59922610678132915fd74ecc4c3f2117987135537bca02b830b08f27c3ac96d4

Resubmissions

16/07/2024, 04:58

240716-flvy1swbnm 3

16/07/2024, 04:56

16/07/2024, 04:52

16/07/2024, 04:49

16/07/2024, 04:46

Analysis

max time kernel
136s
max time network
153s
platform
macos-10.15_amd64
resource
macos-20240711.1-ja
resource tags

arch:amd64arch:i386image:macos-20240711.1-jakernel:19b77alocale:ja-jpos:macos-10.15-amd64system
submitted
16/07/2024, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Patrick.pdf
Size

36KB
MD5

8cda87bb4d6f53572254f7be23544b5c
SHA1

29e3ac8d5890f2bacdabdd26a7fe1c79307df3a7
SHA256

59922610678132915fd74ecc4c3f2117987135537bca02b830b08f27c3ac96d4
SHA512

d91f13669edadaed762c329f296c8771e6c847f57507144c92092a8043e68f013f4101fe2697545b1c7e77d5336f7771cdc0aec155240e1ae124d44cf8b319da
SSDEEP

768:V+EL9njhyr5AD4UPbBbFUjDNZSlDc6edap9otZNZo6a2X:V+i9jha52H0vNZSlDc6ofNOqX

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 19 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid F4529262-47D8-4E61-A900-9907ACDDAF02	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly	Process not Found
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid F4529262-47D8-4E61-A900-9907ACDDAF02 -post-exec 4	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1	Process not Found
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9E2FF2C5-AF37-4CED-AA65-783F0477B32F	Process not Found
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9E2FF2C5-AF37-4CED-AA65-783F0477B32F -post-exec 4	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1	Process not Found
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd	Process not Found
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" F4529262-47D8-4E61-A900-9907ACDDAF02	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1	Process not Found
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 9E2FF2C5-AF37-4CED-AA65-783F0477B32F	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly	Process not Found
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Patrick.pdf\""
1⤵
PID:469

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Patrick.pdf\""
1⤵
PID:469

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Patrick.pdf
1⤵
PID:469
- /bin/zsh
  /bin/zsh -c /Users/run/Patrick.pdf
  2⤵
  PID:470
- /Users/run/Patrick.pdf
  /Users/run/Patrick.pdf
  2⤵
  PID:470

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:503

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:503

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:505

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:505

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.7A82B28F-F50A-44DB-A9DD-F483637A1620 503
1⤵
PID:506

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:506

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:511

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:511

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.134328E9-0891-49BA-A89A-49E7FAF32BE1 503
1⤵
PID:512

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:512

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 503
1⤵
PID:517

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:518

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:518

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.79D9774A-E538-4473-9B66-CE1774C8836D 503
1⤵
PID:519

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:519

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.9EC1AE72-CA99-4A5B-8F95-0D6B5DE6FEEA 503
1⤵
PID:521

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.D0AF3F5A-AC88-4493-9B5F-C43F9A8D4603 503
1⤵
PID:524

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.904C4C71-DF47-4545-9684-3BC1EE291826 503
1⤵
PID:525

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SandboxBroker 503
1⤵
PID:535

/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
1⤵
PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.766EDC68-A645-4D83-96FE-E628A83A75FC 503
1⤵
PID:537

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.DiskImageMounter
1⤵
PID:538

/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter -psn_0_184365
1⤵
PID:538

/usr/libexec/xpcproxy
xpcproxy com.apple.XprotectFramework.AnalysisService 498
1⤵
PID:539

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.hdiejectd
1⤵
PID:540

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
1⤵
PID:540

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid F4529262-47D8-4E61-A900-9907ACDDAF02
1⤵
PID:541

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid F4529262-47D8-4E61-A900-9907ACDDAF02 -post-exec 4
1⤵
PID:542

/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" F4529262-47D8-4E61-A900-9907ACDDAF02
1⤵
PID:543

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
1⤵
PID:544

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
1⤵
PID:545

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
1⤵
PID:546

/sbin/fsck_hfs
/sbin/fsck_hfs -f -n /dev/disk3s1
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:548

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:548

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
1⤵
PID:549

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
1⤵
PID:550

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
1⤵
PID:551

/sbin/mount
/sbin/mount -t hfs -o "-u=502,-g=20,-m=755,nodev,noowners,nosuid,rdonly,quarantine" /dev/disk3s1 /Volumes/Setup
1⤵
PID:552
- /sbin/mount_hfs
  /sbin/mount_hfs -u 502 -g 20 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o quarantine /dev/disk3s1 /Volumes/Setup
  2⤵
  PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:555

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:556

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:560

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:560

/sbin/umount
/sbin/umount /Volumes/Setup
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.unmountassistant.useragent
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.security.DiskUnmountWatcher
1⤵
PID:577

/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/MacOS/UnmountAssistantAgent
/System/Library/CoreServices/UnmountAssistantAgent.app/Contents/MacOS/UnmountAssistantAgent
1⤵
PID:576

/System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher
/System/Library/PrivateFrameworks/KerberosHelper/Helpers/DiskUnmountWatcher
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000002.DiskImageMounter
1⤵
PID:582

/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter -psn_0_200753
1⤵
PID:582

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9E2FF2C5-AF37-4CED-AA65-783F0477B32F
1⤵
PID:583

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 9E2FF2C5-AF37-4CED-AA65-783F0477B32F -post-exec 4
1⤵
PID:584

/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 9E2FF2C5-AF37-4CED-AA65-783F0477B32F
1⤵
PID:585

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
1⤵
PID:586

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
1⤵
PID:587

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
1⤵
PID:588

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
1⤵
PID:589

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
1⤵
PID:590

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
1⤵
PID:591

/sbin/mount
/sbin/mount -t hfs -o "-u=502,-g=20,-m=755,nodev,noowners,nosuid,rdonly,quarantine" /dev/disk3s1 /Volumes/Setup
1⤵
PID:592
- /sbin/mount_hfs
  /sbin/mount_hfs -u 502 -g 20 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o quarantine /dev/disk3s1 /Volumes/Setup
  2⤵
  PID:593

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:594

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:594

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:594

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Downloads/Installer.exe

Filesize
165.2MB

MD5
7f622b815eb8a2ba686a18da88b31832

SHA1
298ee790c2e02847aa39f42e0fadeb530ead1602

SHA256
539c1f8dbd05a5ff39efed3cdd9ede37a584da7f751e8074df72d5781079b8dc

SHA512
0ce891c6a69690ee78b07f4e62c7c00e24e2678a92b01bffab4923552171a9b9d3f97882ce0a8b2333043dc8c478b8f8e86f2d8249654152a38b9f25e4ef89aa

Download Submit
/Users/run/Downloads/Launcher_v.4.31.dmg

Filesize
3.2MB

MD5
58de7cb237767f773e96d6799e23d613

SHA1
3149051938892fdb5aa83b640f203ff76b4682e4

SHA256
18bcb92839342db881d42d9df26449c11c752b7e350564af3b3e6a3ce7af543d

SHA512
070053b542c3658fc4c5ca6c5940823036cd6c1f06e535074cea519b326a45b2161fdb74cda223cb2755d4ce109b29a9570e62f9ce0c096546fd8b88aed71601

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/B5D0DA9EF4E36169796D32EDBFA0B001

Filesize
5KB

MD5
030bccaf8ccf163200f78158dd63b156

SHA1
ef6410815c0b25618965c0a9c9082c7cd46d5ec9

SHA256
f1b54717eb0de7f1837563e7bf913ac82a219feefa7bdb441f1eb12115a6cbfc

SHA512
dc97de33aa6482b081d498e35af3aeaa1a163e568206568a4ef7eba5af75a9fa07f9bfa4a7beae6515e9f5a8a6f85026b4a7f0f51474f3eeb3a1754fc54764a1

Download Submit
/private/var/db/spindump/tailspin-trace.2024-07-16_04-55-00.tailspin

Filesize
15.9MB

MD5
5c51cc17b0ee81b52be2556c190d4dd2

SHA1
d1ecbbeb3bdcdbf8a4eb68ee71ea828f94748227

SHA256
a4035f5360064629fa4459de035a3ceceec343e55021df1c53f87a29b9d2c27c

SHA512
19488d06e285ea496589e83184c036203681294fb7faa39d828d3f1c05c1978b35f08efe471cc4c5a20816c354972ef2bd488b71d501d18372f55dcec724e1fa

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
216KB

MD5
8532e6c8cf067ebec1b30c4266f26e3c

SHA1
c66f0c7127917a4cff5463c9463ed615a59deacb

SHA256
aed34ab6e1d86784fcf902cb760503e28763279d4f64ec12d8200d6a177082a5

SHA512
51ac30b4b8a903d2cf7bbafa7a08ac6bf37783af4a131a44e9c6d27e64c14ec137e001ab6f0db06a26a31e5f22d57e114688fa82a286bc3dd9983aad995c1f52

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
21.8MB

MD5
73a6cba3bf9997cab728d9d7ae15f8fb

SHA1
479609feea292415c1bac3d59b984f053506e311

SHA256
09a2dfcae9eae158b54949b2edbdb2c54475a2da9817ac302e81cbe02d3d3f4c

SHA512
8b829a12ec2d34c8d045afb47f49f9b6702f0e85619925293f2e6cae6b6c6ff4ca8462950bd77d88d183555e344b67f74d830d4a8f51342542a077da06a89c6c

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
129KB

MD5
d2b5e95d3eb6118326138beb37c48a02

SHA1
c18902eaf985099bb63add6ca0b6a00ce665ac6e

SHA256
0892c4061e6ed4f9b277b5482862e6a216f065c1b6660246af7ca4ca6b7cb658

SHA512
e10e550d87a009d87085845029a73ee2abd2fb502b0ce31772723b67b0344a5f44230f83ba2c54405bfa16a96f92fcc823c2de9d5261e47d66841797d3e6717a

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
204KB

MD5
92ec4caed783c35946d5dcb7ed9dff76

SHA1
a9e9788c65e7e9ed9f841cc04ccc6528f3bf5455

SHA256
a94537227b194b44aff608f73fa51a358a4c7b5a254624248c8cc714bff17bcc

SHA512
5584c939ecabe4df177b13e99ea49bdd0b2c589eb746ba2312c1f501bb430c56c114b469495e106e5a43f50c1220709c6988896eda5d7aca3c2321b0b2e7e7ea

Download Submit
/var/log/fsck_hfs.log

Filesize
15KB

MD5
d70659bf0b4f33caebd093587d89c29f

SHA1
e61342eb988bdceeb885d4a797d3ab7c43d40833

SHA256
0eaa9c7623cbd350310ca5b39ff5b3820898b65530e37d55c62316f62cae670b

SHA512
cf631c99500f59fc4c9d06e240341466a2b0e0454e697cdd40748186b5410005ce79fcbfaa16c5afb4e783b924036399aacec69ef55f73f5235a6ea27c62d5fd

Download Submit
/var/log/fsck_hfs.log

Filesize
16KB

MD5
a0d1878a12d9704a484fcbc602224869

SHA1
c87068458ec4cc4214d609f3cf874445a138d7ab

SHA256
b2ccbe011bbaa20eb6bcc85c8f1f1da88af43d05d9b3b17694cf20c1b8517077

SHA512
996f60287349227ae083ec6a93cb333c7f67a278acc9c31646a361504bf05c71a1fd09f2bb70aa7f88a729259da84e4d2cc54ef8d69186101de40559f4d78c8d

Download Submit
/var/log/fsck_hfs.log

Filesize
16KB

MD5
a7d3503770a0e66f7ec856453b9e972d

SHA1
53e1c34519d653f0fcecb1e7785b42751e9c04f4

SHA256
cdc139103b8805d482b4a8a2c4357dc5f878f7d68234b6971ab1dae37acdd8f1

SHA512
3266aaae726cb0794c9d003fe54a283fda0a122547f7525930b85ffcf30ad5dd81027892592ffd5c394fc127e9f1a3354d0c6ef7e13772b943a4a14897c9e195

Download Submit