fakelockbit | 21d9a8a8a9cb07b13bd2c8508d7a826d716c3411bea9ed6fcd160a18198cbd3a

Resubmissions

28/03/2025, 15:07

250328-shcdqazj14 10

27/03/2025, 11:12

250327-na8dza1sh1 10

Analysis

max time kernel
461s
max time network
466s
platform
macos-10.15_amd64
resource
macos-20241101-en
resource tags

arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
27/03/2025, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NotLockBit/lc
Size

8.8MB
MD5

06bd47b8ec7e6277dc6c8842d00f7243
SHA1

23f3b070aad47f72ddf2d148f455cce2266901fd
SHA256

14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31
SHA512

299febd21383786c542d8fa79dc6d04aba61675c82ab889da9987404d2a78fd036ffab8b88712152b1ec57f06db4960e9391b6fc1c5fed447e48effb8aefbd50
SSDEEP

49152:m+9o0usEBuQ61RnzrmY+PLXkQF/S/BlFayqYETg2M5Ozv75Eaa9qPESp7bZ1uASW:vhEU+wQF/sP23Eaa9SE0uToBCq

Score

10^/10

fakelockbit defense_evasion ransomware

Malware Config

Signatures

Detects Fake LockBit family 2 IoCs

resource	yara_rule
behavioral3/files/0x000000030008ed59-34.dat	family_fakelockbit
behavioral3/files/0x000000030008ed5a-50.dat	family_fakelockbit

Fake Lockbit
Fake Lockbit is a cross-platfrom ransomware written in Golang targetting Windows and macOS.
ransomware fakelockbit
Fakelockbit family
fakelockbit

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
166	raw.githubusercontent.com

Resource Forking 1 TTPs 8 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

defense_evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool	Process not Found
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck	Process not Found
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref	Process not Found
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool	Process not Found
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool	Process not Found

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/NotLockBit/lc\""
1⤵
PID:475

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/NotLockBit/lc\""
1⤵
PID:475

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/NotLockBit/lc
1⤵
PID:475
- /bin/zsh
  /bin/zsh -c /Users/run/NotLockBit/lc
  2⤵
  PID:477
- /Users/run/NotLockBit/lc
  /Users/run/NotLockBit/lc
  2⤵
  PID:477

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:497

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:497

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.systemsoundserverd
1⤵
PID:498

/usr/sbin/systemsoundserverd
/usr/sbin/systemsoundserverd
1⤵
PID:498

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:499

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:499

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:500

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:500

/usr/libexec/xpcproxy
xpcproxy com.apple.nsurlstoraged
1⤵
PID:511

/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
1⤵
PID:511

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:519

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:519

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:520

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:520

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.DB9FA54A-E1F0-4569-8BB9-1C9E1B48BC77 519
1⤵
PID:522

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:527

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:527

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.0440E743-806A-408F-85BF-10FCDEDE42CE 519
1⤵
PID:528

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 519
1⤵
PID:529

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:532

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.678CE123-50AF-476D-B5E3-F40C10D854F1 519
1⤵
PID:533

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.B8E64BB3-1753-46EC-B425-C29A776B36EF 519
1⤵
PID:534

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SandboxBroker 519
1⤵
PID:539

/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy "com.apple.xpc.launchd.oneshot.0x10000001.Archive Utility"
1⤵
PID:543

/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility
"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility" -psn_0_196656
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.XprotectFramework.AnalysisService 411
1⤵
PID:544

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
1⤵
PID:544

/usr/bin/macbinary
/usr/bin/macbinary probe --verbose /Users/run/Downloads/true.zip
1⤵
PID:545

/usr/bin/file
/usr/bin/file -b /Users/run/Downloads/true.zip
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.archiveutility.auhelperservice 543
1⤵
PID:547

/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService
"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"
1⤵
PID:547

/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService
/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:549

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 543
1⤵
PID:551

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.TextInputMenuAgent
1⤵
PID:552

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.TextInputSwitcher
1⤵
PID:553

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:554

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000002.TextEdit
1⤵
PID:555

/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit -psn_0_213044
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:558

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 558
1⤵
PID:559

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:559

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:560

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:561

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:562

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:563

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:566

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:567

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.security.remoteservice 558
1⤵
PID:568

/System/Library/PreferencePanes/Security.prefPane/Contents/XPCServices/com.apple.preference.security.remoteservice.xpc/Contents/MacOS/com.apple.preference.security.remoteservice
/System/Library/PreferencePanes/Security.prefPane/Contents/XPCServices/com.apple.preference.security.remoteservice.xpc/Contents/MacOS/com.apple.preference.security.remoteservice
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.sysextd
1⤵
PID:569

/System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd
/System/Library/Frameworks/SystemExtensions.framework/Versions/A/Helpers/sysextd
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.preferencepane.security.PrivacyAnalytics 568
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.preferencepane.security.AdvertisingExtension 568
1⤵
PID:571

/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/MacOS/AdvertisingExtension
/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/AdvertisingExtension.appex/Contents/MacOS/AdvertisingExtension
1⤵
PID:571

/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/PrivacyAnalytics.appex/Contents/MacOS/PrivacyAnalytics
/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/PrivacyAnalytics.appex/Contents/MacOS/PrivacyAnalytics
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountPolicyHelper
1⤵
PID:572

/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.xpc.launchd.oneshot.0x10000003.TextEdit
1⤵
PID:573

/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit -psn_0_241723
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:574

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:575

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:576

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:577

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.security.agent
1⤵
PID:578

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/SecurityAgent.bundle/Contents/MacOS/SecurityAgent
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.CoreAuthentication.daemon
1⤵
PID:579

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authhost.00000000-0000-0000-0000-0000000186A5
1⤵
PID:580

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:581

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:582

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:582

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Downloads/NotLockBit/22

Filesize
9.3MB

MD5
37ec80fbc2302d5893cb6984cb1a43e2

SHA1
6c19a41d033ccc39bd42bc2f2e830e1f5808ca15

SHA256
aca17ec46730f5677d0d0a995b65504e97dce65da699fac1765db1933c97c7ec

SHA512
cfb4a5d2a6db39c8c2e48a558164dacef2e59b341a2247870e7fd80cc39ad04e650708065b8c9ef7e139e2e16b8234a45716935b7b86f9314377968389e56d61

Download Submit
/Users/run/Downloads/NotLockBit/lc

Filesize
8.8MB

MD5
06bd47b8ec7e6277dc6c8842d00f7243

SHA1
23f3b070aad47f72ddf2d148f455cce2266901fd

SHA256
14fe0071e76b23673569115042a961136ef057848ad44cf35d9f2ca86bd90d31

SHA512
299febd21383786c542d8fa79dc6d04aba61675c82ab889da9987404d2a78fd036ffab8b88712152b1ec57f06db4960e9391b6fc1c5fed447e48effb8aefbd50

Download Submit
/Users/run/Downloads/NotLockBit/lckmac

Filesize
3.0MB

MD5
8b26b29569c5d912d1d46e0de6a84edc

SHA1
367362b4ab6384833752b6936c296f3746859b82

SHA256
e02b3309c0b6a774a4d940369633e395b4c374dc3e6aaa64410cc33b0dcd67ac

SHA512
66d31cb407e9b784cef915fdb5ca9d10d1e071b94708f5f09966fb2b2f829f85bcc6fe760693bddd5485169016adf172910c77df27b99709422f1f060712ba56

Download Submit
/Users/run/Downloads/true.zip

Filesize
8.7MB

MD5
ac5f961f0869cc3e3f83085d9d4211aa

SHA1
78907647c468627cc7b9ec6165c51d298d0a686b

SHA256
21d9a8a8a9cb07b13bd2c8508d7a826d716c3411bea9ed6fcd160a18198cbd3a

SHA512
8661cf8c1b6c86e81af5a13b1e57e2f8585a294199b92db5153be820043ea3b33965d143d9f7863b73f526b353fa18e9589363a39b9b56acf4d280381b135ec7

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/EE6736375CC75D6A91F002C77E23CCBA

Filesize
5KB

MD5
a383ed48037cd6d23aba4d9ca5e922a3

SHA1
90adf56648791d2577a20b7a2f9df371ed78a8ba

SHA256
9f9079dda64edfb00e12b02fa9cdb993aaece202b42430a8e8b03860bdf7552c

SHA512
e7b1384ab70d046bd6e6132035668df67f4263bbc066ee4c08915ec8638bb677f8e6635312e086f369e03b462f432bdf63ef7a0aa33cabf1790c762b775d1535

Download Submit
/var/db/.LastGKReject

Filesize
181B

MD5
2de6a04cdba79ed13580c47dfd70cc5f

SHA1
bcefe0558555914d731c16b1778c49e77fe06b99

SHA256
97704a8960b4facceef54397a08fb5d0a456247c3627359215aa2a27df22656c

SHA512
605dc81b28c530fc8ebcf3c5a28486af8bbd3303ee5df53b5424e492e5dbe01baa0468fa4da1398451a62dff4d45067a2bf765f7def9ca0890883484de38a13b

Download Submit
/var/db/.LastGKReject

Filesize
2KB

MD5
a1657eca7d1c5bb6e75d966dbde6d5bd

SHA1
f0372569d2ffecc45d13345c5aa78e1b0f2a93de

SHA256
8658c20119305c9ace22f5b66e8a0bc70f393c8852d5c8ca943a9791721b4889

SHA512
8c9d059a22e3bff255bdeddda48bd3e0656c9556eec4245a9c401288006cb647c791b9ee3561823f9f0a8faf7593fd290b880a7d46da2bb674c7615343f11dbb

Download Submit
/var/db/.LastGKReject

Filesize
2KB

MD5
153af37975dcac54199c179d39e5eea7

SHA1
8783083a3e7c7392c4ee82e61a3807d301d21faa

SHA256
ad23281be4341c3b236136e5a7d5f536c15ae2e988d836daaab7c7a9be5d04cc

SHA512
5c7d7bf9cb0e369c876cb84e6ccb61aa7902e02c181002b0811db9404e0576c747b70059190dede0c3aea66451ee3a72289540f9652e0e489c5e42e335dd7aa1

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
294KB

MD5
4cf3c715ae94f49da18cf8197b6c3d24

SHA1
17f5206f3ae3afdcbd1b092add4846b24952d322

SHA256
83d987154ee330a4e4389714bedf3bebc01e0395702a23ddeb12d0a907e7d6db

SHA512
b921baa257be6048bd66c6b374ce5288ae3c3e21c0f646b03c2d1ec952445cc31664054a42373a857afcad20ea40ea2bc53d89ba26d817fa04486e4c55d06b71

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
17.2MB

MD5
8a8abd42fbf155b8a2c655e5c3541d16

SHA1
ca5ea74657d01362f66c6afe004477b67ed1dbd5

SHA256
a776aeb641c2f9b4b2b44b59a4922f91c3410f50cc1ae33c2a7ba9b9348df48f

SHA512
5957e369677ab53a696071c03cd12c12da8c9d800312cf7b9476920b432bb0df2d703deb150ea7ff6beee02cbe028a465f5fdaa4ab02da2c04515e9358a68a24

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
133KB

MD5
3a7b9cdd141c32c56020219c747439ce

SHA1
d00a5f17f64363cee413eb0987eecb9abff33493

SHA256
585dfe4b80cc746b29f5213bb66d6514ecd23ac2349170accbb3ffc22cf5e1f1

SHA512
5a60047d7b373c763f2639ec413dc4fe84e67a6f16063e249362c389c0734753b390d907ae93b1ba92d0095039dea87bbebe803fca13026675c55cef557bce59

Download Submit