a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb

Analysis

max time kernel
1540s
max time network
1661s
platform
macos-10.15_amd64
resource
macos-20241106-en
resource tags

arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
30-12-2024 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cisco_Umbrella_Root_CA.cer
Size

1KB
MD5

963b7b50c6f11c264e30fda42c431ad6
SHA1

8ae3de215566db897f9fd1e72d54a0672bcfe430
SHA256

a122d4080a26c1da986bd0e7202b1630eb661a624915ef244f496fdd306e85fb
SHA512

9682908dc0eacac512cb9d2249350eebab89efd5f50b35fd134a21a66ef0219380edf28a3f309908f405cdbd672292e707b94475133109a2c5678f8f24306bf5

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 8 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd	Process not Found
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd	Process not Found
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Cisco_Umbrella_Root_CA.cer\""
1⤵
PID:476

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Cisco_Umbrella_Root_CA.cer\""
1⤵
PID:476

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Cisco_Umbrella_Root_CA.cer
1⤵
PID:476
- /bin/zsh
  /bin/zsh -c /Users/run/Cisco_Umbrella_Root_CA.cer
  2⤵
  PID:477
- /Users/run/Cisco_Umbrella_Root_CA.cer
  /Users/run/Cisco_Umbrella_Root_CA.cer
  2⤵
  PID:477
- /bin/sh
  sh /Users/run/Cisco_Umbrella_Root_CA.cer
  2⤵
  PID:477
- /bin/bash
  sh /Users/run/Cisco_Umbrella_Root_CA.cer
  2⤵
  PID:477
- - ggEPADCCAQoCggEBAO7ZjfBSCaz5EMYSiWYoXjHPP/w7xFT4bXa82lOZ9CJJXDQw
    "ggEPADCCAQoCggEBAO7ZjfBSCaz5EMYSiWYoXjHPP/w7xFT4bXa82lOZ9CJJXDQw "
    3⤵
    PID:483
- - bZpBdmuqX9UWo769LIAaSUvkYEeZqcTsjrx/7juPKoOErhJY0cPK12LU9PbHXqEd
    "bZpBdmuqX9UWo769LIAaSUvkYEeZqcTsjrx/7juPKoOErhJY0cPK12LU9PbHXqEd "
    3⤵
    PID:484
- - +RK/w0qLsDTyOVO/mEIVWLXu/Z1NtuXgj/jhegcCAwEAAaNCMEAwDgYDVR0PAQH/
    "+RK/w0qLsDTyOVO/mEIVWLXu/Z1NtuXgj/jhegcCAwEAAaNCMEAwDgYDVR0PAQH/ "
    3⤵
    PID:488
- - BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFENzAN4kukAaQFQsfXzV
    "BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFENzAN4kukAaQFQsfXzV "
    3⤵
    PID:489
- - qg8aAvZdrbdMEKEBr1RDB0OAhuPcaaVxZi6Hjyql1N999Zmp8qIw/lLTt3VSTmEa
    "qg8aAvZdrbdMEKEBr1RDB0OAhuPcaaVxZi6Hjyql1N999Zmp8qIw/lLTt3VSTmEa "
    3⤵
    PID:491
- - 29uPgjdMGLl9KyfZjARiA/PPvPdHTwg7TMJOet+w7P5nWabLNW55+Wc/JzCSFE30
    "29uPgjdMGLl9KyfZjARiA/PPvPdHTwg7TMJOet+w7P5nWabLNW55+Wc/JzCSFE30 "
    3⤵
    PID:492
- - +0Kdz/jojxlA/8t0xYLCdS2UK7zC4kuAbojHLJDbIQO3HeEWwVmg4FO89AHVvC4R
    "+0Kdz/jojxlA/8t0xYLCdS2UK7zC4kuAbojHLJDbIQO3HeEWwVmg4FO89AHVvC4R "
    3⤵
    PID:493
- - Y+V0t7SaEradv6tPG9DHX7PLwjQ/Xs95NGDIJTeFwCRqYUlBu9iZjIvKba0e0tST
    "Y+V0t7SaEradv6tPG9DHX7PLwjQ/Xs95NGDIJTeFwCRqYUlBu9iZjIvKba0e0tST "
    3⤵
    PID:494

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:521

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:524

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:530

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:529

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:531

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:532

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:533

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.satellite.F91CF997-AF59-4C7D-A521-591DD83CD18C 526
1⤵
PID:536

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:537

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 537
1⤵
PID:538

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:538

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:539

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:540

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:542

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:543

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:545

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:546

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:548

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.users.remoteservice 537
1⤵
PID:550

/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
1⤵
PID:550

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.network.remoteservice 537
1⤵
PID:552

/System/Library/PreferencePanes/Network.prefPane/Contents/XPCServices/com.apple.preference.network.remoteservice.xpc/Contents/MacOS/com.apple.preference.network.remoteservice
/System/Library/PreferencePanes/Network.prefPane/Contents/XPCServices/com.apple.preference.network.remoteservice.xpc/Contents/MacOS/com.apple.preference.network.remoteservice
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.systemadministration.writeconfig
1⤵
PID:553

/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig
/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:554

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:555

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.8D605752-F054-43DB-BEB4-ADD998B6059C 554
1⤵
PID:556

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:561

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.68F9416A-7303-440B-A664-F1FFE31475BC 554
1⤵
PID:563

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.ncplugin.stocks 313
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.iCal.CalendarNC 313
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.ncplugin.weather 313
1⤵
PID:567

/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
1⤵
PID:565

/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
1⤵
PID:566

/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.sound.remoteservice 537
1⤵
PID:569

/System/Library/PreferencePanes/Sound.prefPane/Contents/XPCServices/com.apple.preference.sound.remoteservice.xpc/Contents/MacOS/com.apple.preference.sound.remoteservice
/System/Library/PreferencePanes/Sound.prefPane/Contents/XPCServices/com.apple.preference.sound.remoteservice.xpc/Contents/MacOS/com.apple.preference.sound.remoteservice
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 554
1⤵
PID:570

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:571

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.AA144581-80D3-4B28-A2DF-2F299D1A44EE 554
1⤵
PID:572

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.A04CA430-1111-4CFF-BCD8-52AF1D7BD280 554
1⤵
PID:574

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.90994167-AC91-4821-9680-0CBE2EBCD907 554
1⤵
PID:575

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.A600D4A0-1B57-4B66-A8DC-C0CE47D65A5B 554
1⤵
PID:576

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.624E242F-2351-4387-8CD7-53337C99A954 554
1⤵
PID:577

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:581

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:582

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:587

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:590

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:591

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:591

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:593

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:593

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:596

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:596

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:597

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:597

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:598

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:598

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:601

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:601

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:604

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Safari/Favicon Cache/favicons/2FA28446E594018D321AD81D1D1CB5BC

Filesize
5KB

MD5
52df3c36ab8d3405d58584571da92264

SHA1
aaa0254a44cf3d536da58fe5cebdb265f3342549

SHA256
0fc4d00ea03eba5326f2eb8b180fbf6b1fae57984bc55ec1f26bd123b5a85e60

SHA512
bf25520a74c874943dfe139c77355c84660bdce109768d1cf3d56435e4bda9b17f0ed838c54b4a66ba3d3f9908215787ec86488b3c3701c92e0b4320197df643

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/87DACC11D60C3025C24704DB12B3665B

Filesize
5KB

MD5
a383ed48037cd6d23aba4d9ca5e922a3

SHA1
90adf56648791d2577a20b7a2f9df371ed78a8ba

SHA256
9f9079dda64edfb00e12b02fa9cdb993aaece202b42430a8e8b03860bdf7552c

SHA512
e7b1384ab70d046bd6e6132035668df67f4263bbc066ee4c08915ec8638bb677f8e6635312e086f369e03b462f432bdf63ef7a0aa33cabf1790c762b775d1535

Download Submit
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

Filesize
1KB

MD5
a52159b38b9a8c4d386082db4526afd1

SHA1
8ab9316bf7494fbb157867e9b7652e9f87742279

SHA256
e6d591ae86cd396f58316023b81a01a198275cca09003b231922552fd5fb4ce7

SHA512
71c4df1e7287887836da312f80523e33be3b79a511bd77808899d092088026a0708c81c4618ec6a9d056e5659cc11a03775e54550f0002ec4eebe5f2b6736fbd

Download Submit
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

Filesize
3KB

MD5
015386301c064538c22b2718160acd95

SHA1
a20caab6daa78431a2041f7ac0f0339706ffdf1e

SHA256
ca63e237f8fa40019e7d3d7b0a8b3cf6dd055244a3acbac9d39959a6c82e06a0

SHA512
40ec56601534a14b6de9bc22af420f53dcbe4032677b994129001871feaf3dda4d51780d4aab148a8febd5aff14fb17d98c4b0424250b31983f72fb6b975f52b

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
294KB

MD5
ff60671689d554ce25281172b074e4d3

SHA1
fd30f7c0ed37835a7b879030c0912f3ad46d3e60

SHA256
5d445c53efea4964dc4e4f98fc36c02073fdb73da15f53f16bd77a078d2d0bbb

SHA512
e6778610e036587bc04c5194c51945d914aff72d3f74072e5f62308238c62edae5f6e70e99b9f0b5a5730cbb7933a406c278f72b0830311538776e7660a964d2

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
17.5MB

MD5
03d8a660fe1a94f305feaacf96f3b68e

SHA1
ccc595a49825bc7dbf4e429824e5addcd4195151

SHA256
57deeadf2cf201597e046d0a0bef056bf08817ff128a254516b71f1be69439a7

SHA512
fc9f64b599959e25950999af69c0a7075d9ecb9331f71f880b2ea975b2ab60a2434f9ea4bdf0115486c4fd3bc6bec8048f8c698634716c60f901e3bf697726f2

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
110KB

MD5
2c8910a9481ededcbe06a30eeb9c50a8

SHA1
d4147c66b6769d74c830074860ed30e4abc91dc8

SHA256
8ee667f40f0d32635a3f326a7d7b9c994dcc2cf78ccb9152b30cc3de495318c5

SHA512
4196c96c7dc23c2eace685786de00d8d7087c33f4808e0392f38f34e7b5a5733bdd08abbe412471fdca80cb1665a590819884d12456337bd08d1dce4bd368bf5

Download Submit