpcproxy
                                                      xpcproxy com.apple.AccountPolicyHelper
                                                      1⤵
                                                        PID:595
                                                      • /System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
                                                        /System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
                                                        1⤵
                                                          PID:595
                                                        • /bin/sh
                                                          sh -c "osascript -e 'tell application \"Terminal\" to set visible of front window to false'"
                                                          1⤵
                                                            PID:600
                                                          • /bin/bash
                                                            sh -c "osascript -e 'tell application \"Terminal\" to set visible of front window to false'"
                                                            1⤵
                                                              PID:600
                                                            • /usr/bin/osascript
                                                              osascript -e "tell application \"Terminal\" to set visible of front window to false"
                                                              1⤵
                                                                PID:600
                                                              • /bin/sh
                                                                sh -c "mkdir /Users/run/182481170"
                                                                1⤵
                                                                  PID:601
                                                                • /bin/bash
                                                                  sh -c "mkdir /Users/run/182481170"
                                                                  1⤵
                                                                    PID:601
                                                                  • /bin/mkdir
                                                                    mkdir /Users/run/182481170
                                                                    1⤵
                                                                      PID:601
                                                                    • /bin/sh
                                                                      sh -c "system_profiler SPHardwareDataType"
                                                                      1⤵
                                                                        PID:602
                                                                      • /bin/bash
                                                                        sh -c "system_profiler SPHardwareDataType"
                                                                        1⤵
                                                                          PID:602
                                                                        • /usr/sbin/system_profiler
                                                                          system_profiler SPHardwareDataType
                                                                          1⤵
                                                                            PID:602
                                                                          • /bin/sh
                                                                            sh -c "system_profiler SPDisplaysDataType"
                                                                            1⤵
                                                                              PID:604
                                                                            • /bin/bash
                                                                              sh -c "system_profiler SPDisplaysDataType"
                                                                              1⤵
                                                                                PID:604
                                                                              • /usr/sbin/system_profiler
                                                                                system_profiler SPDisplaysDataType
                                                                                1⤵
                                                                                  PID:604
                                                                                • /bin/sh
                                                                                  sh -c sw_vers
                                                                                  1⤵
                                                                                    PID:606
                                                                                  • /bin/bash
                                                                                    sh -c sw_vers
                                                                                    1⤵
                                                                                      PID:606
                                                                                    • /usr/bin/sw_vers
                                                                                      sw_vers
                                                                                      1⤵
                                                                                        PID:606
                                                                                      • /bin/sh
                                                                                        sh -c "dscl /Local/Default -authonly run \"\""
                                                                                        1⤵
                                                                                          PID:607
                                                                                        • /bin/bash
                                                                                          sh -c "dscl /Local/Default -authonly run \"\""
                                                                                          1⤵
                                                                                            PID:607
                                                                                          • /usr/bin/dscl
                                                                                            dscl /Local/Default -authonly run
                                                                                            1⤵
                                                                                              PID:607
                                                                                            • /bin/sh
                                                                                              sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                              1⤵
                                                                                                PID:608
                                                                                              • /bin/bash
                                                                                                sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                1⤵
                                                                                                  PID:608
                                                                                                • /usr/bin/osascript
                                                                                                  osascript -e "display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
                                                                                                  1⤵
                                                                                                    PID:608
                                                                                                  • /usr/libexec/xpcproxy
                                                                                                    xpcproxy com.apple.geod
                                                                                                    1⤵
                                                                                                      PID:611
                                                                                                    • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                                      /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                                      1⤵
                                                                                                        PID:611
                                                                                                      • /usr/libexec/xpcproxy
                                                                                                        xpcproxy com.apple.geod
                                                                                                        1⤵
                                                                                                          PID:612
                                                                                                        • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                                          /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                                          1⤵
                                                                                                            PID:612
                                                                                                          • /usr/libexec/xpcproxy
                                                                                                            xpcproxy com.apple.secinitd
                                                                                                            1⤵
                                                                                                              PID:613
                                                                                                            • /usr/libexec/secinitd
                                                                                                              /usr/libexec/secinitd
                                                                                                              1⤵
                                                                                                                PID:613
                                                                                                              • /usr/libexec/xpcproxy
                                                                                                                xpcproxy com.apple.cfprefsd.xpc.agent
                                                                                                                1⤵
                                                                                                                  PID:614
                                                                                                                • /usr/sbin/cfprefsd
                                                                                                                  /usr/sbin/cfprefsd agent
                                                                                                                  1⤵
                                                                                                                    PID:614
                                                                                                                  • /usr/libexec/xpcproxy
                                                                                                                    xpcproxy com.apple.AddressBook.ContactsAccountsService
                                                                                                                    1⤵
                                                                                                                      PID:619
                                                                                                                    • /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                                                                                                                      /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                                                                                                                      1⤵
                                                                                                                        PID:619
                                                                                                                      • /usr/libexec/xpcproxy
                                                                                                                        xpcproxy com.apple.routined
                                                                                                                        1⤵
                                                                                                                          PID:620
                                                                                                                        • /usr/libexec/routined
                                                                                                                          /usr/libexec/routined LAUNCHED_BY_LAUNCHD
                                                                                                                          1⤵
                                                                                                                            PID:620
                                                                                                                          • /usr/libexec/xpcproxy
                                                                                                                            xpcproxy com.apple.Maps.mapspushd
                                                                                                                            1⤵
                                                                                                                              PID:621
                                                                                                                            • /System/Library/CoreServices/mapspushd
                                                                                                                              /System/Library/CoreServices/mapspushd
                                                                                                                              1⤵
                                                                                                                                PID:621
                                                                                                                              • /usr/libexec/xpcproxy
                                                                                                                                xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
                                                                                                                                1⤵
                                                                                                                                  PID:623
                                                                                                                                • /usr/libexec/neagent
                                                                                                                                  /usr/libexec/neagent
                                                                                                                                  1⤵
                                                                                                                                    PID:623
                                                                                                                                  • /usr/libexec/xpcproxy
                                                                                                                                    xpcproxy com.apple.akd
                                                                                                                                    1⤵
                                                                                                                                      PID:624
                                                                                                                                    • /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
                                                                                                                                      /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
                                                                                                                                      1⤵
                                                                                                                                        PID:624
                                                                                                                                      • /bin/sh
                                                                                                                                        sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                                                        1⤵
                                                                                                                                          PID:627
                                                                                                                                        • /bin/bash
                                                                                                                                          sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                                                          1⤵
                                                                                                                                            PID:627
                                                                                                                                          • /usr/bin/osascript
                                                                                                                                            osascript -e "display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
                                                                                                                                            1⤵
                                                                                                                                              PID:627
                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                              xpcproxy com.apple.assistantd
                                                                                                                                              1⤵
                                                                                                                                                PID:630
                                                                                                                                              • /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
                                                                                                                                                /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
                                                                                                                                                1⤵
                                                                                                                                                  PID:630
                                                                                                                                                • /usr/sbin/spctl
                                                                                                                                                  /usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
                                                                                                                                                  1⤵
                                                                                                                                                    PID:631
                                                                                                                                                  • /bin/sh
                                                                                                                                                    sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:643
                                                                                                                                                    • /bin/bash
                                                                                                                                                      sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                                                                      1⤵
                                                                                                                                                        PID:643
                                                                                                                                                      • /usr/bin/osascript
                                                                                                                                                        osascript -e "display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:643
                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                          xpcproxy com.apple.ReportMemoryException
                                                                                                                                                          1⤵
                                                                                                                                                            PID:644
                                                                                                                                                          • /usr/libexec/ReportMemoryException
                                                                                                                                                            /usr/libexec/ReportMemoryException
                                                                                                                                                            1⤵
                                                                                                                                                              PID:644
                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                              xpcproxy com.apple.ReportCrash.Root
                                                                                                                                                              1⤵
                                                                                                                                                                PID:649
                                                                                                                                                              • /System/Library/CoreServices/ReportCrash
                                                                                                                                                                /System/Library/CoreServices/ReportCrash daemon
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:649
                                                                                                                                                                • /bin/sh
                                                                                                                                                                  sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:650
                                                                                                                                                                  • /bin/bash
                                                                                                                                                                    sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:650
                                                                                                                                                                    • /usr/bin/osascript
                                                                                                                                                                      osascript -e "display dialog \"To launch the application, you need to update the system settings You entered an invalid password.\\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:650
                                                                                                                                                                      • /bin/launchctl
                                                                                                                                                                        /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:651
                                                                                                                                                                        • /bin/launchctl
                                                                                                                                                                          /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:652
                                                                                                                                                                          • /bin/sh
                                                                                                                                                                            sh -c /usr/sbin/kextstat
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:653
                                                                                                                                                                            • /bin/bash
                                                                                                                                                                              sh -c /usr/sbin/kextstat
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:653
                                                                                                                                                                              • /usr/sbin/kextstat
                                                                                                                                                                                /usr/sbin/kextstat
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:653

                                                                                                                                                                                Network

                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                      Downloads

                                                                                                                                                                                      • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        355B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a6ef4856e99c9d8e1d9bb762c5a8503a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        25d5405ad91791b716ae5a56b37aa2b393854967

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489

                                                                                                                                                                                      • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        355B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2f01f7a00c85e424f82b00b2bf794a7c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c75cb52aa31012888dd7c65373d5faba6048c425

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        23d6746cb1c1906c9cfb5c69f7377f7cb68965ac0708ed1d600bfd3d3c34ce32

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        75131e0145182653cef2edbb968853c9cb3c26c37c5821f3cd69c3ecdde7979ae37e74ecea8ad333090a473177c6dad43bc34f94a8fd104cd4c9b16c8f7b54f8

                                                                                                                                                                                      • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        42B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        ce7f5b3d4bfc7b4b0da6a06dccc515f2

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ce657a52a052a3aaf534ecfbf7cbdde4ee334c10

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

                                                                                                                                                                                      • /Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        124KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        3787ae55247ef0a97cd8d31d20db2311

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        11a0ec4bc37c1c46160499ed1afa5a42185d0c54

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        50782ea8f6df98e0170125b6112be40ab4cafcc24fab69d1dcddfc0587ddbb43

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ea9dd363975710b48a43e4c548ee8f9b2c17f83d48a45199d6eaf704708712e2d3ba1a3be94af86bd57a2d51182085462de0ba45652ee957cd3428774f796f39

                                                                                                                                                                                      • /Users/run/Library/Caches/GeoServices/Resources/altitude-1168.xml

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        150KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        76ebb0196d42a294b69ef118cbb301d5

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        61e5ab752d351af1661716bc48c0520f66cd1d1b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        aaa9febe98e3a75220b4933d1f00f2bef276183491e7d171fa54d03259812759

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        8dde09d72944e8925c5bd64dc3799a44d7c30191d5038939a24f8a45ccf4d66b84990e8be3e0f2ee1d42d1dd6e5ed3673c39f803874fb0840a3232cc1e533663

                                                                                                                                                                                      • /Users/run/Library/Saved Application State/com.apple.osascript.savedState/data.data

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bb55e27ee415cb9fa7a2442e0b049c80

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        12b08a0ff728ed9e03ec963a648b2d6314c58151

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        078e1c2fbb659dd049de3d018ffa1739689769d6a2fe198ea77c02b65bd3d9f3

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        da10e77eb98dc478af1ecbe4e429ab77b8d1f7bb60e003a06ff05f783c5910c8b7998add639747f2337808503d7c65cf079200b330b7873d2b0e18101d8e0bd2

                                                                                                                                                                                      • /Users/run/Library/Saved Application State/com.apple.osascript.savedState/data.data

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        0f931ace03b6cc51a3aae8d476886d1b

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        dc5b13667d0fab85c59588caffb8990d3d474ab1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9f2d809b4ebb4c8b777a544dfb8b8e518c4d9fa19befae99b7bf52b138597d30

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        9cb52e42fcf2484afac2fe46a009050555a2d0eefa45ba43ef61f8e864e64cde9e16d4febb5763782ae141d6b62d16395a74eb6728f61bcc4b292bfff5eb327e

                                                                                                                                                                                      • /Users/run/Library/Saved Application State/com.apple.osascript.savedState/data.data

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        60d8b91ad68dd3d08790e980b85772b1

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b21a026c47907c00b5aee3768e877c779095ea0d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        98c18d65bc3d4e49fdcebf39dffec2dd99c04ff6993fdcf15760276e0ad3d581

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        38b074d7542867efba289f362589ac1bb026887027d6f379c5f49462ba39fc2a7014e8a5af28674ef330a752455f990dc0a07e1fbc554b26ee0c6c718282c17a

                                                                                                                                                                                      • /private/var/db/spindump/tailspin-trace.2024-02-23_12-52-01.tailspin

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2.5MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        9f2097b6f1692426535f4676ec855863

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a18e00a5b8bd0587e22ff3cf096e246d6ad46366

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9b093d5780117b627342e3b39f738a778e2784fdfb58a5586d31c266ed6340aa

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        99f271f6eff4047784e56184b6a1858d5a7f2f3cf066b3099325c4dc80a3c80b68ce241c66cda0d7373ca2ec656617fbc87acc65d516fa8873541ddd2288b7af

                                                                                                                                                                                      • /private/var/db/spindump/tailspin-trace.2024-02-23_12-52-01.tailspin

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        260KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        90ac42bec4141dfd816c1e6d97478a2c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ca87727865a87fc6c640ebd30090baa17937ffee

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        762f13ca175aad1a7e5ccbc4c377e88890b67ea1a025866527cdf01354f8bb19

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        250d9198e49f0fb5403f5e3fed9b52cb9e2ba5e840949359e4febaaabb4ff82bca55e0e40635ee6287cef9e8469cdb3563851246bc92d3c1b6d49f35a0853e0f

                                                                                                                                                                                      • /var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        47KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        0e4a0d1ceb2af6f0f8d0167ce77be2d3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

                                                                                                                                                                                      • /var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d3a1859e6ec593505cc882e6def48fc8

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f8e6728e3e9de477a75706faa95cead9ce13cb32

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818