Resubmissions

18-06-2024 20:36

240618-zdscpszgpk 3

18-06-2024 20:30

240618-zaebnswcpe 4

Analysis

  • max time kernel
    308s
  • max time network
    311s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240611-en
  • resource tags

    arch:amd64arch:i386image:macos-20240611-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    18-06-2024 20:30

General

  • Target

    Product information_tesafilm® 57315_de-DE.pdf

  • Size

    42KB

  • MD5

    2b9854f1c3adba336037be4cc16e8d0d

  • SHA1

    4723e90a21f1d253a30a06de73def2cc31a30fa5

  • SHA256

    fe3c2e5c8d18becaa0e8e9b14b31faaeabe1cf2ee7bcc8c4e47e8c6d3a8f0f1a

  • SHA512

    11985a56080b2201892f4377aee644f0193b05d8afffab610fe40df6b8e8738f2c928fa2bb5b3753239539962f97b260f190684e073bbab6f6a2331166e11571

  • SSDEEP

    768:nPK2FXn+tr3pUpbXOsAUwi04XsWtDWL8EuILKfRY6ds8mtUb4:y2lnGlGfXrVWL8EdLcY6Gub4

Score
4/10

Malware Config

Signatures

  • Resource Forking 1 TTPs 23 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Product information_tesafilm® 57315_de-DE.pdf\""
    1⤵
      PID:557
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Product information_tesafilm® 57315_de-DE.pdf\""
      1⤵
        PID:557
      • /usr/bin/sudo
        sudo /bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"
        1⤵
          PID:557
          • /bin/zsh
            /bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"
            2⤵
              PID:559
            • /Users/run/Product
              /Users/run/Product "information_tesafilm®" 57315_de-DE.pdf
              2⤵
                PID:559
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.pluginkit.pkd
              1⤵
                PID:558
              • /usr/libexec/pkd
                /usr/libexec/pkd
                1⤵
                  PID:558
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.sysmond
                  1⤵
                    PID:564
                  • /usr/libexec/sysmond
                    /usr/libexec/sysmond
                    1⤵
                      PID:564
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.security.cloudkeychainproxy3
                      1⤵
                        PID:565
                      • /usr/libexec/xpcproxy
                        xpcproxy com.apple.audio.systemsoundserverd
                        1⤵
                          PID:566
                        • /usr/sbin/systemsoundserverd
                          /usr/sbin/systemsoundserverd
                          1⤵
                            PID:566
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.pbs
                            1⤵
                              PID:567
                            • /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
                              /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
                              1⤵
                                PID:565
                              • /System/Library/CoreServices/pbs
                                /System/Library/CoreServices/pbs
                                1⤵
                                  PID:567
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.audio.AudioComponentRegistrar
                                  1⤵
                                    PID:569
                                  • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                    /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                    1⤵
                                      PID:569
                                    • /usr/bin/pluginkit
                                      /usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
                                      1⤵
                                        PID:589
                                      • /usr/sbin/spctl
                                        /usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater66017B75/OneDrive.app
                                        1⤵
                                          PID:590
                                        • /usr/libexec/xpcproxy
                                          xpcproxy com.apple.TextInputMenuAgent
                                          1⤵
                                            PID:592
                                          • /System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
                                            /System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
                                            1⤵
                                              PID:592
                                            • /usr/libexec/xpcproxy
                                              xpcproxy com.apple.TextInputSwitcher
                                              1⤵
                                                PID:593
                                              • /System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
                                                /System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
                                                1⤵
                                                  PID:593
                                                • /usr/libexec/xpcproxy
                                                  xpcproxy com.apple.systemprofiler
                                                  1⤵
                                                    PID:594
                                                  • /System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
                                                    "/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
                                                    1⤵
                                                      PID:594
                                                    • /usr/libexec/xpcproxy
                                                      xpcproxy com.apple.replayd
                                                      1⤵
                                                        PID:599
                                                      • /usr/libexec/replayd
                                                        /usr/libexec/replayd
                                                        1⤵
                                                          PID:599
                                                        • /usr/libexec/xpcproxy
                                                          xpcproxy com.apple.storedownloadd
                                                          1⤵
                                                            PID:600
                                                          • /usr/libexec/xpcproxy
                                                            xpcproxy com.apple.ReportMemoryException
                                                            1⤵
                                                              PID:602
                                                            • /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
                                                              /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
                                                              1⤵
                                                                PID:600
                                                              • /usr/libexec/xpcproxy
                                                                xpcproxy com.apple.installd
                                                                1⤵
                                                                  PID:606
                                                                • /usr/libexec/ReportMemoryException
                                                                  /usr/libexec/ReportMemoryException
                                                                  1⤵
                                                                    PID:602
                                                                  • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
                                                                    /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
                                                                    1⤵
                                                                      PID:606
                                                                    • /usr/libexec/xpcproxy
                                                                      xpcproxy com.apple.system_installd
                                                                      1⤵
                                                                        PID:607
                                                                      • /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
                                                                        /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
                                                                        1⤵
                                                                          PID:607
                                                                        • /usr/libexec/xpcproxy
                                                                          xpcproxy com.apple.Safari.CacheDeleteExtension 597
                                                                          1⤵
                                                                            PID:609
                                                                          • /Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
                                                                            /Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
                                                                            1⤵
                                                                              PID:609
                                                                            • /usr/libexec/xpcproxy
                                                                              xpcproxy com.apple.geod
                                                                              1⤵
                                                                                PID:618
                                                                              • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                1⤵
                                                                                  PID:618
                                                                                • /usr/libexec/xpcproxy
                                                                                  xpcproxy com.apple.geod
                                                                                  1⤵
                                                                                    PID:619
                                                                                  • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                    /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                                                                                    1⤵
                                                                                      PID:619
                                                                                    • /usr/libexec/xpcproxy
                                                                                      xpcproxy com.apple.secinitd
                                                                                      1⤵
                                                                                        PID:620
                                                                                      • /usr/libexec/secinitd
                                                                                        /usr/libexec/secinitd
                                                                                        1⤵
                                                                                          PID:620
                                                                                        • /usr/libexec/xpcproxy
                                                                                          xpcproxy com.apple.AddressBook.ContactsAccountsService
                                                                                          1⤵
                                                                                            PID:622
                                                                                          • /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                                                                                            /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                                                                                            1⤵
                                                                                              PID:622
                                                                                            • /usr/libexec/xpcproxy
                                                                                              xpcproxy com.apple.routined
                                                                                              1⤵
                                                                                                PID:623
                                                                                              • /usr/libexec/routined
                                                                                                /usr/libexec/routined LAUNCHED_BY_LAUNCHD
                                                                                                1⤵
                                                                                                  PID:623
                                                                                                • /usr/libexec/xpcproxy
                                                                                                  xpcproxy com.apple.Maps.mapspushd
                                                                                                  1⤵
                                                                                                    PID:624
                                                                                                  • /System/Library/CoreServices/mapspushd
                                                                                                    /System/Library/CoreServices/mapspushd
                                                                                                    1⤵
                                                                                                      PID:624
                                                                                                    • /usr/libexec/xpcproxy
                                                                                                      xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
                                                                                                      1⤵
                                                                                                        PID:625
                                                                                                      • /usr/libexec/neagent
                                                                                                        /usr/libexec/neagent
                                                                                                        1⤵
                                                                                                          PID:625
                                                                                                        • /usr/libexec/xpcproxy
                                                                                                          xpcproxy com.apple.systempreferences.2140
                                                                                                          1⤵
                                                                                                            PID:627
                                                                                                          • /System/Applications/System Preferences.app/Contents/MacOS/System Preferences
                                                                                                            "/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
                                                                                                            1⤵
                                                                                                              PID:627
                                                                                                            • /usr/libexec/xpcproxy
                                                                                                              xpcproxy com.apple.metadata.mdwrite
                                                                                                              1⤵
                                                                                                                PID:629
                                                                                                              • /usr/libexec/xpcproxy
                                                                                                                xpcproxy com.apple.siri.context.service
                                                                                                                1⤵
                                                                                                                  PID:630
                                                                                                                • /System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
                                                                                                                  /System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
                                                                                                                  1⤵
                                                                                                                    PID:630
                                                                                                                  • /usr/libexec/xpcproxy
                                                                                                                    xpcproxy com.apple.AccountProfileRemoteViewService 627
                                                                                                                    1⤵
                                                                                                                      PID:631
                                                                                                                    • /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
                                                                                                                      /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
                                                                                                                      1⤵
                                                                                                                        PID:631
                                                                                                                      • /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
                                                                                                                        /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
                                                                                                                        1⤵
                                                                                                                          PID:633
                                                                                                                        • /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
                                                                                                                          /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
                                                                                                                          1⤵
                                                                                                                            PID:634
                                                                                                                          • /usr/libexec/xpcproxy
                                                                                                                            xpcproxy com.apple.studentd
                                                                                                                            1⤵
                                                                                                                              PID:636
                                                                                                                            • /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
                                                                                                                              /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
                                                                                                                              1⤵
                                                                                                                                PID:637
                                                                                                                              • /usr/libexec/studentd
                                                                                                                                /usr/libexec/studentd
                                                                                                                                1⤵
                                                                                                                                  PID:636
                                                                                                                                • /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
                                                                                                                                  /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
                                                                                                                                  1⤵
                                                                                                                                    PID:638
                                                                                                                                  • /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
                                                                                                                                    /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
                                                                                                                                    1⤵
                                                                                                                                      PID:639
                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                      xpcproxy com.apple.CoreAuthentication.agent
                                                                                                                                      1⤵
                                                                                                                                        PID:640
                                                                                                                                      • /usr/libexec/xpcproxy
                                                                                                                                        xpcproxy com.apple.nfcd
                                                                                                                                        1⤵
                                                                                                                                          PID:641
                                                                                                                                        • /usr/libexec/nfcd
                                                                                                                                          /usr/libexec/nfcd
                                                                                                                                          1⤵
                                                                                                                                            PID:641
                                                                                                                                          • /System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
                                                                                                                                            /System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
                                                                                                                                            1⤵
                                                                                                                                              PID:640
                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                              xpcproxy com.apple.preferences.softwareupdate.remoteservice 627
                                                                                                                                              1⤵
                                                                                                                                                PID:642
                                                                                                                                              • /System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
                                                                                                                                                /System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
                                                                                                                                                1⤵
                                                                                                                                                  PID:642
                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                  xpcproxy com.apple.softwareupdated
                                                                                                                                                  1⤵
                                                                                                                                                    PID:643
                                                                                                                                                  • /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
                                                                                                                                                    "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:643
                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                      xpcproxy com.apple.suhelperd
                                                                                                                                                      1⤵
                                                                                                                                                        PID:644
                                                                                                                                                      • /System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd
                                                                                                                                                        "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"
                                                                                                                                                        1⤵
                                                                                                                                                          PID:644
                                                                                                                                                        • /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
                                                                                                                                                          /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z
                                                                                                                                                          1⤵
                                                                                                                                                            PID:649
                                                                                                                                                          • /usr/libexec/xpcproxy
                                                                                                                                                            xpcproxy com.apple.SoftwareUpdateNotificationManager
                                                                                                                                                            1⤵
                                                                                                                                                              PID:652
                                                                                                                                                            • /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
                                                                                                                                                              /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
                                                                                                                                                              1⤵
                                                                                                                                                                PID:652
                                                                                                                                                              • /usr/libexec/xpcproxy
                                                                                                                                                                xpcproxy com.apple.rtcreportingd
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:654
                                                                                                                                                                • /usr/libexec/rtcreportingd
                                                                                                                                                                  /usr/libexec/rtcreportingd
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:654
                                                                                                                                                                  • /usr/libexec/xpcproxy
                                                                                                                                                                    xpcproxy com.apple.ReportCrash
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:655
                                                                                                                                                                    • /System/Library/CoreServices/ReportCrash
                                                                                                                                                                      /System/Library/CoreServices/ReportCrash agent
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:655
                                                                                                                                                                      • /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
                                                                                                                                                                        /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:657
                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                          xpcproxy com.apple.Safari.2028
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:663
                                                                                                                                                                          • /Applications/Safari.app/Contents/MacOS/Safari
                                                                                                                                                                            /Applications/Safari.app/Contents/MacOS/Safari
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:663
                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                              xpcproxy com.apple.Safari.History
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:664
                                                                                                                                                                              • /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
                                                                                                                                                                                /System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:664
                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                  xpcproxy com.apple.WebKit.WebContent.DA2E99D9-2F6A-466F-9856-64FB125BDDEE 663
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:665
                                                                                                                                                                                  • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                                                                                                                                    /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:665
                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                      xpcproxy com.apple.SafariLaunchAgent
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:668
                                                                                                                                                                                      • /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
                                                                                                                                                                                        /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:668
                                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                                          xpcproxy com.apple.akd
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:669
                                                                                                                                                                                          • /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
                                                                                                                                                                                            /System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:669
                                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                                              xpcproxy com.apple.WebKit.WebContent.04BE9D84-D45A-4E9A-8114-B9E97ADC15DE 663
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:670
                                                                                                                                                                                              • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                                                                                                                                                /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:670
                                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                                  xpcproxy com.apple.Safari.SafeBrowsing.Service
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:671
                                                                                                                                                                                                  • /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
                                                                                                                                                                                                    /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:671
                                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                                      xpcproxy com.apple.mediaremoted
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:672
                                                                                                                                                                                                      • /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
                                                                                                                                                                                                        /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:672
                                                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                                                          xpcproxy com.apple.WebKit.WebContent.64281237-A8E3-4704-A3EB-8B00EA0F3ED3 663
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:673
                                                                                                                                                                                                          • /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                                                                                                                                                            /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:673
                                                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                                                              xpcproxy com.apple.assistantd
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:675
                                                                                                                                                                                                              • /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
                                                                                                                                                                                                                /System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:675
                                                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                                                  xpcproxy com.apple.accessibility.mediaaccessibilityd
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:678
                                                                                                                                                                                                                  • /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
                                                                                                                                                                                                                    /System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:678
                                                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                                                      xpcproxy com.apple.coremedia.videodecoder 670
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:679
                                                                                                                                                                                                                      • /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
                                                                                                                                                                                                                        /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:679
                                                                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                                                                          xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                            PID:681
                                                                                                                                                                                                                          • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                                                                                                                                                                                                            /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                              PID:681
                                                                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                                                                              xpcproxy com.apple.quicklook.satellite.AF32497B-4799-421C-A27F-8EB4E23E2FBC 604
                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                PID:682
                                                                                                                                                                                                                              • /System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
                                                                                                                                                                                                                                /System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                  PID:682
                                                                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                  xpcproxy com.apple.DesktopServicesHelper.233DE54A-C02C-4BF9-8843-E1C12F7628AF
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:685
                                                                                                                                                                                                                                  • /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                    /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:685
                                                                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                      xpcproxy com.apple.quicklook.ui.helper
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:687
                                                                                                                                                                                                                                      • /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                                                                                                                                                                                                                                        /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:687
                                                                                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                          xpcproxy "com.apple.xpc.launchd.oneshot.0x10000001.Archive Utility"
                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                            PID:688
                                                                                                                                                                                                                                          • /System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility
                                                                                                                                                                                                                                            "/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility" -psn_0_233529
                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                              PID:688
                                                                                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                              xpcproxy com.apple.XprotectFramework.AnalysisService 596
                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                PID:689
                                                                                                                                                                                                                                              • /System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
                                                                                                                                                                                                                                                /System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                  PID:689
                                                                                                                                                                                                                                                • /usr/bin/macbinary
                                                                                                                                                                                                                                                  /usr/bin/macbinary probe --verbose /Users/run/Desktop/payload.zip
                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                    PID:690
                                                                                                                                                                                                                                                  • /usr/bin/file
                                                                                                                                                                                                                                                    /usr/bin/file -b /Users/run/Desktop/payload.zip
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:691
                                                                                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                      xpcproxy com.apple.archiveutility.auhelperservice 688
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:692
                                                                                                                                                                                                                                                      • /System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService
                                                                                                                                                                                                                                                        "/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                          PID:692
                                                                                                                                                                                                                                                        • /System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService
                                                                                                                                                                                                                                                          /System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService
                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                            PID:693
                                                                                                                                                                                                                                                          • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                            xpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 688
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:694
                                                                                                                                                                                                                                                            • /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner
                                                                                                                                                                                                                                                              /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner
                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                PID:694
                                                                                                                                                                                                                                                              • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                xpcproxy com.apple.DesktopServicesHelper.B1A0E531-4B91-4804-AF93-96D7472736C5
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:695
                                                                                                                                                                                                                                                                • /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                  /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:695
                                                                                                                                                                                                                                                                  • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                    xpcproxy com.apple.DesktopServicesHelper.4C3D6614-91CE-4E12-89BA-605AF628BD36
                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                      PID:696
                                                                                                                                                                                                                                                                    • /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                      /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                        PID:696
                                                                                                                                                                                                                                                                      • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                        xpcproxy com.apple.DesktopServicesHelper.3FFA618A-42D2-4956-AB5C-B5D2ACC31778
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                          PID:697
                                                                                                                                                                                                                                                                        • /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                          /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                            PID:697
                                                                                                                                                                                                                                                                          • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                            xpcproxy com.apple.DesktopServicesHelper.3C38E088-8AF2-4D1D-9594-AD70CB2CFA40
                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                              PID:698
                                                                                                                                                                                                                                                                            • /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                              /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                PID:698
                                                                                                                                                                                                                                                                              • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                xpcproxy com.apple.systempreferences.2140
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:705
                                                                                                                                                                                                                                                                                • /System/Applications/System Preferences.app/Contents/MacOS/System Preferences
                                                                                                                                                                                                                                                                                  "/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:705
                                                                                                                                                                                                                                                                                  • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                    xpcproxy com.apple.AccountProfileRemoteViewService 705
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:706
                                                                                                                                                                                                                                                                                    • /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
                                                                                                                                                                                                                                                                                      /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                        PID:706
                                                                                                                                                                                                                                                                                      • /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
                                                                                                                                                                                                                                                                                        /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                          PID:707
                                                                                                                                                                                                                                                                                        • /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
                                                                                                                                                                                                                                                                                          /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                            PID:708
                                                                                                                                                                                                                                                                                          • /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
                                                                                                                                                                                                                                                                                            /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                              PID:709
                                                                                                                                                                                                                                                                                            • /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
                                                                                                                                                                                                                                                                                              /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                PID:710
                                                                                                                                                                                                                                                                                              • /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
                                                                                                                                                                                                                                                                                                /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                  PID:711
                                                                                                                                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                  xpcproxy com.apple.PerformanceAnalysis.animationperfd
                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                    PID:713
                                                                                                                                                                                                                                                                                                  • /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
                                                                                                                                                                                                                                                                                                    /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                      PID:713
                                                                                                                                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                      xpcproxy com.apple.preferences.sharing.remoteservice 705
                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                        PID:714
                                                                                                                                                                                                                                                                                                      • /System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.apple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences.sharing.remoteservice
                                                                                                                                                                                                                                                                                                        /System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.apple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences.sharing.remoteservice
                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                          PID:714
                                                                                                                                                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                          xpcproxy com.apple.systemadministration.writeconfig
                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                            PID:715
                                                                                                                                                                                                                                                                                                          • /System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig
                                                                                                                                                                                                                                                                                                            /System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig
                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                              PID:715
                                                                                                                                                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                              xpcproxy com.apple.AssetCacheManagerService
                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                PID:716
                                                                                                                                                                                                                                                                                                              • /System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService
                                                                                                                                                                                                                                                                                                                /System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService
                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                  PID:716
                                                                                                                                                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                                  xpcproxy com.apple.preferences.sharing.SharingPrefsExtension 714
                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                    PID:717
                                                                                                                                                                                                                                                                                                                  • /System/Library/PrivateFrameworks/AMPSharing.framework/Versions/A/PlugIns/SharingPrefsExtension.appex/Contents/MacOS/SharingPrefsExtension
                                                                                                                                                                                                                                                                                                                    /System/Library/PrivateFrameworks/AMPSharing.framework/Versions/A/PlugIns/SharingPrefsExtension.appex/Contents/MacOS/SharingPrefsExtension
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                      PID:717
                                                                                                                                                                                                                                                                                                                    • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                                      xpcproxy com.apple.preferences.sharing.SharingBluetoothService 714
                                                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                                                        PID:718
                                                                                                                                                                                                                                                                                                                      • /System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/SharingBluetoothService.appex/Contents/MacOS/SharingBluetoothService
                                                                                                                                                                                                                                                                                                                        /System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/SharingBluetoothService.appex/Contents/MacOS/SharingBluetoothService
                                                                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                                                                          PID:718
                                                                                                                                                                                                                                                                                                                        • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                                          xpcproxy com.apple.spindump
                                                                                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                                                                                            PID:719
                                                                                                                                                                                                                                                                                                                          • /usr/sbin/spindump
                                                                                                                                                                                                                                                                                                                            /usr/sbin/spindump
                                                                                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                                                                                              PID:719
                                                                                                                                                                                                                                                                                                                            • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                                              xpcproxy com.apple.tailspind
                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                PID:722
                                                                                                                                                                                                                                                                                                                              • /usr/libexec/tailspind
                                                                                                                                                                                                                                                                                                                                /usr/libexec/tailspind
                                                                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                                                                  PID:722
                                                                                                                                                                                                                                                                                                                                • /usr/libexec/xpcproxy
                                                                                                                                                                                                                                                                                                                                  xpcproxy com.apple.spindump_agent
                                                                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                                                                    PID:723
                                                                                                                                                                                                                                                                                                                                  • /usr/libexec/spindump_agent
                                                                                                                                                                                                                                                                                                                                    /usr/libexec/spindump_agent
                                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                                      PID:723

                                                                                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                                                                    • /Library/Printers/InstalledPrinters.plist

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                                                                                                                    • /Library/Printers/InstalledPrinters.plist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      495B

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      3439dcb6d4ce19d3ea022b8bb17cba7a

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      e412c16548b6fcc5fd488315cd70b324ca4d782e

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

                                                                                                                                                                                                                                                                                                                                    • /Users/run/Desktop/payload/settings.json

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      478B

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      b35182a5d0722d6f81654bbf9755bb77

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      05203798855cfdf6f32161189ee340efe27386fb

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      f9169b9b0d3706f8622513a6be8a722cdcef97826f1e71476439cb387792416c

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      584f5d1afd86c2492a344447039c34b2239903af5b27590371226a13bc8668afa106af8bbefcfd75ed61a247ab251c93c51ce8192347b6d5ac53bf2b44bf89f9

                                                                                                                                                                                                                                                                                                                                    • /Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      124KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      6c515e6608e16cc97bf768d132939a62

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      5de9eeb0718a9a0ab3aedc6a24ef1c95ec681bea

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      1cc436e06df3ee5b3640aa05ad791efb03a0c50d5f2b3479a5e380a24e859d2a

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      3815e51172bef1474801855ba0423af9c1d62688edad9776917c4ba4fe4492a868324206881cf5432b905dea278f1f16dd34e805abd580b8efe37a35cf219ca9

                                                                                                                                                                                                                                                                                                                                    • /Users/run/Library/Caches/com.apple.systempreferences.imageCache

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      288KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      ce9032fc27dc24f38c40c4116b2aec09

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      617bf0e6e5838af3740393cedbf38307b7248371

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      7bff5dd79349e4e42419a9f1720119cc19767df0ec1bedd6fada6a28a8be3749

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      a1883e330fd3483da59388e16da1f392af2174170700093f213a1b218f3d04ae9b1d3f6d3bc9ebeb69324440de414f7a92b92739e98e5880f3b7b078b9676af1

                                                                                                                                                                                                                                                                                                                                    • /Users/run/Library/Safari/Favicon Cache/favicons/98FF4077638C1BA5BBBD6CA020AD796A

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      21KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      38cfdb248210ffd12a6e774119609de8

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      d10a44e5d06c8a95e4c61ae770cc8f0c8d372253

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      5493c61cf725cf3a1d63cd9d07de75b0d6faa5564e772f7d0a6074f341442938

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      7d0ae6125e5c10d52847ac10e5200f2aaa84932ea5d10af54440c0abc27af19285cb760f0e8dad0bac4371e4b384ffaddcf235f9f1ba29e6dc41ef29deac4fba

                                                                                                                                                                                                                                                                                                                                    • /Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      660f24d2556cea09d277fe75fceea086

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      834d7f6a4d044d2000a4276435e47f626679a04a

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      33cfc68d173d8a73bbefd7fc035f747f0dd90d669721ac6fb7cf822fe19088f0

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      379a768bdeee988b34a817d114df99d06dfe993cdaab913c9d675489f0196ad05e044e2bc02d48b8db615cc19474f2f1f99433359a3fc5863e771337a15cf2e3

                                                                                                                                                                                                                                                                                                                                    • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      218KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      355d837549cee18c4a84a77a70a2756b

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      33c5de31fda7ac065b17b89a6fc9e644a03c078c

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      d2547621952f15189bd0b01868fdfa09350acce54562ee432c458f664a102d44

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      d4afd49ba36e5759516ac96feb0b4919a1f0bfac4c5b2c2d5f51cd35c0a17ff5a8d8a3dc117611e513be8541ef694566b540671b7b9736a8385a157e5ba5ce11

                                                                                                                                                                                                                                                                                                                                    • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      21.9MB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      0bcc4233ff947f08d3d87d0a1632992f

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      dbe83745fbf6dfb824d65a810111dafce5856ffe

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      cb77635c5059038c7db8ad61a8b7c5acf5a6e752ead26e8cc9e2e83207b105b5

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      eeb41e036563bd1f36d58849e9f2c3c313d1e84c61d505d5ce50ce81fb21100f66f6035a214900eb7cb363533a06485c2a1bc799faf7d7eb1624b750fb3467eb

                                                                                                                                                                                                                                                                                                                                    • /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      125KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      43e320fb688db6b017a0c447a99f2e3c

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      449e3aba77122668547c8b557fd473b4ea1ef72f

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      5cfc622fbee9ba615c9a2a4a4c0733b1950cce10ddd18b0b7fa8b4ec60eb453e

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      82b69433eed63ffd12506961eeef3bc9d4b7f65b3639393f2d6ef14a67165b19e9c0b41ec68c55e683251592bb5239127616da5408aba76d6757007435633531

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/e/052-25574/052-25574.English.dist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      968ab128ea706e0998a0f477b93b35d5

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      5290f79457ceaca10f86b870175e5096de273281

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      275cccf0e27e7b1a61f26a627c778bc3a8078d953b3896f39f3fb734957361a8

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      0298a3ff7a8b2c9919b10b2452b9550a9138730241f75fbab35fe2db3d778a1293aff4940148101f45a81532979f6c8d0f119924fc1f4dd8dce976909bdd0964

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/f/062-14334/062-14334.English.dist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      a7b653470ef625dad0c284de32caf4ce

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      0dc4203bb17860eb9b65e8b2cbe58d5e2b029e2a

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      67b630ec1b4682b514a42255ee4e21a1d5099fb7ea3ce93603cb7b550f8fced0

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      3568f9d7e5c2623d77351210bbf1b5b0339a5aa2f623aed005d8eeb05210338d65625f07a724b6682d2761f41140aa3bbf8f532d542257f602633f675097d6a0

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/g/012-04872/012-04872.English.dist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      84af1f7a03435cfef5fbcffb7a3c58c4

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      966643bdee53124295304e3fc6ad4e09a988222a

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      4286594444bfc059d0fc98d4048ba91b4aba3c5072dcda73c8851e650b836166

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      0ced3739663a028a1a3dd6155e64650454a0967573fc42c64862fab7355c4e682477a7a3fd56ce2a151a33baa8dd8fa3749e7ff543c1d49c10e3198267fafbcf

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/x/062-16716/062-16716.English.dist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      178f5ebbf05b005bdd36e0cddd2f4440

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      dbccafe49f3bbf0e19c490ffdd43a349306617a8

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      549acf5e9d84473c115122702794b29e794e99b00eee289c4426379d0c5afbdb

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      dd55dec93677c3247cb16f0f22a1ffedd33a762b54e338573b29b4c19eddfe49f2ca5233c116b57a16be3082c3d1f54df736000fc76284cd215f1df4ccb362b4

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate/swcdn.apple.com/content/downloads/47/55/002-90015-A_VSZB7DY8DG/a3aeutlgmbhbfj02uok0g73k9h4i9uz50h/InstallAssistant.pkg.partialState

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      436B

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      bee738fe24d4bf464db35f2ae59ed5e4

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      dbc21cd86bf8d454e2c9f57608dec00f80c97da1

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      26864b81a5a8f59b44b81242e3076fafd457f550706a0849dd2486cad5c19283

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      d4126beb637859f7d74e79c5a17cb05c2c0de5859b83a216ae931b67ed96892d85b6359fb29758e4fd7c7ee29db20673805c583d8f5ff748bbe0795ffebcdd37

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/MajorOSInfo.pkg

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      1.3MB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      d9612033a0bb5c1947be8c6d961e8dff

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      89c0cdaa99797d57448dde971d42f77243881ff8

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      e28ab534af7c6c3e135800e7f83d8c979227d8553b767a998574bf8c63a7d31c

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      dae630a872b120f404abed9f8274393591ef6e30caed5579041b6878c5b2cbb24800be26666291e8c094fd4639c030155bd753f6a7bd4e84c4658b4f84cf5f37

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      861B

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      333836a7eb95f49b44940b2080fb9fc2

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      3a3ae4545749d078fb34d7c01afedb11798ca663

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      1.4MB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      6691db1a52f872d5e2558838b1300191

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      1aae9d9580239f60271c9221dd07e45fe672ef76

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      0dcf31da652109b8f6c02f07085dd415256b8f75fe284dfc4cf1f59df16e05f7

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      39a515bcfb179000d824b504874ed5c23bd4fde10c87b6792ddf33990f35e53253e0864b7be76804acfdca4c3549a0e424b4db2086c74594a47436b39c10dcd5

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      148B

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      8b4ece7adf04487c3c0892458e42d9de

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      5f54a72c67c2d88ff32b57ff5b24a919e872286c

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      9ad2d94b5e92326943ebb00f86af4943

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      87b2c89c0b2616ceeb9979497b683178b9e0703d

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      0b3da297d821b43ef6ffe40b4627ce4294b7e3c9d52064495b6d3cf354bc5cea

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      c1ac631f03c49834e5374030bb6ce164000e5afc90f2789b8a6afc86ac4906453d9b2eb7167756e4d2e568cca9aa966afbc1a28e0b013079407c420bb54491f0

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      425B

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      9ac377316f06c6a6fd99ee3e07593b87

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      1dbea8980aff3e7d370a7d5599897d8ae0809da2

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      0694f19b95b76c8cf749a539321a09c173543f9d5a0b12140ebe8e84c53248b7

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      b9284cb2dfc836ccb6f5c5b4badbf2ca454c3da16a30030ea0b671213e7f31387046b834f9c14b6122bce94b78611e620cdea24107625ab7a3aa2e8bcd398432

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      47KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      0e4a0d1ceb2af6f0f8d0167ce77be2d3

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

                                                                                                                                                                                                                                                                                                                                    • /var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      d3a1859e6ec593505cc882e6def48fc8

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      f8e6728e3e9de477a75706faa95cead9ce13cb32

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

                                                                                                                                                                                                                                                                                                                                    • /var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-18-20-31-46.event

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      497da707fedea8441e87850568537ce2

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      9ca3e46b64f68a1e1e538e723c06574b6e91a1a0

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      702dc0e9c7768a36a924bd00886d81d49ed993108d5cc554069ebe599e70df41

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      4a2df162994d4694326de8a84a11ad4867ddaf23aac98fcc0c6f447f2a1a864fcf225f9ca678dbcc10b96e11170349b85c369119aad58498361a760163793339

                                                                                                                                                                                                                                                                                                                                    • /var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-18-20-31-46.event

                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                      08f2f5910f1ecebc80c74258e1ff295c

                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                      44d460a6de4aedca1c4742f31c2d590eb6487545

                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                      21f34a1b54ddbea266e1a210e1523f8063282258e625b2cced855ab32969e524

                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                      c95bb3f412fe3be4208bdb5995c26729512c65448a34e9164c47e500a482cfbf55447dae011213719ff4beee7c2032c1919abff3429aff5cafb542e3c5f3e8fe