60d463cdd3d76dda8025a24589278d8581ad134e75ecaed797cdc19750d78bdc

Analysis

max time kernel
596s
max time network
585s
platform
macos-10.15_amd64
resource
macos-20240214-en
resource tags

arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
14/03/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

13B
MD5

bcb898f62d9e1ac765c77e6804cbd872
SHA1

67ae65ba9701b2f114434b23c6ed88c4b015b0bf
SHA256

60d463cdd3d76dda8025a24589278d8581ad134e75ecaed797cdc19750d78bdc
SHA512

4e166f63a5a427c0c76c756642a4743f13635a575cd990f11069295a55785d49b9a3cc0e5ee1bafa79d5252d03abcc19548d00ae0db20af391fc1e8e3156d606

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 7 IoCs

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/test.txt\""
1⤵
PID:535

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/test.txt\""
1⤵
PID:535

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/test.txt
1⤵
PID:535
- /bin/zsh
  /bin/zsh -c /Users/run/test.txt
  2⤵
  PID:536
- /Users/run/test.txt
  /Users/run/test.txt
  2⤵
  PID:536
- /bin/sh
  sh /Users/run/test.txt
  2⤵
  PID:536
- /bin/bash
  sh /Users/run/test.txt
  2⤵
  PID:536
- - /bin/Test
    Test content.
    3⤵
    PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:558

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:568

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:570

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:571

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:572

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:572

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.assistantd
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.bird
1⤵
PID:578

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.nehelper
1⤵
PID:579

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
1⤵
PID:578

/usr/libexec/nehelper
/usr/libexec/nehelper
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:580

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:587

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:588

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:590

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 588
1⤵
PID:591

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:591

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:594

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:595

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:596

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:597

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:598

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:599

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:599

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:600

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:601

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:605

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:605

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:606

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:606

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.859B0FD6-3616-4E0A-92B6-7FFA5D925593 605
1⤵
PID:607

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:607

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:612

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:612

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:613

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:613

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.386DE838-5059-4437-B71B-69096FC2EE28 605
1⤵
PID:614

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:614

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 605
1⤵
PID:615

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:615

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:616

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:616

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.0D3A638A-F106-41DA-AB49-5C7D9BC44FB1 605
1⤵
PID:617

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:617

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:621

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:626

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:626

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.13EB6F33-FB4D-4136-A32A-48EAB426B2F4 605
1⤵
PID:633

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:633

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:634

/usr/libexec/xpcproxy
xpcproxy com.apple.dock.ecti.C8A816CB-9264-492E-8E8C-D29D0DB7F957 282
1⤵
PID:635

/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ecti.xpc/Contents/MacOS/com.apple.dock.ecti
/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ecti.xpc/Contents/MacOS/com.apple.dock.ecti
1⤵
PID:635

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:634

/usr/libexec/xpcproxy
xpcproxy com.apple.TextEdit.2092
1⤵
PID:637

/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
1⤵
PID:637

/usr/libexec/xpcproxy
xpcproxy com.apple.appkit.xpc.openAndSavePanelService 637
1⤵
PID:638

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
1⤵
PID:638

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.QuickLookUIService 638
1⤵
PID:639

/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
1⤵
PID:639

/usr/libexec/xpcproxy
xpcproxy com.apple.automountd
1⤵
PID:640

/usr/libexec/automountd
automountd
1⤵
PID:640
- /usr/libexec/od_user_homes
  /usr/libexec/od_user_homes .localized
  2⤵
  PID:641
- /usr/libexec/od_user_homes
  /usr/libexec/od_user_homes .localized
  2⤵
  PID:648

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:642

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:642

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:643

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:643

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:643

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:644

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:644

/usr/libexec/xpcproxy
xpcproxy com.apple.printtool.agent
1⤵
PID:645

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Versions/A/printtool
1⤵
PID:645

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:650

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.A19CCBAB-7829-4E18-81A2-0CDFCE8B4FBD 649
1⤵
PID:651

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:651

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:652

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:652

/usr/libexec/xpcproxy
xpcproxy com.apple.Spotlight
1⤵
PID:653

/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
/System/Library/CoreServices/Spotlight.app/Contents/MacOS/Spotlight
1⤵
PID:653

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:655

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:655

/usr/libexec/xpcproxy
xpcproxy com.apple.TextEdit.2092
1⤵
PID:657

/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
1⤵
PID:657

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:658

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:663

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:663

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
42B

MD5
ce7f5b3d4bfc7b4b0da6a06dccc515f2

SHA1
ce657a52a052a3aaf534ecfbf7cbdde4ee334c10

SHA256
9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1

SHA512
db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
81B

MD5
520bb9b65b89f03050030e5a985b9cd1

SHA1
91defba6d4540d4c8ede177730d104d747e8f57b

SHA256
6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0

SHA512
81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
126B

MD5
52ef57acdaa153c35594e46bde4fe42c

SHA1
c2a5b1748aa61c311b670ef319d92663e3f92b00

SHA256
58add3e6d1d91409a9ddd9bb9b7cb173f3ec1162905d907839ab007e43cf2d2a

SHA512
defea7dd6200a17dbf0b619e16efb2919dc14199e7f3cb6755b4e5f1fdc8fb2942fa9f7c8c4c19d9026acb0c64a7df0462c7e10685c7482e710e94ed15964209

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
126B

MD5
95f24d2f9121654acd5a1c44e572082b

SHA1
ea13b61b35ef396ebe42f09e638a39f13b93fd9b

SHA256
2b7b2a1c679a5a0d2465351f35584f1eb6de22160daefb4cba351838f98f155e

SHA512
d1eaa0bd0b245f98a03d24197e02096400abea41f5a36905a41c777bedba15194f3de256c12b4f038e38267147986e8b9dd543189fdc6d1788d3c012bc63270d

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
168B

MD5
72aefa577a027ffaeee1d17f267cc5c4

SHA1
5cba43f9396c1636fef3adf7d89467f3e25abde4

SHA256
1841c830b27deec6d1a958218bb946bbf3b32bac6fd4742e21be8c03912708fd

SHA512
461db0ff0922a9d47969c42cdad5aa9e6cea21ec002f6a8b538418ccf3f4cd09b1d103b2cd63628579c2978d864734ef90ffd15e399659c3911e4ade1a53f53c

Download Submit
/Library/Preferences/com.apple.networkextension.uuidcache.plist

Filesize
196B

MD5
f89bfcd57bde27c9fc41ae606802800d

SHA1
ef018f2657ac73f7f069bbd0c7cbf482df4c7e12

SHA256
457d49b3caa88b6245645fb8f23c41b7729dcd1981f7fdb1564862ce950c2859

SHA512
7a93d760fe057007864f57c6bedb5d7e789695865aec9a764535fe7a5664b84bde9994a7123f8d1418ae70c628f2f6a55c2d2672a7f78c1ba8b37d48880b0c51

Download Submit
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

Filesize
124KB

MD5
6ffa882b258641c8f2ec4bd1df5db9a1

SHA1
0d34f44430ec68dc80d00e3b06db2ef0fb8e6352

SHA256
743b160509af7c1aeab038349c7802736a15b3c1ba5bfe4aa3dee143a74731bf

SHA512
6f34c3ad9c77046b3f0698b227b49e7c77d5c6afee2935e1071c0d6f59a0f128f73a83492772739b69902c994391e94f91f6837d1d81d8c4f683e975cbd6a5c3

Download Submit
/Users/run/Library/Caches/GeoServices/Experiments.pbd

Filesize
137B

MD5
c7828842a1d45538f68b8a212078a2af

SHA1
5a8f1b45e5d355b2348f356d8d27cc8e831f02c9

SHA256
d515e3b54dc43d06d9406e035b4912ba16096e0245c7003758779ddea8235eb0

SHA512
e306606ba6386bd5f0142d5fb5695fb523dcbeda38ff0c4dc85158ef2f037309fa5ef6e2bb7950e46d4a948f52c14c02a4f9a02fa76e6f124101077b9f1605a0

Download Submit
/Users/run/Library/Caches/GeoServices/Resources/altitude-1214.xml

Filesize
158KB

MD5
3beb34e02eb9bd01714f9926b3ebfc96

SHA1
d558e451b1b1ea9f8a7a29449fe1d2985abbd96c

SHA256
032673ebc61db6f46d76d507b19b1b0136a3f7e766a311f38921d2ee7fe450be

SHA512
f882c6dc232cc24367e6a83117a8f358860fe8cc9b5d67fa2255645a43658e1cf72af44fa3708ec03c24a788c78abea2a268214adcfcb52aa7dce207102627ff

Download Submit
/Users/run/Library/Containers/com.apple.TextEdit/Data/Library/Autosave Information/Unsaved TextEdit Document.rtf

Filesize
220B

MD5
4f0cd12344d78406b6c359a5bcc28491

SHA1
4642aad5b71d6ec0b54569abf36fccfe34cd2be2

SHA256
83b3871fe09ca69d5f577bd3e28a52a224de11f39216c0e2084f6aa9d6ade2ff

SHA512
52e1bdd03736f834e25aba8d7e6ba9cdbd778c450e02f3ff1b90a97cfec749065a0794003a126732f124f1c4f4dbf2ab3dd7c70969e86f352ba85edb04b3a163

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/B46CCFF0A5F7586AD80BB9CEBC7A7B9E

Filesize
2KB

MD5
904ce6bd2ef5e1eaa6de1eb02164436b

SHA1
b37ac89616b9e4c01a35991af59fe6b63e41a48e

SHA256
3638de61226857e62cf5187d7d59cf902111ad4f792b5bdff1bfed3f5ed5e608

SHA512
05044e298742b1520585ae3c029938036ebed50337608a600c4924a29e3624ce704f3b13fbe348d9e1b1e93b1e0abff9f53bbc9fd31929199f9a374f154f74c2

Download Submit
/private/var/db/spindump/tailspin-trace.2024-03-14_08-44-30.tailspin

Filesize
3.0MB

MD5
5aa63f31c647c170ac27c16315af3120

SHA1
88f3bdfcf03b80c20add45815e8df25eeb716723

SHA256
4ad743e76aa039c1e095f00e1776e64464015a3b4ec39a0b51f932fe0035783c

SHA512
f360c33fcde762fd1c727962c2b5808ac119d41e9336152caaa6bb126ebfb02bae8072e5932428578480b2d2bb5a3e2c064504a8bf7f4d10ac002d2240f96448

Download Submit
/private/var/db/spindump/tailspin-trace.2024-03-14_08-44-30.tailspin

Filesize
1.4MB

MD5
24fcca1efe6a5612da2d8b5c3dd4d9c8

SHA1
1bb77beac01ae8458d20e5e6fa81362cf7a7c171

SHA256
97ef8545c474ae50d5e6022c0fc51eb79d7f3aeb33307aea025141f4ac352b2a

SHA512
ea307b1aae34d988b34d42f77999bc631160c8e8eab4dc4542f1911e4613b3fe1b5e2e037b080badf964a20eb0a0bd548399b26d455288ecc7191e043a993396

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
221KB

MD5
4099403d13d963c0fc72e9e7fe1a5207

SHA1
540cb8547da2599a93650fde6bd0ddcba672a462

SHA256
8761a261c26a38fc2f0280f61576b6fb247e2abccafebe6c4d71e94dc5aed047

SHA512
ec7d5ec44f8c9fc28ab168e44270d9ad8b3ff2f278a2946f0f4be1b79e77126e7d85176144d842a90259951e69228ec6df475dc4a8325657bcf74b6893737dbf

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
3.2MB

MD5
1bb6fe12968340c385a26e8576d62bc1

SHA1
6687af7a1594ce224017193a536f779c1caa866c

SHA256
692978b48c2d2eca7c2d96794dd41a9d8c5d92218034a0ed022e8b2333f9e041

SHA512
5850d581deedadc2bf75237b23f7b19651a0dceae2d9605f31163a8e7c83622c2860ccb21acd0354e6bb8b6d5de5dcbde25d45a443ece1c100872e8d876b8160

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
1.4MB

MD5
25941a763081bc1b141393f3f2b1d291

SHA1
0c2c28cab4f6c2dd01fe8ad51ae8889006892ab5

SHA256
9dadb63f06faa1b16b7883e15164892d560188ee72b69bea5f1e0db6c111575b

SHA512
d2a8f143e7604524053b07df46c0311b5cd0017e676dcdec53beb120bc2dcc7bd08809f873bd3d7286fde1c86f938e32d9e9179540a8a42bbcd921f0dc3213b3

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.TextEdit/TemporaryItems/(A Document Being Saved By TextEdit)/Untitled.txt

Filesize
68B

MD5
44d88612fea8a8f36de82e1278abb02f

SHA1
3395856ce81f2b7382dee72602f798b642f14140

SHA256
275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f

SHA512
cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
2.1MB

MD5
5fb0b5622526184fd251e2ff97bea207

SHA1
7256d1c07dc98ac1bd2b4eadca8b82b85434e0d5

SHA256
93329a7d185b9bef9dbd49718e4ffcf88726243f495729a3b961403b146c4b7e

SHA512
bd06e943f329de29f6bb4342e05fefd3c0afc82b8c1478e7e18954d7dc3b48bf77eb2d8dd0856bdcbe56df75b7f24a9da94931c274d108cd8895f1c09f24c242

Download Submit