Analysis

  • max time kernel
    136s
  • max time network
    146s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    08-06-2024 15:29

General

  • Target

    DiscordSetup (1).exe

  • Size

    94.7MB

  • MD5

    49c9c51dd3052cd6249b8c2a26d7cd4d

  • SHA1

    6c87336e9bec6ed26c07dc58f1a75325b2d3bed9

  • SHA256

    1acf137396d46e2d7c0b008dfe9247f03eafdb1bda8a08de008a02d9e5f73738

  • SHA512

    afe0041cdc71b1581c73c0491456a9ec36dfb29cd7825f4bc597a20e8b4558c8089ac0e170181abcbb4f02a2a36c6733f92608b429d36980cd2e297396f224e5

  • SSDEEP

    1572864:YEkjfT5WG3Ql7P4F+aXO/B513buFVmb5wFV7bwYsWmGZ4guqE9ZwIKro9QDUHIy:YEkTlWP4a/B5eFR1Ew7rQQDeIy

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Resource Forking 1 TTPs 13 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

Processes

  • /usr/bin/xar
    /usr/bin/xar -c -f dslocal-backup.xar dslocal
    1⤵
      PID:479
    • /usr/libexec/xpcproxy
      xpcproxy com.apple.gkreport
      1⤵
        PID:480
      • /usr/libexec/xpcproxy
        xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer
        1⤵
          PID:481
        • /usr/libexec/gkreport
          /usr/libexec/gkreport
          1⤵
            PID:480
          • /bin/sh
            sh -c "sudo /bin/zsh -c \"/Users/run/DiscordSetup (1).exe\""
            1⤵
              PID:482
            • /bin/bash
              sh -c "sudo /bin/zsh -c \"/Users/run/DiscordSetup (1).exe\""
              1⤵
                PID:482
              • /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
                1⤵
                  PID:481
                • /usr/bin/sudo
                  sudo /bin/zsh -c "/Users/run/DiscordSetup (1).exe"
                  1⤵
                    PID:482
                    • /bin/zsh
                      /bin/zsh -c "/Users/run/DiscordSetup (1).exe"
                      2⤵
                        PID:486
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.systemstats.daily
                      1⤵
                        PID:484
                      • /usr/libexec/xpcproxy
                        xpcproxy com.oracle.java.Java-Updater
                        1⤵
                          PID:485
                        • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                          "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                          1⤵
                            PID:485
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.Safari.2028
                            1⤵
                              PID:517
                            • /Applications/Safari.app/Contents/MacOS/Safari
                              /Applications/Safari.app/Contents/MacOS/Safari
                              1⤵
                                PID:517
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.Safari.History
                                1⤵
                                  PID:518
                                • /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
                                  /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
                                  1⤵
                                    PID:518
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.WebKit.WebContent.402319FF-268B-44D5-958A-B1317D92C536 517
                                    1⤵
                                      PID:519
                                    • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                      /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                      1⤵
                                        PID:519
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.SafariLaunchAgent
                                        1⤵
                                          PID:525
                                        • /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
                                          /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
                                          1⤵
                                            PID:525
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.WebKit.WebContent.F133C513-9DDD-4054-BA1D-A778C0D551B3 517
                                            1⤵
                                              PID:526
                                            • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                              /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                              1⤵
                                                PID:526
                                              • /usr/libexec/xpcproxy
                                                xpcproxy com.apple.Safari.SearchHelper 517
                                                1⤵
                                                  PID:530
                                                • /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
                                                  /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
                                                  1⤵
                                                    PID:530
                                                  • /usr/libexec/xpcproxy
                                                    xpcproxy com.apple.Safari.SafeBrowsing.Service
                                                    1⤵
                                                      PID:531
                                                    • /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
                                                      /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
                                                      1⤵
                                                        PID:531
                                                      • /usr/libexec/xpcproxy
                                                        xpcproxy com.apple.WebKit.WebContent.F22DCB4B-89B9-44C6-9157-F6DE15F68093 517
                                                        1⤵
                                                          PID:532
                                                        • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                          /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                          1⤵
                                                            PID:532
                                                          • /usr/libexec/xpcproxy
                                                            xpcproxy com.apple.accessibility.mediaaccessibilityd
                                                            1⤵
                                                              PID:533
                                                            • /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
                                                              /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
                                                              1⤵
                                                                PID:533
                                                              • /usr/libexec/xpcproxy
                                                                xpcproxy com.apple.coremedia.videodecoder 532
                                                                1⤵
                                                                  PID:534
                                                                • /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
                                                                  /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
                                                                  1⤵
                                                                    PID:534
                                                                  • /usr/libexec/xpcproxy
                                                                    xpcproxy com.apple.audio.AudioComponentRegistrar
                                                                    1⤵
                                                                      PID:535
                                                                    • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                                                      /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                                                      1⤵
                                                                        PID:535
                                                                      • /usr/libexec/xpcproxy
                                                                        xpcproxy com.apple.audio.SandboxHelper 532
                                                                        1⤵
                                                                          PID:538
                                                                        • /System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
                                                                          /System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
                                                                          1⤵
                                                                            PID:538
                                                                          • /usr/libexec/xpcproxy
                                                                            xpcproxy com.apple.WebKit.WebContent.C10C2A4D-86F9-4173-A6D2-6BC2A0F41FBC 517
                                                                            1⤵
                                                                              PID:539
                                                                            • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                              /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                              1⤵
                                                                                PID:539
                                                                              • /usr/libexec/xpcproxy
                                                                                xpcproxy com.apple.Safari.SandboxBroker 517
                                                                                1⤵
                                                                                  PID:547
                                                                                • /Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
                                                                                  /Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
                                                                                  1⤵
                                                                                    PID:547
                                                                                  • /usr/libexec/xpcproxy
                                                                                    xpcproxy com.apple.metadata.mdwrite
                                                                                    1⤵
                                                                                      PID:548
                                                                                    • /usr/libexec/xpcproxy
                                                                                      xpcproxy com.apple.quicklook.ui.helper
                                                                                      1⤵
                                                                                        PID:551
                                                                                      • /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                                                                                        /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                                                                                        1⤵
                                                                                          PID:551
                                                                                        • /usr/libexec/xpcproxy
                                                                                          xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.DiskImageMounter
                                                                                          1⤵
                                                                                            PID:552
                                                                                          • /System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
                                                                                            /System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter -psn_0_196656
                                                                                            1⤵
                                                                                              PID:552
                                                                                            • /usr/libexec/xpcproxy
                                                                                              xpcproxy com.apple.XprotectFramework.AnalysisService 511
                                                                                              1⤵
                                                                                                PID:553
                                                                                              • /System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
                                                                                                /System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
                                                                                                1⤵
                                                                                                  PID:553
                                                                                                • /usr/libexec/xpcproxy
                                                                                                  xpcproxy com.apple.hdiejectd
                                                                                                  1⤵
                                                                                                    PID:554
                                                                                                  • /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
                                                                                                    /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
                                                                                                    1⤵
                                                                                                      PID:554
                                                                                                    • /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
                                                                                                      /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 018A4B19-68D9-45B8-9F5E-814D7BB5B73C
                                                                                                      1⤵
                                                                                                        PID:555
                                                                                                      • /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
                                                                                                        /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 018A4B19-68D9-45B8-9F5E-814D7BB5B73C -post-exec 4
                                                                                                        1⤵
                                                                                                          PID:556
                                                                                                        • /System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent
                                                                                                          "/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 018A4B19-68D9-45B8-9F5E-814D7BB5B73C
                                                                                                          1⤵
                                                                                                            PID:557
                                                                                                          • /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
                                                                                                            /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
                                                                                                            1⤵
                                                                                                              PID:558
                                                                                                            • /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
                                                                                                              /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
                                                                                                              1⤵
                                                                                                                PID:559
                                                                                                              • /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
                                                                                                                /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
                                                                                                                1⤵
                                                                                                                  PID:560
                                                                                                                • /sbin/fsck_hfs
                                                                                                                  /sbin/fsck_hfs -f -n /dev/disk3s1
                                                                                                                  1⤵
                                                                                                                    PID:561
                                                                                                                  • /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
                                                                                                                    /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
                                                                                                                    1⤵
                                                                                                                      PID:562
                                                                                                                    • /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
                                                                                                                      /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
                                                                                                                      1⤵
                                                                                                                        PID:563
                                                                                                                      • /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
                                                                                                                        /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
                                                                                                                        1⤵
                                                                                                                          PID:564
                                                                                                                        • /sbin/mount
                                                                                                                          /sbin/mount -t hfs -o "-u=502,-g=20,-m=755,nodev,noowners,nosuid,rdonly,quarantine" /dev/disk3s1 /Volumes/Discord
                                                                                                                          1⤵
                                                                                                                            PID:565
                                                                                                                            • /sbin/mount_hfs
                                                                                                                              /sbin/mount_hfs -u 502 -g 20 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o quarantine /dev/disk3s1 /Volumes/Discord
                                                                                                                              2⤵
                                                                                                                                PID:566

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              170.7MB

                                                                                                                              MD5

                                                                                                                              2c502eacc1723b42bac51f357bff948c

                                                                                                                              SHA1

                                                                                                                              c3c2b162b4b5023c216855fe3bbc3b9d633f2eff

                                                                                                                              SHA256

                                                                                                                              6dc07ffcba89e29294489423dcb156a9b79e0b344731b61b42fb0f35a3a24ce1

                                                                                                                              SHA512

                                                                                                                              2441069e356884b6d0fbe8a70288dadb4f650aa38c5485644a71124b0b687e02f230d8ca403a22f8bdb7befb0fa293229160ff2d448ba9782ab9122d063411db

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              72.4MB

                                                                                                                              MD5

                                                                                                                              cd072c76c1859b37fc0e10911603aebb

                                                                                                                              SHA1

                                                                                                                              e5b91a9c0fde2d9de77fa13bf868f0d2982812bf

                                                                                                                              SHA256

                                                                                                                              b4b485de267572857922c295505a163e942d34e1c92f6d8d7e924a36be832682

                                                                                                                              SHA512

                                                                                                                              5c9a1299ef473557c5c4f47a2f31ef4df4cb15face4d94633cf388378cf06e366e535cc53dc882cca780e591830505564123268ae325832d6ccdb3d2b1ea7b05

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              69.1MB

                                                                                                                              MD5

                                                                                                                              0a82135d3f85be52094d2cae08bceee5

                                                                                                                              SHA1

                                                                                                                              41016c253c7ba0af36a6e6dc9d0301953c48d7e8

                                                                                                                              SHA256

                                                                                                                              9de5c104b1d41e23a8f9f494cce6af507f6e33c904487346f88265c07db71870

                                                                                                                              SHA512

                                                                                                                              452dbd20dabac02bbd1c897ce3f17c4eda839e010b43b565e01dc07cc661aa3ca7407b7e6307ba17710cdbd6d368a80d2d796271d07804fb5c1af6aa827ad57b

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              65.7MB

                                                                                                                              MD5

                                                                                                                              69cff48eaa1c83689dd7a2d84ab481c1

                                                                                                                              SHA1

                                                                                                                              648bb2665a37a034eb9b5b8cc6104aae3a392a94

                                                                                                                              SHA256

                                                                                                                              d3a1b358cf045e92b90e01863dee6d85160035428474d60f630023135d0ec2b0

                                                                                                                              SHA512

                                                                                                                              e25fb92c9f43f8b7271bc4762b9730c25f3f78f5e54247e0c249394520e0c9931607b55d03ab728ae12e6761a0023a6e0cec88213f3ee731224844fe17ab8a1a

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              64.3MB

                                                                                                                              MD5

                                                                                                                              7d5b362685ecb97ee8b437eaad005d26

                                                                                                                              SHA1

                                                                                                                              f2ec05d0912fd65139af769fc629a7f6ae0674ef

                                                                                                                              SHA256

                                                                                                                              a08db654420b5b5803094f8ec10527a4558bc525b39249d07650c22b35ff4d56

                                                                                                                              SHA512

                                                                                                                              66fb1b86d3fdf1452d7f41fad08652b7936030015ffe7d868b07c1a5c218f979349a02e29b95da6e6944aaadf70720fd0db703682e34c7469e31153be9e8522e

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              65.8MB

                                                                                                                              MD5

                                                                                                                              19f76a9e9623289343557a4b4d1e3848

                                                                                                                              SHA1

                                                                                                                              45e4aa211cbd91f8e363e6e890147a0fbf9afbed

                                                                                                                              SHA256

                                                                                                                              7b8421da58a12f3dbc4efaa5d5e55e3b6564507346d2f70f847cb4a6346c2dff

                                                                                                                              SHA512

                                                                                                                              219ac318fdedaab9f8757610534cdb3919efbde195554bb3bd18c6a2bc9180b14daf2d7970368da8f4d2113c70f8b12e9824269ed28c82517ac22ca1c854471e

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              65.2MB

                                                                                                                              MD5

                                                                                                                              7a0bc511e62b120463c946059b15a5b8

                                                                                                                              SHA1

                                                                                                                              126fd21f455f98c47501ccb9424c024821985b2f

                                                                                                                              SHA256

                                                                                                                              8a2d996d1ad9b0e5787f2f3d53e2fcceb7748afa1a99adbff810ddc3e56a5a47

                                                                                                                              SHA512

                                                                                                                              dd77ea06e2cc72c0ecc6f638d80863d9c7aa39e22abaa89437a4867ee320ce57fe6618ca3db07f71a842816d648ff247eabf9d81f5d56ccc99e00c42df6f0c9c

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              63.7MB

                                                                                                                              MD5

                                                                                                                              e0d905dc62dbbda635a35de3538d05a9

                                                                                                                              SHA1

                                                                                                                              adff5e9364d7ea8e4be188964fb30893bde49e71

                                                                                                                              SHA256

                                                                                                                              ba866923abd057e7d98ca638e6ca564236d3b3c3998ccc7704ba6b9236c3484f

                                                                                                                              SHA512

                                                                                                                              90de5e9b2ca3adc5a4a2de8f423d74a77cd3ad1441129079484c73696889d4a026634fe11a9cb3e889b6111bcf39d839b2c7ac2c0d89bc10fe836b647d18a1da

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              63.2MB

                                                                                                                              MD5

                                                                                                                              4a212b8754fa223699812f4c65908f1e

                                                                                                                              SHA1

                                                                                                                              c15b1e937a44ddcd5eb284f732fbcf4ebc8434b1

                                                                                                                              SHA256

                                                                                                                              f2c486582a187981c7c3fe3236cfe8947af9b21516e406b51a137a3818a6dc97

                                                                                                                              SHA512

                                                                                                                              f67ef0a87ce1d099b3af4e67a14c1d9399862100fe3163ff5af8f1139d2e6ccf064cccd4376edbcc1a488a48d82e644d2c003e6d0137b01a2aca3634a96b2d0c

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              64.7MB

                                                                                                                              MD5

                                                                                                                              66bba89b0f6b6e63e77af72004935045

                                                                                                                              SHA1

                                                                                                                              6dcdbc5c0393445fe7076e1aac2bd3ba0b85d929

                                                                                                                              SHA256

                                                                                                                              07883087f4e28224e1618ded9247617cd41e85605747a4d2cf0717d2352de37d

                                                                                                                              SHA512

                                                                                                                              82951245a02e5f922d1ba05f8c0c10154d7c7b35107b85a0149dd8fe13ef46ba72af227cb83b8b8e17dfc4139d65a16c6de60ba800d0ccdaccb0873f21335e04

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              63.0MB

                                                                                                                              MD5

                                                                                                                              3afc31a623dad58afbdf55ec668c39de

                                                                                                                              SHA1

                                                                                                                              7bcb407a03ea1453d866bc783799bf11270a0f1e

                                                                                                                              SHA256

                                                                                                                              3c00573baf6f0c9d506d24871405f78547c5adb42201c2bd76d084e9dde8d787

                                                                                                                              SHA512

                                                                                                                              5db1fbf92e78c2f2a60283888fb67d1f4350dabcc9d28da9b3e0878240f1eeed29c575745fcff86c4c0a180e37a5a2ed9d78534cc640187f57b8e4eda9f390bf

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              66.8MB

                                                                                                                              MD5

                                                                                                                              b2ee2c108f44da9d0a457ba8db40b713

                                                                                                                              SHA1

                                                                                                                              20ed4f6d5dbc8d18c03623964494078404f93594

                                                                                                                              SHA256

                                                                                                                              c780aed563f048f2b9fdc5c481adde47c7c8137776db99b21da15d29a18e7504

                                                                                                                              SHA512

                                                                                                                              a37826286f1fd4ea7a9dc1325dbf78824a4a9a3281d413ea31b27dd43d37f773e918fdcc3ca3a22f44451e5aa7025c57e98ee8747848c9f48b7493be599a946b

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              67.2MB

                                                                                                                              MD5

                                                                                                                              fa92fa98d23b2de84567e2c83e2e371c

                                                                                                                              SHA1

                                                                                                                              7a5da2f3dfa736d9c214226f40ef84c54a07a6dd

                                                                                                                              SHA256

                                                                                                                              3d4a9131f9dbf09bd9c5be16e4331beebc4d62de15075cd5be6203a7c554a22e

                                                                                                                              SHA512

                                                                                                                              533a72ff4d277a7763ba12ae491f2ca623eb7df983f7e7cbc47fccfb011406661d960005e4aab5ca9665e59a22f35a3456ab7a0dfdcf4bc41cc704641ae173ab

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              66.6MB

                                                                                                                              MD5

                                                                                                                              6106ef03f6fbe95f572088142ca82ba7

                                                                                                                              SHA1

                                                                                                                              ae85d61c799d2fbfaea39ff3069bd4aa517717f8

                                                                                                                              SHA256

                                                                                                                              a539c43fafb3ed938d5573b48084486d3189177aa3046c04fa2a6ff7d3841d36

                                                                                                                              SHA512

                                                                                                                              f582e9c709f731f6d80cebbbb5fc7ec57787901e10766f0a32bd9c07832e23f3e0990d876518e72ea8269329fd80dd14167932356b17425cc32e62b333e7276d

                                                                                                                            • /Users/run/Downloads/Discord.dmg

                                                                                                                              Filesize

                                                                                                                              65.1MB

                                                                                                                              MD5

                                                                                                                              1c38edb15cbd5879d9dc8340f10fd94f

                                                                                                                              SHA1

                                                                                                                              2b2006775ec90ec010ff745a73fbc836f4069e68

                                                                                                                              SHA256

                                                                                                                              5d09ade845d18a9d20a5ac4e76c906e6e20ca66b09b56eb497d0ea41690a9595

                                                                                                                              SHA512

                                                                                                                              87dcb134135754fa80884fe5b85cf7372d02ec3d9d9207e2fc6565afd6ed91a4bb1f094bee9e8410d9e68d530fe6a77cbc332d0f5e547bc8552b81be600344ef

                                                                                                                            • /Users/run/Library/Safari/Favicon Cache/favicons/7250E77461E8099EE3464FBD514BD5E4

                                                                                                                              Filesize

                                                                                                                              5KB

                                                                                                                              MD5

                                                                                                                              cbd5ac2866821ada4d848c152fca243e

                                                                                                                              SHA1

                                                                                                                              fb04c3d031f887aa3cbee23b3166b26accc11595

                                                                                                                              SHA256

                                                                                                                              f29cd989ccf2095f5e5e0ebcbb07dfaa6d7c69fc04d99e08323e0d946909e4da

                                                                                                                              SHA512

                                                                                                                              ea6840696e3f0ce8933e2670cd6e0e97419c65578443f89c11beddfcf63d7645760ed9574b0e5dc18f927a3fd458434a9e2075cc2beeffabca3c128db0226bc5

                                                                                                                            • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

                                                                                                                              Filesize

                                                                                                                              219KB

                                                                                                                              MD5

                                                                                                                              1d7f30f12b335145d755062dd6f54107

                                                                                                                              SHA1

                                                                                                                              af60a890d7fc4d8a762a0de0f835d16fe13a30bc

                                                                                                                              SHA256

                                                                                                                              889e6fedca20437f64f4a58d1f170fce6e1194dc675e147ac5d557e21eb4f003

                                                                                                                              SHA512

                                                                                                                              31fed0468110f1794a7eb4233b61a9f2d6ca52e93795c7b071dca21be78029ef66b2b88b94a7f49d58eb2fb2dcfedcb2c7bf34dbeca16ea225768bb5fb966417

                                                                                                                            • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

                                                                                                                              Filesize

                                                                                                                              21.9MB

                                                                                                                              MD5

                                                                                                                              4ab876b12477e942dcd5956164f70903

                                                                                                                              SHA1

                                                                                                                              e60556a5616c3ac82948dd82403b878f603b1835

                                                                                                                              SHA256

                                                                                                                              35903d41a6d8318f677a3918f9ddd9443c5c23f2cd37d2e252b8ab63778daaff

                                                                                                                              SHA512

                                                                                                                              58e446f81fc013d7bb9ebfa5fe0756ced1a1bac3cee5b6d0bdd8352a2b088b0b293def3095d48dce3b86dd10b2d085eb4137a25c23ada71e9c42004c3f08f7e0

                                                                                                                            • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

                                                                                                                              Filesize

                                                                                                                              125KB

                                                                                                                              MD5

                                                                                                                              c0c27947c634e507d157f880f8560128

                                                                                                                              SHA1

                                                                                                                              d9bb4f8d8f44c3995c1f3efa85075e5a3467ac6e

                                                                                                                              SHA256

                                                                                                                              4528994db3ccd3d6c2e69853f16216aa3a2c079941ff9ef28eb113cf00497c33

                                                                                                                              SHA512

                                                                                                                              2a7979b9327a22de04fb01fc09042a4c1efe2237d9748b889bae9020bfd582f32d2c2be80d2715ff84fc26bd432b4684459d12734845c0bfc8e91da8ad7ee7d4

                                                                                                                            • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

                                                                                                                              Filesize

                                                                                                                              47KB

                                                                                                                              MD5

                                                                                                                              0e4a0d1ceb2af6f0f8d0167ce77be2d3

                                                                                                                              SHA1

                                                                                                                              414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

                                                                                                                              SHA256

                                                                                                                              cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

                                                                                                                              SHA512

                                                                                                                              1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

                                                                                                                            • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              d3a1859e6ec593505cc882e6def48fc8

                                                                                                                              SHA1

                                                                                                                              f8e6728e3e9de477a75706faa95cead9ce13cb32

                                                                                                                              SHA256

                                                                                                                              3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

                                                                                                                              SHA512

                                                                                                                              ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

                                                                                                                            • /var/log/fsck_hfs.log

                                                                                                                              Filesize

                                                                                                                              15KB

                                                                                                                              MD5

                                                                                                                              7823f387ac3aea886537bb1d22785aed

                                                                                                                              SHA1

                                                                                                                              ef00cc216c45973a86c877a650913ec0cae43d43

                                                                                                                              SHA256

                                                                                                                              6502a8ed5c8d59f196277b7dfb3eaa11f1690f3be9a616ed8d7782d54ccd7e99

                                                                                                                              SHA512

                                                                                                                              a17defaa5b88d19d39568f0f09d6f63fafaa6ade003358fb857a6d6489b6f72a3482ea65af19624f8759a14ed44de518c20463b538490a88e76500d43c71a513