6dc0ad3bcacb04350698e6352b7193fd64fe4496a85748de78c0a280165fcba7

Analysis

max time kernel
420s
max time network
422s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
08/08/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Subtitle/[Kaze-Yuuki] Amagami SS - 01.ps1
Size

117KB
MD5

32d44ebf3cf1ff583a2059bd989e86c8
SHA1

a8d1b147c88af4dc4201fa76f081ecb598f5ed04
SHA256

e1d0df048604cac1eb8118a516a320ac42382706c918dc59578b5c37f3e8db81
SHA512

65de4ea6751de0d7cbcedae427ec8024d07f9b44f9edb0872024ccada19e1f1752ee0a2cb53ce9af7efa12660a50c64d15532aa28ebd6630c9aa1d5ada413715
SSDEEP

3072:rf9JbxgboyDuR8CSfiTuw/6xlEZt7UWkWnNBCPbyKENACNSUSd/TCxWKjbvZriCq:rf9JbxgboyDuR8CSfiTuw/6xlEZt7UWM

Score

5^/10

evasion execution persistence

Malware Config

Signatures

Launch Agent 1 TTPs
Adversaries may create or modify launch agents to repeatedly execute malicious payloads as part of persistence.
persistence

Launch Agent
T1543.001

Resource Forking 1 TTPs 4 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd	Process not Found
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer	Process not Found

Launchctl 1 TTPs 1 IoCs

Adversaries may abuse launchctl to execute commands or programs. Launchctl supports taking subcommands on the command-line, interactively, or even redirected from standard input.

execution

Launchctl

T1569.001

ioc	Process
/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist	Process not Found

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
1⤵
PID:472

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
"/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged"
1⤵
PID:471

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
1⤵
PID:474

/usr/libexec/pkreporter
/usr/libexec/pkreporter
1⤵
PID:473

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Subtitle/[Kaze-Yuuki] Amagami SS - 01.ps1\""
1⤵
PID:486

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Subtitle/[Kaze-Yuuki] Amagami SS - 01.ps1\""
1⤵
PID:486

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/Subtitle/[Kaze-Yuuki] Amagami SS - 01.ps1"
1⤵
PID:486
- /bin/zsh
  /bin/zsh -c "/Users/run/Subtitle/[Kaze-Yuuki] Amagami SS - 01.ps1"
  2⤵
  PID:489

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
1⤵
PID:475

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:512

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:512

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:527

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:527

/usr/libexec/xpcproxy
xpcproxy com.apple.dock.ecti.F30762FA-59F4-41A9-99BB-381D4BDD2397 280
1⤵
PID:538

/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ecti.xpc/Contents/MacOS/com.apple.dock.ecti
/System/Library/CoreServices/Dock.app/Contents/XPCServices/com.apple.dock.ecti.xpc/Contents/MacOS/com.apple.dock.ecti
1⤵
PID:538

/usr/libexec/xpcproxy
xpcproxy com.microsoft.Word.2024
1⤵
PID:539

/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
"/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word"
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.storeuid
1⤵
PID:544

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:547

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.microsoft.autoupdate.fba.2660
1⤵
PID:548

/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant
"/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant"
1⤵
PID:548

/bin/launchctl
/bin/launchctl list
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.microsoft.autoupdate.helper
1⤵
PID:550

/bin/launchctl
/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist
1⤵
PID:551

/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
1⤵
PID:550

/usr/bin/codesign
/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:553

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:555

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:554

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:557

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:573

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:574

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.51D338BC-A88F-4ADA-8612-E78A50F818AD 573
1⤵
PID:575

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:579

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.898D28E4-1B4F-47FB-BF8A-5B8F7466A5E8 573
1⤵
PID:580

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 573
1⤵
PID:581

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:582

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.0CCF801E-9CCA-428D-8E0F-A7C2F955576F 573
1⤵
PID:585

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:588

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:587

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.passd
1⤵
PID:589

/System/Library/PrivateFrameworks/PassKitCore.framework/passd
/System/Library/PrivateFrameworks/PassKitCore.framework/passd
1⤵
PID:589

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:590

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:591

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:591

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 124
1⤵
PID:592

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.sessionlogoutd
1⤵
PID:593

/System/Library/CoreServices/sessionlogoutd
/System/Library/CoreServices/sessionlogoutd
1⤵
PID:593

/sbin/shutdown
/sbin/shutdown -h now
1⤵
PID:160

/bin/sh
sh -c "/usr/bin/wall -n"
1⤵
PID:595

/bin/bash
sh -c "/usr/bin/wall -n"
1⤵
PID:595

/usr/bin/wall
/usr/bin/wall -n
1⤵
PID:595

/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin
1⤵
PID:1.8446744073709552e+19

/usr/sbin/spindump
spindump -shutdownstall 2 -timelimit 5
1⤵
PID:597

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:598

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:598

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:598

/bin/bash
bash /private/var/install/shutdown_installer_tasks
1⤵
PID:599

/bin/bash
bash /private/var/install/deferred_install
1⤵
PID:600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Launchctl

T1569.001

Persistence

Create or Modify System Process

T1543

Launch Agent

T1543.001

Privilege Escalation

Create or Modify System Process

T1543

Launch Agent

T1543.001

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/PassKit/cache.plist

Filesize
488B

MD5
983afa02ac9bd03474cbd0754dfec41e

SHA1
696bf72962cb4a3f8872e4cca621f08657986dcb

SHA256
6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8

SHA512
398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

Download Submit
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/Word.CampaignStates.json

Filesize
1KB

MD5
da7b321936a4650a446dc9236c1894ce

SHA1
4950cd50437470597303a7451ae4e8b1d98af034

SHA256
5d468a964d6ad8e3ce0e0078b7955977545c2083cdb1c8929b1bf1c40f074c1c

SHA512
e27efae91b4622e0c4838daf0752ba20cf1f21e88dbd2251adf20dc0df4859876a3d29be0a5adae8b7f5bbcbc02b9ea0f583d786a6d6b7902a55cb66fa8cb3bf

Download Submit
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml

Filesize
257KB

MD5
140be47d385d1b9bb6a22325e83c2d4a

SHA1
ddd59aa6c5b24933d06d79bad68d7c5a4b3ed186

SHA256
fe6423c811130a2e37041ee9c3a3f0d614969b4914314dd6e55ea1b4128a6151

SHA512
69f28129128baeecb2057960f8e2feb504959f6e2c38d291ee6e1841f0f9043c52996e04138b6c7f48e60aea1f2704e95962eb49cc72d0ac7a8304efe6650770

Download Submit
/Users/run/Library/Passes/PaymentWebServiceContext.archive

Filesize
49KB

MD5
80dbdff659c57eea3234f4bedd8d7aab

SHA1
f68466bb104601999d82504f8e1630e98fec0389

SHA256
6b97d3abc85efd13ac45424998a7cf719aca66135a466ea1f8cb3c2a1c9fbb02

SHA512
b65a8f01db215649d33d065f9399b9065e0c874a073da731262f4544d6113fb6151b9a029ded2e793a466e75185b7897c63afd12fad927ff227c691e08292610

Download Submit
/Users/run/Library/Passes/PaymentWebServiceContext.archive

Filesize
68KB

MD5
26a5c0bd8635d628a4f99684533ad8dc

SHA1
19854a6b1ad2fb71141736fa2bb4dda704a7cfea

SHA256
da3103c1df49aea768f9b18d2e52f16f87acc7f71dce8208c3226926e5e7aec8

SHA512
b3190efea98bd5b54c6dd7251573efff203b4a225f76cefa76173ae31381118645fba26ec0325dec13d06eb4b42a5b3cf884bec96d9a5be034a9b1ef1d2e2e82

Download Submit
/Users/run/Library/Passes/PeerPaymentWebServiceContext.archive

Filesize
550B

MD5
a17ad158aecff70a66c3f526b790f49b

SHA1
242ebd3de342b12501f6f229959f035e3b6b9dfe

SHA256
0229d68d8a9beec16e3eb652ae3d776d4fc5ae86a0273a6ab4c6da5954990e92

SHA512
231f179f9e6862d951587c4c27ca84a6f18fdd36d9d2a08c4defb18ecf94eb82e6da5a0b0175fc61052fa0f2048f8186a3c5b5d7cf6d4b82aecdae13e02929c2

Download Submit
/Users/run/Library/Passes/ScheduledActivities.archive

Filesize
1KB

MD5
000d11f0a896f9c0d559f8f8e273c229

SHA1
f0a8f34d20730160ab94c3439f1fe07169b94b5c

SHA256
a7c40bcdfd688a3c37705191aa7d9a21e9b860ead4d429f98835cd97796f74d6

SHA512
6185a4324a0746ed7b10b9f6ed0c8bcf062d528d30bfdc16435baaed75588392b17cb14aa1db5c87ffeb2999953c76232605f47eba73c598dcd76e795b7f724d

Download Submit
/Users/run/Library/Passes/ScheduledActivities.archive

Filesize
1KB

MD5
5868f8632c82763bee1f10babb0a2113

SHA1
128045978ba8bc15a3f99cbde68641f6f84170dc

SHA256
8a58c9faabf30fe9e26d76c0cc0cd3f4de431fbe2bfc55165382ce6117034508

SHA512
b72460fe9f451ef0fb7b81d3768246965f800c7f909878bed91fb070171fba0aa02c9afea404bb4ffb8fd5cc8fb3324e35027d68033c9da3090c674d3fab163d

Download Submit
/Users/run/Library/Passes/WebServiceTasks_v6.archive

Filesize
251B

MD5
09dfdae412e2ce9c6666f52f76002c1a

SHA1
d175b94d9dbbc3980c77cbd1da8fa7b853cf0783

SHA256
c620ab626d4350382bd8d7c999e0f3f765e7414a02264987cc38aa428ea03260

SHA512
54bfe4cf51f958dcec06b6bf81df0000d8b4cf464d7c1eadb22450fd0f86d42558f68acfc5e6806557cb1c76b2cd9b1c310c7c1e6fcbef018579e5789e183969

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
/Users/run/Library/Saved Application State/com.apple.safari.savedState/data.data

Filesize
5KB

MD5
2b8a3f9af28207a8fbb3ad48b6418c25

SHA1
8aae01932024f8a26c1ab6d7d35f2615ea3f6adb

SHA256
a13d406b4f996a4be4957165969f11e64928b9d630862c9ea7a6cf8c7ec52cd5

SHA512
7b296ddaed7887daede9840d6b8e0cb887f6f160db8a6707694743c51cd67662ac4f0cd76d8745327f626da50f78aa62447e5cafd3fe73f3b16d6dbeabd92ac1

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
214KB

MD5
c738010c16067baa2f714ab70fd24d13

SHA1
f7f7e4c2b2839c5053c13462af4024dd2c6bb976

SHA256
15154cb0cb015c415fceebd48eaf8446a27f541592f58f48acc5abb5e2588523

SHA512
156d76ed9399d40c61f7308eebb1aeb4740af4e2b93e42ca62ecd6bd0aae57ffecd8700c51cdf92c1ff56e830ec56e26922ebfb1da1bc4439513d81351071a63

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
21.8MB

MD5
1495d7ac17e67aec5883ca26739843dd

SHA1
8f29f684b6765e40a64c6a83ccf983a7456a95cc

SHA256
1848d86b38c546869cfd00dc2aca313db147e3a521cf130ca688a44de7feae5d

SHA512
460e666a7bc60ea116e7c35b049116e0ff1902cf400e1a49f0ba5da7f1874ccd739aa9525df498bc4b6272f33d9a663ed72d0f432c9f5539a03fc823059d517b

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
126KB

MD5
07adda7a1b9167ddff1300c941d63499

SHA1
d077ae94cd18c0dda42c4690330cb444a6f62c80

SHA256
54436495b4ae1146643b6511f5847334beb90f11e0500f805431c76a1a4eba39

SHA512
6ad4926188a1fb332e19ddc69b1e2be53c8578249b025e8b8d784dba911823b1e86517b1cb6dc32bd43914c5a388216dda6250c1e110d9527e7f5e13f3e5143c

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.microsoft.Word//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
168KB

MD5
381324ab88704073ee8d02c34ebb88c4

SHA1
65950b1984501317ec3a99701248693c294e66d8

SHA256
e25fee371d42ab44f5e0f15d40a317162cf0378976a7ebfcd42ecf916e3b0e30

SHA512
8b17cb8e5f2f9196d0b57e646b46e1a83b4b322e409b5bb6f072a62b249f3c832e3c969f7488815b78ec7991e1407a17a4135536d23701554d91bb70e1b5ca04

Download Submit