hxxps://drive[.]google[.]com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O

Resubmissions

30/08/2024, 21:07

240830-zyjajawgln 6

30/08/2024, 15:50

240830-taa2cssbnc 6

Analysis

max time kernel
122s
max time network
129s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
30/08/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O

Score

6^/10

evasion

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	drive.google.com
23	drive.google.com

Resource Forking 1 TTPs 13 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd	Process not Found
"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"	Process not Found
"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"	Process not Found
/System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent	Process not Found
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist	Process not Found
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"	Process not Found
/System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O\""
1⤵
PID:483

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O\""
1⤵
PID:483

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O"
1⤵
PID:483
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O"
  2⤵
  PID:487
- /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
  "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" "--simulate-outdated-no-au=Tue, 31 Dec 2099" --new-window https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O
  2⤵
  PID:487

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:491

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:491

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/var/root/Library/Application Support/Google/Chrome/Crashpad" "--metrics-dir=/var/root/Library/Application Support/Google/Chrome" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
1⤵
PID:493

/usr/bin/profiles
/usr/bin/profiles status -type enrollment
1⤵
PID:495

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
1⤵
PID:498

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome
1⤵
PID:499

/usr/bin/tar
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
1⤵
PID:500

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=20"
1⤵
PID:501

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=20"
1⤵
PID:502

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=20"
1⤵
PID:503

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072"
1⤵
PID:504

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=288471667" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=57"
1⤵
PID:505

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=288525476" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=57"
1⤵
PID:506

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
1⤵
PID:508

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:509

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:509

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
"/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"
1⤵
PID:510

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--launch-time-ticks=293214552" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=57"
1⤵
PID:511

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=12" "--launch-time-ticks=293234752" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=57"
1⤵
PID:512

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=10" "--launch-time-ticks=293239792" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=57"
1⤵
PID:513

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=11" "--launch-time-ticks=293247225" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=57"
1⤵
PID:514

/usr/sbin/system_profiler
/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml
1⤵
PID:515

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=93"
1⤵
PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:519

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:519

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=106"
1⤵
PID:521

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
GoogleUpdater --server "--service=update" --system
1⤵
PID:0
- /Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
  "/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6537.0" "--handshake-fd=5"
  2⤵
  PID:1.8446744073709552e+19
- /usr/bin/profiles
  /usr/bin/profiles status -type enrollment
  2⤵
  PID:525
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=102"
  2⤵
  PID:526
- /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
  /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store
  2⤵
  PID:527
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=108"
  2⤵
  PID:528
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=71"
  2⤵
  PID:530
- /usr/libexec/xpcproxy
  xpcproxy com.apple.systempreferences.2140
  2⤵
  PID:531
- /System/Applications/System Preferences.app/Contents/MacOS/System Preferences
  "/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
  2⤵
  PID:531
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=19" "--launch-time-ticks=312291895" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=116"
  2⤵
  PID:532
- /usr/libexec/xpcproxy
  xpcproxy com.apple.AccountProfileRemoteViewService 531
  2⤵
  PID:533
- /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
  /System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
  2⤵
  PID:533
- /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
  /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
  2⤵
  PID:536
- /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
  /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
  2⤵
  PID:537
- /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
  /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
  2⤵
  PID:538
- /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
  /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
  2⤵
  PID:539
- /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
  /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
  2⤵
  PID:540
- /usr/libexec/xpcproxy
  xpcproxy com.apple.studentd
  2⤵
  PID:541
- /usr/libexec/studentd
  /usr/libexec/studentd
  2⤵
  PID:541
- /usr/libexec/xpcproxy
  xpcproxy com.apple.nfcd
  2⤵
  PID:542
- /usr/libexec/nfcd
  /usr/libexec/nfcd
  2⤵
  PID:542
- /usr/libexec/xpcproxy
  xpcproxy com.apple.preferences.softwareupdate.remoteservice 531
  2⤵
  PID:569
- /System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
  /System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
  2⤵
  PID:569
- /usr/libexec/xpcproxy
  xpcproxy com.apple.softwareupdated
  2⤵
  PID:570
- /System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
  "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"
  2⤵
  PID:570
- /usr/libexec/xpcproxy
  xpcproxy com.apple.suhelperd
  2⤵
  PID:571
- /System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd
  "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"
  2⤵
  PID:571
- /usr/libexec/xpcproxy
  xpcproxy com.apple.SoftwareUpdateNotificationManager
  2⤵
  PID:574
- /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
  /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
  2⤵
  PID:574
- /usr/libexec/xpcproxy
  xpcproxy com.apple.metadata.mdwrite
  2⤵
  PID:575
- /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
  /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z
  2⤵
  PID:576
- /usr/libexec/xpcproxy
  xpcproxy com.apple.system_installd
  2⤵
  PID:578
- /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
  /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
  2⤵
  PID:578
- /bin/launchctl
  /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
  2⤵
  PID:581
- /bin/launchctl
  /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
  2⤵
  PID:582
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=116"
  2⤵
  PID:583
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=116"
  2⤵
  PID:584
- /usr/libexec/xpcproxy
  xpcproxy com.apple.security.agent
  2⤵
  PID:585
- /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
  /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
  2⤵
  PID:585
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=116"
  2⤵
  PID:586
- /usr/libexec/xpcproxy
  xpcproxy com.apple.security.authhost.00000000-0000-0000-0000-0000000186A6
  2⤵
  PID:587
- /System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
  /System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
  2⤵
  PID:587
- /usr/libexec/xpcproxy
  xpcproxy com.apple.ReportMemoryException
  2⤵
  PID:590
- /usr/libexec/ReportMemoryException
  /usr/libexec/ReportMemoryException
  2⤵
  PID:590
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=117"
  2⤵
  PID:591
- /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
  /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z
  2⤵
  PID:592
- /usr/libexec/xpcproxy
  xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
  2⤵
  PID:593
- /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
  /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
  2⤵
  PID:593
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=117"
  2⤵
  PID:594
- /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=unzip.mojom.Unzipper" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,7698136149483704703,1238268955596841523,131072" "--seatbelt-client=27"
  2⤵
  PID:595
- /bin/sh
  sh -c /usr/sbin/kextstat
  2⤵
  PID:596
- /bin/bash
  sh -c /usr/sbin/kextstat
  2⤵
  PID:596
- /usr/sbin/kextstat
  /usr/sbin/kextstat
  2⤵
  PID:596
- /usr/libexec/xpcproxy
  xpcproxy com.apple.loginwindow.38C4C861-D847-4F6D-9EB6-9AB02F19724C
  2⤵
  PID:597
- /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow
  /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
  2⤵
  PID:597
- /usr/libexec/xpcproxy
  xpcproxy com.apple.imklaunchagent
  2⤵
  PID:598
- /usr/libexec/xpcproxy
  xpcproxy com.apple.UserEventAgent-LoginWindow
  2⤵
  PID:599
- /usr/libexec/xpcproxy
  xpcproxy com.apple.universalaccessd
  2⤵
  PID:600
- /usr/sbin/universalaccessd
  /usr/sbin/universalaccessd launchd -s
  2⤵
  PID:600
- /System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
  /System/Library/Frameworks/InputMethodKit.framework/Resources/imklaunchagent
  2⤵
  PID:598
- /usr/libexec/xpcproxy
  xpcproxy com.apple.ViewBridgeAuxiliary
  2⤵
  PID:601
- /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
  /System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
  2⤵
  PID:601
- /usr/libexec/xpcproxy
  xpcproxy com.apple.security.agent.login.00000000-0000-0000-0000-0000000186BA
  2⤵
  PID:602
- /usr/libexec/xpcproxy
  xpcproxy com.apple.pluginkit.pkd
  2⤵
  PID:603
- /usr/libexec/pkd
  /usr/libexec/pkd
  2⤵
  PID:603
- /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
  /System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
  2⤵
  PID:602
- /usr/libexec/UserEventAgent
  /usr/libexec/UserEventAgent "(LoginWindow)"
  2⤵
  PID:599
- /usr/libexec/xpcproxy
  xpcproxy com.apple.coremedia.videodecoder 602
  2⤵
  PID:606
- /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
  /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
  2⤵
  PID:606
- /usr/libexec/xpcproxy
  xpcproxy com.apple.CryptoTokenKit.ahp.agent
  2⤵
  PID:607
- /System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp
  /System/Library/Frameworks/CryptoTokenKit.framework/ctkahp.bundle/Contents/MacOS/ctkahp
  2⤵
  PID:607
- /usr/libexec/xpcproxy
  xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.activateSettings
  2⤵
  PID:608
- /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings
  /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings
  2⤵
  PID:608
- /usr/libexec/xpcproxy
  xpcproxy com.apple.AmbientDisplayAgent
  2⤵
  PID:609
- /System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServices/com.apple.AmbientDisplayAgent.xpc/Contents/MacOS/com.apple.AmbientDisplayAgent
  /System/Library/PrivateFrameworks/AmbientDisplay.framework/Versions/A/XPCServices/com.apple.AmbientDisplayAgent.xpc/Contents/MacOS/com.apple.AmbientDisplayAgent
  2⤵
  PID:609
- /usr/libexec/xpcproxy
  xpcproxy com.apple.ctkd
  2⤵
  PID:611
- /System/Library/Frameworks/CryptoTokenKit.framework/ctkd
  /System/Library/Frameworks/CryptoTokenKit.framework/ctkd -tw
  2⤵
  PID:611
- /usr/libexec/xpcproxy
  xpcproxy com.apple.CryptoTokenKit.setoken 611
  2⤵
  PID:613
- /System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
  /System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/setoken.appex/Contents/MacOS/setoken
  2⤵
  PID:613
- /usr/libexec/xpcproxy
  xpcproxy com.apple.security.authhost.00000000-0000-0000-0000-0000000186BA
  2⤵
  PID:614
- /System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
  /System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
  2⤵
  PID:614
- /usr/libexec/xpcproxy
  xpcproxy com.apple.Kerberos.kcm
  2⤵
  PID:615
- /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm
  /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kcm --launchd
  2⤵
  PID:615
- /usr/libexec/xpcproxy
  xpcproxy com.apple.iconservices.iconservicesagent
  2⤵
  PID:616
- /System/Library/CoreServices/iconservicesagent
  /System/Library/CoreServices/iconservicesagent runAsRoot
  2⤵
  PID:616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Printers/InstalledPrinters.plist

Filesize
495B

MD5
3439dcb6d4ce19d3ea022b8bb17cba7a

SHA1
e412c16548b6fcc5fd488315cd70b324ca4d782e

SHA256
aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b

SHA512
8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
de68ec6b40fd95e32411b41f9d4896a9

SHA1
24df164365b10a31383a6b56e8c1e8bdde481b85

SHA256
ab299f464bbda92619badb824e021dd2599d733b6a7b40ed7481eb0826011556

SHA512
c18c10a8de385a1f537e991e7cb21c68c308f9f83bb2d01a4f2e4eb8d22264c20ec34cc968227ba51125a6aa45f72853858e7437ff61197b99705d92fd9803a5

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
b9ec5425f7d311fe2062f34911302d6a

SHA1
61cb4842a2dcc4f2455f5a5922079ee094378ad7

SHA256
f51bea80b219ded423649e6eb9db7ef6afd400d238baaf2d355d202d31f3700a

SHA512
baeaa38dbe99e56da80c4c51d3e4e6035d8fe69e7138d9ab82a4fda19b44146bf2cf3e9804cfa5799bc985af53fcd500473757c9ca06a188748ed876b08f9102

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
112KB

MD5
e89ad579706f83b6501700c74ccd2283

SHA1
21ed53d9b2ff0acd718e2a8f705536f588873671

SHA256
cf99b3cb7f475e30b0e7912f09768ebb6ef3c5c67b205a2268e401b4780acf5b

SHA512
038d678e55149152b09137ed1354b8761e2191980a18e07437912d63ddb1d6248dbe756196f309c2ec9bf99e4ea9c2a1423e9b1a0214140afe7eb5a46918292c

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
67dd5d2ca6e995782944e930f477c29b

SHA1
e7103dad0976beaa418b840e6e5e85ef30b25824

SHA256
bac52e2fa6a9bec1b7711f2a5638cae8e0a269201dab73d1145afbd784051a70

SHA512
c7a43d106c3d6dbe592d44fff65d5eca7d705c802af755ca9ad5e5386f79644397fc579e73341715589d9748a37a03ddbb1dbc99915d893a5bd7a44c54eec56b

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
b5ec653e5c413b7f64ba4faa70a178fc

SHA1
57e9095581ef5d24e09653c5323c8f846d196265

SHA256
68f9e355be026b61452148e544ed176fee608e5719004dd95e1fc7b648ae612e

SHA512
d1cccf493aa2aab0f0b3dfcf333f110e2bef175ab1ddd5bd038c4523ac1c88e659307a69fda9ec38816f9fd9553feb99a4efbdd9dec182aa46769e1794aaf0b1

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
112KB

MD5
8a2070efcf09e91c01a531a1d332776e

SHA1
74fb2bf2c11a014469ae013613d9790ab99a4ab9

SHA256
1b369540299ecd7dcf611367508e5b07bdb15ddf1912f69bff4860a6218f6b27

SHA512
70b410b83a7235aea36ec25ad44cacc32fb6e04c9b5a962a48986b5ae0c5de115b85a0ecc2b826e45133e2197e8c6bc5b09471da0322fc2d959fbb178d79398a

Download Submit
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

Filesize
1KB

MD5
6fa67c2c83c738d412dae99c6087fa7c

SHA1
86a5e24506b042957467d9a6da9c5c3e30dac19a

SHA256
cd3d256e76f21f1bc9f9b8c5ec674b2a8f9842d5bb533bfd18332c236c7a6a89

SHA512
29a35cfb405e9b1b6b2f0f6ae8efe533d4ce3b243cd3c3a52888549b6d2c3dd7b4defa16c3f4d4566f870cd73f2bbbf821d42c67a8139dc521f033aab2c0bf58

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirfr2Pa4/CRX_INSTALL/images/icon_128.png

Filesize
3KB

MD5
30899b6c4e4a757b8ec6dd2208acdfb4

SHA1
f2c5880a724c6d75cce1b5191e0d82c3bc7de768

SHA256
4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4

SHA512
58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirfr2Pa4/CRX_INSTALL/images/icon_16.png

Filesize
531B

MD5
344554d96e418120bd80ef5de5194697

SHA1
23e141c3a6ce368acc1c299f062ab85914bcb17e

SHA256
0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378

SHA512
7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

Download Submit
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js

Filesize
531KB

MD5
6eebed29e6a6301e92a9b8b347807f5f

SHA1
65dfb69b650560551110b33dcba50b25e5b876de

SHA256
04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697

SHA512
fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.CA1x1Q/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3

Filesize
5KB

MD5
ba0c44cdcbb9f1a8b1b2cbed95346caa

SHA1
c9a5e9df64b46db7bf44b091da1c5553137bff55

SHA256
3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948

SHA512
61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Pn7DFp/7_all_sslErrorAssistant.crx3

Filesize
5KB

MD5
636c653ec2c30bb767533901a18669b2

SHA1
4b5a01cfea4c5deb62f3aafa01ef24265613b844

SHA256
3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a

SHA512
a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ZaQpOT

Filesize
242KB

MD5
541f52e24fe1ef9f8e12377a6ccae0c0

SHA1
189898bb2dcae7d5a6057bc2d98b8b450afaebb6

SHA256
81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82

SHA512
d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ctwA9u/lmelglejhemejginpboagddgdfbepgmp_463_all_ZZ_j2yapcm2iwsjsw3vspibzp4cee.crx3

Filesize
53KB

MD5
b2dafe25aea793b54de2becceb187c6d

SHA1
c161e609d50f79ac43b26bc3ac501c06ee1f98b7

SHA256
e063c32d4a54071d6da859af231054da97b092113b2ba9fa61ef88bc5714c71a

SHA512
9e0f302be1762e886cc3891933276269905dd539b706bfc4a77bf97251409d3c1496495936531ad6c37f4309fa5f7e68c93fe973ad5fa8b82a3b60eac7f88305

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.pC1y8E/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Filesize
3KB

MD5
72326a22c279498851ae0331f64c001d

SHA1
ed2e9811491e6dcb047cdc5ff8c20f75091c1f99

SHA256
2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541

SHA512
c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.vmwLDx/jflookgnkcckhobaglndicnbbgbonegd_3040_all_j6kvwuv5hzxeixor5sxkklnez4.crx3

Filesize
73KB

MD5
74380408f0ea043c6c7b97ac9317a0a7

SHA1
f54af3671a592aa5948039563e358474e50886b4

SHA256
2615170554f3293586bc51fabc3cbf3d6058b396f1bb0252eb4bf9c25e6481c0

SHA512
7510500d90fc86956cfbcb1f5f207dd3ededf80ee04c2ab2f09838967d73872c51879b60edc35c7ecc8a53d49cf564e9c2fd51b263f04f846d149f3db941962c

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/m/062-59183/062-59183.English.dist

Filesize
2KB

MD5
0f12e7b8a5b625b18a162c607d8741c5

SHA1
43a43bc85bac24d62db737ac0422c4939b778e82

SHA256
2d04862803ce7f9f071ad95b733e7fa0d32af46663f755cfa4842db255b67894

SHA512
bd7bc4ad7a7492923bbda305bb19714d12965466fdcc7de850ddf58f707ef4488dd634acb85b668899d2ada564e3fddd3a05856c3c3997b1ca66dea0bc15682e

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/w/062-54041/062-54041.English.dist

Filesize
2KB

MD5
4c2ca01d7b619d57d4e4d9b42dd2b416

SHA1
e1f394ed97a87f198a403c348a35a085965b9d90

SHA256
59915fbd0858295cfd59f88cee4430c9a04b11b3128aebe3b5e0a7863ec2bfe8

SHA512
49a58168487a8ceb7c4eddfb271b6660e2d8f492794a19fa27ccf374a0a04ca8218bd481ca831cf89da66e9d4baf957041fbdea8710e44bb201679c63ccea1c5

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate/swcdn.apple.com/content/downloads/56/23/062-28254-A_OXFTM8606F/ilbeqmgoj14pd2p9o74uoy1n9qpofda5pa/InstallAssistant.pkg.partialState

Filesize
436B

MD5
1e69a4fed597a6c2ef2dcbd195a7482f

SHA1
0e9a81dc2a50449fa57691438c2ca7b6a6773794

SHA256
0401d658387639fdfe34f57df14c2c3427bf1e2c4c7c95ca5a9dcc678babca85

SHA512
05ba186d418d4bdf8e5fa323e20b384fddb9dc600881c0d815d9402c28e0f6c2cee89cf77a79de3cd6a9152c285e79cb6677ed61b6fba94bbd3eba8674ccb961

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-71934_336769A4-6980-40D4-A2E4-75660ED84269/MajorOSInfo.pkg

Filesize
1.2MB

MD5
70da443c0019466133e1727455b9578e

SHA1
e19f739b399b0b804971232a3801c2c241305c09

SHA256
ca73d7cfb89908a330f618a5d5e5d2d952d8439f54ad492632c6eab0ce7c418f

SHA512
d026476b186e8867c20db999a17a6a7a758e73b50a88feea64b7d1cd973f0cb228f0b2a9392738cfcd0c1fda76e640bc932838363f5088220df7b1fc528e1e45

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-71934_336769A4-6980-40D4-A2E4-75660ED84269/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

Filesize
863B

MD5
8797904ca5283bfd732e50c0a9f9b9d9

SHA1
f89123187e7533f944515c43f61d349cb092289b

SHA256
d572679860abe8cc8ca163774406a5a67aa9b5c2af22d7029caa684b7815be1a

SHA512
65be603f8c334e8db4d7406fe11c3b393c7a8e65f043258c299db5e662ba28b2283e577b5055a4e26824a9478b256f7e6123380b6682d16b573badb08fbc0f8c

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-71934_336769A4-6980-40D4-A2E4-75660ED84269/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

Filesize
1.3MB

MD5
84a52b22f460032e7da3b48d33d59ff8

SHA1
adaee5ad5a40de3c853f22beb0ee721ba51248a5

SHA256
8718b54792b537c53be8bc34a046b08ae6df5e55afb5d048fa2a277b596310f5

SHA512
a024abc73d9a0f132d423c5643842fefcf10b3b6f4b45f2d77fb540fadd41c38dabe31a53bd63fd2edb05866622e10b1d7efcd0e353258f42be07e659d1d330b

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-71934_336769A4-6980-40D4-A2E4-75660ED84269/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

Filesize
155B

MD5
63ce136b60c67afcd837e1a387b576ff

SHA1
17493a07f2ac52ffbe0769a013ee6c1afb3a1f96

SHA256
b86c08f715f38c1c6268a7cf60e6548d6eeb252db1698abb81b55b54569e13e4

SHA512
68d077aa6fe71242a248246d0ead0bf58c505e4b01895a1c53779ec129bb9216ffc11f2c9bb50000f7013787f16771d7cac313d05d63a8d4f759b301b6d8244c

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

Filesize
1.1MB

MD5
8cf978d88f73526dbd3dc61ce2f47a09

SHA1
c1fab063b444a9788fced806a8e1655b0656d08b

SHA256
b9474f5aff117b4808b53a37f18cd454f98976cac54ec22a89fc27e19059f669

SHA512
6eab6c0a81156fadd3dd3f044e73476b4c0f373feb45b8e87bdb07de0eb93b17ad3f134341c3dd217a8998fd231bf8ebf7402fd2d0840d149fe0b400a3a9ea46

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

Filesize
425B

MD5
9ac377316f06c6a6fd99ee3e07593b87

SHA1
1dbea8980aff3e7d370a7d5599897d8ae0809da2

SHA256
0694f19b95b76c8cf749a539321a09c173543f9d5a0b12140ebe8e84c53248b7

SHA512
b9284cb2dfc836ccb6f5c5b4badbf2ca454c3da16a30030ea0b671213e7f31387046b834f9c14b6122bce94b78611e620cdea24107625ab7a3aa2e8bcd398432

Download Submit
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

Filesize
40B

MD5
c6db1caaee0095f017c09113d53ed054

SHA1
cc37e2b3948325a0eeb51080f45b17ebf52a7035

SHA256
ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476

SHA512
3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

Filesize
141B

MD5
38fc535a8f11d7e955ef58cc63158eff

SHA1
c45ad3ee106dbfb65dce7c09b53140f34454cd0e

SHA256
085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8

SHA512
26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

Filesize
312B

MD5
5c4e7ade5753ab7de2c42c04111fa42e

SHA1
fb577b8c07d9617f507a3f2950df0a6dcfebe4e2

SHA256
d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82

SHA512
7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

Filesize
337B

MD5
ea517aa120c972c602673d331dfa35bc

SHA1
7ff539eec544cf306b80137bc182fb544e58aad5

SHA256
0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da

SHA512
e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

Download Submit
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

Filesize
353B

MD5
17a2dc5826aeb539547f00f52eccccd5

SHA1
fd36ad6db84312792cffac0267f6329b21727d66

SHA256
746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151

SHA512
6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

Download Submit