macOS
Analysis Report
ZNznZtSA34
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Analysis Advice
All domains contacted by the sample do not resolve. The sample is likely an old dropper which does no longer work. |
Joe Sandbox Version: | |
Analysis ID: | 165917 |
Start date and time: 04/05/202212:10:41 | 2022-05-04 12:10:41 +02:00 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 4m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ZNznZtSA34 |
Cookbook file name: | macOS - Big Sur - load provided binary as normal user.jbs |
Analysis system description: | Mac Mini, Big Sur (Office 2019 16.55, Java 1.8.0_311) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal80.troj.evad.mac@0/15@1/0 |
- Excluded domains from analysis (whitelisted): b._dns-sd._udp.0.0.168.192.in-addr.arpa, db._dns-sd._udp.0.0.168.192.in-addr.arpa
Command: | sudo -u drew /Users/drew/Desktop/ZNznZtSA34 |
PID: | 1110 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
- System is mac-bigsur
- mono-sgen64 New Fork (PID: 1110, Parent: 1068)
- sudo New Fork (PID: 1111, Parent: 1110)
- ZNznZtSA34 New Fork (PID: 1112, Parent: 1111)
- ZNznZtSA34 New Fork (PID: 1118, Parent: 1111)
- bash New Fork (PID: 1119, Parent: 1118)
- ZNznZtSA34 New Fork (PID: 1120, Parent: 1111)
- bash New Fork (PID: 1121, Parent: 1120)
- ZNznZtSA34 New Fork (PID: 1122, Parent: 1111)
- bash New Fork (PID: 1123, Parent: 1122)
- ZNznZtSA34 New Fork (PID: 1124, Parent: 1111)
- bash New Fork (PID: 1125, Parent: 1124)
- ZNznZtSA34 New Fork (PID: 1126, Parent: 1111)
- bash New Fork (PID: 1127, Parent: 1126)
- ZNznZtSA34 New Fork (PID: 1142, Parent: 1111)
- bash New Fork (PID: 1143, Parent: 1142)
- xpcproxy New Fork (PID: 1115, Parent: 1)
- xpcproxy New Fork (PID: 1128, Parent: 1)
- FinderFontsUpdater New Fork (PID: 1130, Parent: 1128)
- safarifontsagent New Fork (PID: 1131, Parent: 1130)
- bash New Fork (PID: 1132, Parent: 1131)
- sh New Fork (PID: 1133, Parent: 1130)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nukesped_2 | Yara detected Nukesped | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nukesped_2 | Yara detected Nukesped | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Nukesped_2 | Yara detected Nukesped | Joe Security |
Click to jump to signature section
Source: | DNS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior | ||
Source: | SIGKILL sent: | Jump to behavior |
Source: | Classification label: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Persistence and Installation Behavior |
---|
Source: | FAT Mach-O written to unusual path: | Jump to dropped file | ||
Source: | FAT Mach-O written to unusual path: | Jump to dropped file |
Source: | Application opened: | Jump to behavior |
Source: | Killall command executed: | Jump to behavior |
Source: | Application opened: | Jump to behavior |
Source: | File written: | Jump to dropped file |
Source: | File header: |
Source: | File written: | Jump to dropped file |
Source: | Saved state directory opened: | Jump to behavior |
Source: | Bundle code signature resource File created: | Jump to behavior |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | Bundle Info.plist File created: | Jump to behavior |
Source: | Rm executable: | Jump to behavior |
Source: | Pgrep executable: | Jump to behavior | ||
Source: | Pgrep executable: | Jump to behavior | ||
Source: | Pgrep executable: | Jump to behavior |
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file |
Source: | XML plist file created: | Jump to dropped file | ||
Source: | XML plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file | ||
Source: | XML plist file created: | Jump to dropped file |
Source: | String containing user path: | ||
Source: | String containing user path: | ||
Source: | String containing user path: |
Source: | AppleKeyboardLayouts info plist opened: | Jump to behavior |
Source: | Random device file read: | Jump to behavior |
Source: | CodeSign Info: |
Source: | Launch agent created File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Kills( terminal apps: | Jump to behavior |
Source: | Saved state deleted: | Jump to behavior |
Source: | PDF opened with default viewer: | Jump to behavior |
Source: | Submission file: | ||
Source: | Submission file: |
Source: | Sysctl read request: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | sw_vers executed: | Jump to behavior |
Source: | Sysctl read request: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | 1 Launch Agent | 1 Launch Agent | 2 Masquerading | OS Credential Dumping | 51 System Information Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Scripting | 1 Plist Modification | 1 Plist Modification | 1 Scripting | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Invalid Code Signature | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Code Signing | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 File Deletion | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
onlinestockwatch.net | unknown | unknown | false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown |
Process: | /Users/drew/Desktop/ZNznZtSA34 |
File Type: | |
Category: | dropped |
Size (bytes): | 660978 |
Entropy (8bit): | 7.991068328895131 |
Encrypted: | true |
SSDEEP: | 12288:C5iSX6f78tMI7XqcAifTvjme6MHPGuwy4zmg7RQfgf1wviNVl6lbDsk5:C5iSX6zsx6s3VOjlf1warlcbDR5 |
MD5: | F9CF136A529A162CDFA472BF1748D19B |
SHA1: | 4A7B1736DA2CAEFCEF7A3C2F8FD71D0FE8E30551 |
SHA-256: | 2EDF2A7C3C1C175A98FEC99329125C2F68029D24734B4F75C4AE1915F0054B98 |
SHA-512: | 10C7F7AEB88C1C1BEB0B2821950E35FBAB29716B8C76A2B0A671B43195F5594BD471301712F882257A23203A76F238741C04EB1C9E2BA36C754FDE15CCEFD7F0 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 1571 |
Entropy (8bit): | 5.145387344297517 |
Encrypted: | false |
SSDEEP: | 48:cfyfJQBh1cw1O0giH2IcSsG7vGFOl2+dSg:CyhQBncw1O0giHVcSl7eFOl2+dSg |
MD5: | 78AF5670320B828CA61D65019880F9E5 |
SHA1: | 8AA7D431368ADFB3DD0EA0523837E76C3EC4C82F |
SHA-256: | B86EBBAFFDA5D64A0306CAF1427A741787EBE0437415FFE3062A12F707D8008B |
SHA-512: | 41ADF57037CAB2006144D851FE095B24679E70870830C824EFFBE7BDB8133593E63E8339ACA58AD8C744D2E1B183D37E8E0AF4C87225D2E853B53E0D52B32ACA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 189376 |
Entropy (8bit): | 3.0827430651154764 |
Encrypted: | false |
SSDEEP: | 1536:eCz/yOBuNs2Rp+NL2F7gMJAzqiHWTSaEi:JpBis2Rp+9ycJpHo |
MD5: | C6AD06BA0F0D2305596E013AE19C8B5A |
SHA1: | FE859502B54CA31BC2EE701113A37E73A5EE7824 |
SHA-256: | A0BF5AF3F931A428B905FD14D43B61AF47B7F272425AE4FF4D78B5CB139B8276 |
SHA-512: | 292A12E068775CD17A201FB96D7B36E962E36EB54165BFD0F34D18520D00456215B8F448AB9398A1ADF48FF46540B93E5D82ECE2BFA551F08BDB7B17C98EFA01 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 1.75 |
Encrypted: | false |
SSDEEP: | 3:k0Ra:f8 |
MD5: | 23B7D7D024ABB0F558420E098800BF27 |
SHA1: | 9F9EEA0CFE2D65F2C3D6B092E375B40782D08F31 |
SHA-256: | 82502191C9484B04D685374F9879A0066069C49B8ACAE7A04B01D38D07E8ECA0 |
SHA-512: | F77D501528DD0CED155C80406CFBEE38D5D3649B64D2A9324F3D6CEE39491EB8F54CDEBAE49C6E21A20D2309D8FAE1B01C41631224811E73483DB25A2695738C |
Malicious: | false |
Reputation: | low |
Preview: |
/Users/drew/Library/Fonts/FinderFontsUpdater.app/Contents/Resources/en.lproj/Credits.rtf
Download File
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 436 |
Entropy (8bit): | 4.962904598670011 |
Encrypted: | false |
SSDEEP: | 6:edsqSm+BhYrJDeXsVamc7QTf9KX6UVlWmVPOeIWXFflm0yD8AqriAke+2QxRo59v:5qSmsYinmY25MlWmVPOKIJQjiAke+pwN |
MD5: | F0D4A61CAF597423FF07C5E9B24A345E |
SHA1: | 60A248148B319DE26E36424D25021C2488E23CE8 |
SHA-256: | B4386FE1CEF65CD91E6C8ECC065D117089083F91B7CADBF0C3E5EAE20E8B9640 |
SHA-512: | E361011499CF70FC71E247FDDA71F49D913654A983AA4AE67D00DC977E53B9CF0D88D4D2AC07EFE248261C3AB6E3345E829E22DDA3E51DCCC221A94C660ACE69 |
Malicious: | false |
Reputation: | low |
Preview: |
/Users/drew/Library/Fonts/FinderFontsUpdater.app/Contents/Resources/en.lproj/InfoPlist.strings
Download File
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 92 |
Entropy (8bit): | 3.2610300066712608 |
Encrypted: | false |
SSDEEP: | 3:Qwh+yEilSlJlqXMLLkFlVlRDBWjUoFY9n:QpXioJqcLwVlRNWwou9n |
MD5: | 51EF59B60E5B41B91519CC662A9FE886 |
SHA1: | 3222CA0C39EB50AAF8126BAF852E55430C4718AF |
SHA-256: | 39CF2EE07B7B333E7C179D0BF4D798A5B72AF6A4E584F51E642703BBFA4FC828 |
SHA-512: | 3952A908B72D44040F5072F6344F6327FC78981C3AA55E931ACAE84C0C9BCC0D148991CD564AF4803765C328CBF5F7EFE9EB558FC56E47E8206B7B706026F30A |
Malicious: | false |
Reputation: | low |
Preview: |
/Users/drew/Library/Fonts/FinderFontsUpdater.app/Contents/Resources/en.lproj/MainMenu.nib
Download File
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 27276 |
Entropy (8bit): | 6.9819805236906145 |
Encrypted: | false |
SSDEEP: | 768:ZNRgvAgjaql6TFRGpdHlV9T7UcGQ+jalffZmTU1U/6nwrAFZu5X3f1P:1gvAiaqsTFopdHiRku/2w0Fw9P1P |
MD5: | 05A768DCAC969B7ED6FF1D00481C04AA |
SHA1: | E6DD855D3B4E378FE0C711536B4CB6252D4550E5 |
SHA-256: | 0BDFE59083764533CD5CBE8202D888FCF36C363D3AA66B95DFC638D60D399C27 |
SHA-512: | 9CC1CD2C6C201CCD7ADCAC134E438170DC8B2CC36EE15EEDF3CDB4CC1D6A36FA5AC7336731A8B048E9F5449A86D1EFFED76469945BEC70E5A98C8E0AFBA8CC61 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 3511 |
Entropy (8bit): | 4.994229376408988 |
Encrypted: | false |
SSDEEP: | 96:CyhCcZo2acTLDkYT2BLDzFNQpO/YTbJvy:XRdLEDzko |
MD5: | 8989281A117726E28DF99A9D2ED54E2A |
SHA1: | 8488C7C93DDED1E7DC63DDFCE952C19937B53FAA |
SHA-256: | D36B36865184EAAF3E0005BEDF16A1AAFC7CD71FBD66D313540C9CFA3BF2072E |
SHA-512: | 2FDB42257BFD84BA31DA9B8483ABDFC3206CD1AF24D505DAF6D57B7AF2AEC210ADAA40F7936585D705CCC7EBA587E9303926B0F9814785C524E5CAB901BA148B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Users/drew/Desktop/ZNznZtSA34 |
File Type: | |
Category: | dropped |
Size (bytes): | 50409 |
Entropy (8bit): | 7.989497286442078 |
Encrypted: | false |
SSDEEP: | 768:XUl+S+HbnCGcFv/jFSsesGg1Szu+36BzUNYvJHSCFw6AdFeXsWzf:XNS+HbCGmj5eRg1SzLhNa1SC+6aFeXf |
MD5: | D989AE035A7EDD5D5C368D5058557224 |
SHA1: | 3B770CBE280B8D66D5DB64F159118F32129CD327 |
SHA-256: | F5FC72C68D56A0C37B4D0034C7E53BEA0DC8F04782694FD770915DFC34169E8C |
SHA-512: | 3195590518498E3E1C8FB52000B4863D19ABA5576F532673291DA6F7CDCE94DA243BF5919E55A03E4C284FA0AD641BBA7E4FB6C40CF29D346B6B65950122AB54 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /usr/bin/tar |
File Type: | |
Category: | dropped |
Size (bytes): | 155520 |
Entropy (8bit): | 2.040985715769528 |
Encrypted: | false |
SSDEEP: | 384:yvQS58NIe/ABSdEGukoQTih2e8R1IJz12k2uk28U93XNYcYMaX8RErdmSl4pGVV2:yv5MuZ3kAr8k3dYcYMVm5m26t8M |
MD5: | 8FD522272D06D460EA668D2F87A1E353 |
SHA1: | A2A0188A6387CB9BDE92EBBBDC43BF6B486FE820 |
SHA-256: | 315503862CB7EBB0A731483827016015E355BAD51F872DB5C650A822DE744937 |
SHA-512: | 95D0748D6EEFBEC8171083D6233A376A219841E1D913121D669B2E92DF90A9799539FE18F4423210956A6927F35586B9D0F866D4932E532692C11F3CB5D1AA2C |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | /Users/drew/Desktop/ZNznZtSA34 |
File Type: | |
Category: | dropped |
Size (bytes): | 20538 |
Entropy (8bit): | 7.972582062085289 |
Encrypted: | false |
SSDEEP: | 384:gYwPZISogFbJBVJLNYd5ODiQBZX4ziYKID3OAd/RskqWvLdW:tnEJB/mSRID3LJqWTdW |
MD5: | DB266844D6239888E53F977FC53EFC67 |
SHA1: | 94B5EB8CBFD63F0456212376CA32324E2727E03B |
SHA-256: | B4507B0DDABAB1B3D0723745977AB56ACC0B6F3620DB2355415E9F562A4E4496 |
SHA-512: | F29BE49F608A65DB9870336E1794C4DDE9CABCE3367481565CAC4DDF034A2192309ED568BFAE00740B3CBF4618CDE59ADD6675A501AA8280A012E811D65868D5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Users/drew/Desktop/ZNznZtSA34 |
File Type: | |
Category: | dropped |
Size (bytes): | 457 |
Entropy (8bit): | 5.224719870128861 |
Encrypted: | false |
SSDEEP: | 12:TMHd4+tJVEdQsv9SPBnDho+48OWOjM1MH+EM+4bP+v:2d6ysvIBdoVBvM0jMVDE |
MD5: | ABD8D1D28B44573C2A1594F4502E314C |
SHA1: | 53761AF4D1F64E1EADB762501C47F7233EBC128A |
SHA-256: | 3B773DF5DD1586AB88C3782ED56998FE832623C6ECF64CD9B109B06A3BC36302 |
SHA-512: | 83F18845347D0E5106CBB2DBEB6FE073E1194FEA353011E8BB7455B84501C2E8071EC8A522E21762F01AEC2AAEB3489652F6EB0DDF39694596541ECDFE3F8E67 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /System/Applications/Preview.app/Contents/MacOS/Preview |
File Type: | |
Category: | dropped |
Size (bytes): | 456 |
Entropy (8bit): | 5.18419995677302 |
Encrypted: | false |
SSDEEP: | 12:C2BT6dUBJIfKtrPtXhF4FSd9pmvRABJPv:CcD4uzBhF4F09YY1v |
MD5: | 5A718B9FFE000FED9E6AEE846D474926 |
SHA1: | E0DCA244B3E5F612C6D70B499601E69703801DA4 |
SHA-256: | 32927A8D74C4080E528C934A91D927A17154A5A11A64150A05634AFA25EB5010 |
SHA-512: | 036BAEE1249560924D3B530209FA655071B4255BD976AC7E16B83AC3F5A310522DDF10CD8FAC2D4A6C2F5C45C4ED31913835519CFDBCE56339F3B3BF4BB78EDF |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/mw/_t374r4n1hz_ph6rs1f42z2r0000gn/C/com.apple.Preview/com.apple.Preview/com.apple.metal/16777237_9765376/functions.list
Download File
Process: | /System/Applications/Preview.app/Contents/MacOS/Preview |
File Type: | |
Category: | dropped |
Size (bytes): | 496 |
Entropy (8bit): | 5.850277362570197 |
Encrypted: | false |
SSDEEP: | 12:fKdS6f0H0SKHoi17/SITur/CbNlIzrbL:CdpsHFOoyrUUarv |
MD5: | EE54198E4FD547359A4112A9F6BF8427 |
SHA1: | 814C014B4615468359D44960A15398578E9F409B |
SHA-256: | 9E78BB92F591FE7640655D5CE0C7882D33391D9B782464CE187BF5ABEFCB28A4 |
SHA-512: | D9E424A035EA5D7993723065C7E8BD7B6FF50D531F068C7973CE7A8760A902E2F3808A9179224C71501C2BBFE148A2E026A30A8990CD8BD83A895590E34ACBCA |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/mw/_t374r4n1hz_ph6rs1f42z2r0000gn/C/com.apple.Preview/com.apple.Preview/com.apple.metal/31001/libraries.list
Download File
Process: | /System/Applications/Preview.app/Contents/MacOS/Preview |
File Type: | |
Category: | dropped |
Size (bytes): | 832 |
Entropy (8bit): | 5.82773989951035 |
Encrypted: | false |
SSDEEP: | 12:8QpkyHr31DkllpfT0hb24+D6u2ZJe/9f/b/hXumgT1ag4h3/4/Ebq6uijHeWtMJl:xk458fT0h2WZM/dDZX9rh3AKtDMl |
MD5: | B1529BF4E4B59ADEBB046AE20182F14C |
SHA1: | F8CCD14DBD33598452D9434445151E17F5A1C8BC |
SHA-256: | A2C16A167856DA38243CB7EDC3A03DE39445FF6FA858FD65BCF0E0D0B4809E93 |
SHA-512: | 27BC779766E0465BD0B27A3237F58B01965114B4E9086963091BFB735A174832BE4669D1F097B177FAAF3E336551511DFFC4BA3BBBCD3C4596743DB35B011F38 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.77490767672688 |
TrID: |
|
File name: | ZNznZtSA34 |
File size: | 1618272 |
MD5: | 51731fd8bd72d6cc4c8a58810d1a627f |
SHA1: | f44215738d5d0032b890bd596a597c19ef1a672c |
SHA256: | 55571ac52e1f02f18af77e2f3314382c982a37744b58732dfc15faac9d66619f |
SHA512: | b11910261a735f173d60d0f718931438a16f93c2b68f070724ef4ed157fba4633d3287b4b4760664bd1c280999aff0ba377f2123b60c1870e7d08deaa0064731 |
SSDEEP: | 24576:15iSX6zsx6s3VOjlf1warlcbDRErt5iSX6zsx6s3VOjlf1warlcbDRsrr:zTx6slEliarMyTx6slEliarM |
TLSH: | 5B7523629AA42C9DC78903BDDE4B7E29760DF013B1E680760B5AC3FB4598B7EB5051C3 |
File Content Preview: | ..................@...1`..................1`................................................................................................................................................................................................................... |
|
General Information for header 1 | |
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x4000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x4000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA_CONST | ||||||||||||||||||||
vmaddr | 0x100004000 | ||||||||||||||||||||
vmsize | 0x4000 | ||||||||||||||||||||
fileoff | 0x4000 | ||||||||||||||||||||
filesize | 0x4000 | ||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||
nsects | 1 | ||||||||||||||||||||
flags | 0x10 | ||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | ||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100008000 | ||||||||||||||||||||||||||||||||||||||||
vmsize | 0xB4000 | ||||||||||||||||||||||||||||||||||||||||
fileoff | 0x8000 | ||||||||||||||||||||||||||||||||||||||||
filesize | 0xB4000 | ||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||
nsects | 3 | ||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x1000BC000 |
vmsize | 0x8000 |
fileoff | 0xBC000 |
filesize | 0x7160 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
Name | Value |
---|---|
rebase_off | 770048 |
rebase_size | 8 |
bind_off | 770056 |
bind_size | 48 |
weak_bind_off | 0 |
weak_bind_size | 0 |
lazy_bind_off | 770104 |
lazy_bind_size | 464 |
export_off | 770568 |
export_size | 32 |
Name | Value |
---|---|
symoff | 770624 |
nsyms | 128 |
stroff | 772936 |
strsize | 1184 |
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 93 |
iextdefsym | 93 |
nextdefsym | 1 |
iundefsym | 94 |
nundefsym | 34 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 772672 |
nindirectsyms | 66 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
Name | Value |
---|---|
name | 12 |
Datas |
Name | Value |
---|---|
uuid | b'\x0f\r\x1a\xe9\xfc\xe47\xf2\xb7e\x10\xae\x8b|\x073' |
Name | Value |
---|---|
platform | 1 |
minos | 721152 |
sdk | 721152 |
ntools | 1 |
Datas |
Name | Value |
---|---|
version | 0 |
Name | Value |
---|---|
entryoff | 14464 |
stacksize | 0 |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 904.4.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1292.60.1 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
dataoff | 770600 |
datasize | 24 |
Name | Value |
---|---|
dataoff | 770624 |
datasize | 0 |
Name | Value |
---|---|
dataoff | 774128 |
datasize | 24944 |
/Users/goldmac/Library/Developer/Xcode/DerivedData/Build/Intermediates.noindex/SelfExtractor.build/Release/SelfExtractor.build/Objects-normal/x86_64/main.o |
/Volumes/Dev/Shared/Mac/SelfExtractor/SelfExtractor/ |
__Z10strreversePcS_ |
__Z10strreversePcS_ |
__Z11ExecuteFilePc |
__Z11ExecuteFilePc |
__Z11GetUserNamev |
__Z11GetUserNamev |
__Z11GlobalAllocjj |
__Z11GlobalAllocjj |
__Z11startDaemonv |
__Z11startDaemonv |
__Z15IsSafariFAExistv |
__Z15IsSafariFAExistv |
__Z16SecureZeroMemoryPvm |
__Z16SecureZeroMemoryPvm |
__Z4itoaiPci |
__Z4itoaiPci |
__Z5ShellPcS_ |
__Z5ShellPcS_ |
__Z6popen2PKcPiS1_ |
__Z6popen2PKcPiS1_ |
__Z6popen2PKcPiS1_.cold.1 |
__Z6popen2PKcPiS1_.cold.1 |
__Z6thExecPv |
__Z6thExecPv |
__Z7pclose2i |
__Z7pclose2i |
__Z8WriteLogPc |
__Z8WriteLogPc |
__ZZ4itoaiPciE3num |
____chkstk_darwin |
___bzero |
___stack_chk_fail |
___stack_chk_guard |
__dyld_private |
__mh_execute_header |
_access |
_atoi |
_close |
_data |
_data |
_data2 |
_data2 |
_data3 |
_data3 |
_data4 |
_data4 |
_data5 |
_data5 |
_dup2 |
_execl |
_exit |
_fclose |
_fopen |
_fork |
_free |
_fwrite |
_g_szUserName |
_g_szUserName |
_getenv |
_kill |
_main |
_main |
_malloc |
_mkdir |
_open |
_perror |
_pipe |
_read |
_remove |
_sleep |
_snprintf |
_strcat |
_strcpy |
_strlen |
_strrchr |
_time |
_waitpid |
_write |
dyld_stub_binder |
main.cpp |
____chkstk_darwin |
___bzero |
___stack_chk_fail |
_access |
_atoi |
_close |
_dup2 |
_execl |
_exit |
_fclose |
_fopen |
_fork |
_free |
_fwrite |
_getenv |
_kill |
_malloc |
_mkdir |
_open |
_perror |
_pipe |
_read |
_remove |
_sleep |
_snprintf |
_strcat |
_strcpy |
_strlen |
_strrchr |
_time |
_waitpid |
_write |
General Information for header 2 | |
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x4000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x4000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA_CONST | ||||||||||||||||||||
vmaddr | 0x100004000 | ||||||||||||||||||||
vmsize | 0x4000 | ||||||||||||||||||||
fileoff | 0x4000 | ||||||||||||||||||||
filesize | 0x4000 | ||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||
nsects | 1 | ||||||||||||||||||||
flags | 0x10 | ||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | ||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100008000 | ||||||||||||||||||||||||||||||||||||||||
vmsize | 0xB4000 | ||||||||||||||||||||||||||||||||||||||||
fileoff | 0x8000 | ||||||||||||||||||||||||||||||||||||||||
filesize | 0xB4000 | ||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||
nsects | 3 | ||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x1000BC000 |
vmsize | 0x8000 |
fileoff | 0xBC000 |
filesize | 0x7160 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
Name | Value |
---|---|
rebase_off | 770048 |
rebase_size | 8 |
bind_off | 770056 |
bind_size | 64 |
weak_bind_off | 0 |
weak_bind_size | 0 |
lazy_bind_off | 770120 |
lazy_bind_size | 440 |
export_off | 770560 |
export_size | 32 |
Name | Value |
---|---|
symoff | 770624 |
nsyms | 128 |
stroff | 772936 |
strsize | 1184 |
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 93 |
iextdefsym | 93 |
nextdefsym | 1 |
iundefsym | 94 |
nundefsym | 34 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 772672 |
nindirectsyms | 65 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
Name | Value |
---|---|
name | 12 |
Datas |
Name | Value |
---|---|
uuid | b'\xab\xfaB\xd6\xa8\r1\x11\x92P\x885y\xda\xeez' |
Name | Value |
---|---|
platform | 1 |
minos | 721152 |
sdk | 721152 |
ntools | 1 |
Datas |
Name | Value |
---|---|
version | 0 |
Name | Value |
---|---|
entryoff | 14408 |
stacksize | 0 |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 904.4.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1292.60.1 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
dataoff | 770592 |
datasize | 32 |
Name | Value |
---|---|
dataoff | 770624 |
datasize | 0 |
Name | Value |
---|---|
dataoff | 774128 |
datasize | 24944 |
/Users/goldmac/Library/Developer/Xcode/DerivedData/Build/Intermediates.noindex/SelfExtractor.build/Release/SelfExtractor.build/Objects-normal/arm64/main.o |
/Volumes/Dev/Shared/Mac/SelfExtractor/SelfExtractor/ |
__Z10strreversePcS_ |
__Z10strreversePcS_ |
__Z11ExecuteFilePc |
__Z11ExecuteFilePc |
__Z11GetUserNamev |
__Z11GetUserNamev |
__Z11GlobalAllocjj |
__Z11GlobalAllocjj |
__Z11startDaemonv |
__Z11startDaemonv |
__Z15IsSafariFAExistv |
__Z15IsSafariFAExistv |
__Z16SecureZeroMemoryPvm |
__Z16SecureZeroMemoryPvm |
__Z4itoaiPci |
__Z4itoaiPci |
__Z5ShellPcS_ |
__Z5ShellPcS_ |
__Z6popen2PKcPiS1_ |
__Z6popen2PKcPiS1_ |
__Z6popen2PKcPiS1_.cold.1 |
__Z6popen2PKcPiS1_.cold.1 |
__Z6thExecPv |
__Z6thExecPv |
__Z7pclose2i |
__Z7pclose2i |
__Z8WriteLogPc |
__Z8WriteLogPc |
__ZZ4itoaiPciE3num |
___chkstk_darwin |
___stack_chk_fail |
___stack_chk_guard |
__dyld_private |
__mh_execute_header |
_access |
_atoi |
_bzero |
_close |
_data |
_data |
_data2 |
_data2 |
_data3 |
_data3 |
_data4 |
_data4 |
_data5 |
_data5 |
_dup2 |
_execl |
_exit |
_fclose |
_fopen |
_fork |
_free |
_fwrite |
_g_szUserName |
_g_szUserName |
_getenv |
_kill |
_main |
_main |
_malloc |
_mkdir |
_open |
_perror |
_pipe |
_read |
_remove |
_sleep |
_snprintf |
_strcat |
_strcpy |
_strlen |
_strrchr |
_time |
_waitpid |
_write |
dyld_stub_binder |
main.cpp |
___stack_chk_fail |
_access |
_atoi |
_bzero |
_close |
_dup2 |
_execl |
_exit |
_fclose |
_fopen |
_fork |
_free |
_fwrite |
_getenv |
_kill |
_malloc |
_mkdir |
_open |
_perror |
_pipe |
_read |
_remove |
_sleep |
_snprintf |
_strcat |
_strcpy |
_strlen |
_strrchr |
_time |
_waitpid |
_write |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 12:12:51.356837988 CEST | 49196 | 5223 | 192.168.0.52 | 17.57.146.68 |
May 4, 2022 12:12:51.365677118 CEST | 5223 | 49196 | 17.57.146.68 | 192.168.0.52 |
May 4, 2022 12:12:51.367044926 CEST | 49196 | 5223 | 192.168.0.52 | 17.57.146.68 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 12:11:03.726665974 CEST | 56584 | 53 | 192.168.0.52 | 8.8.8.8 |
May 4, 2022 12:11:03.739439964 CEST | 53 | 56584 | 8.8.8.8 | 192.168.0.52 |
May 4, 2022 12:11:06.346901894 CEST | 53 | 49871 | 8.8.8.8 | 192.168.0.52 |
May 4, 2022 12:11:06.347028971 CEST | 53 | 54666 | 8.8.8.8 | 192.168.0.52 |
May 4, 2022 12:11:48.801620007 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:11:48.804954052 CEST | 63276 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:11:49.226402044 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:11:49.226490021 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:11:49.226494074 CEST | 138 | 138 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:11:54.450593948 CEST | 138 | 138 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:11:54.450684071 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:12:25.754362106 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:12:25.756386042 CEST | 53476 | 137 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:12:26.177056074 CEST | 138 | 138 | 192.168.0.52 | 192.168.0.255 |
May 4, 2022 12:12:26.177084923 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 4, 2022 12:11:03.726665974 CEST | 192.168.0.52 | 8.8.8.8 | 0x1db1 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 4, 2022 12:11:03.739439964 CEST | 8.8.8.8 | 192.168.0.52 | 0x1db1 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
System Behavior
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Library/Frameworks/Mono.framework/Versions/6.12.0/bin/mono-sgen64 |
Arguments: | n/a |
File size: | 4699168 bytes |
MD5 hash: | 98f65da8c6a62423d3f4cda359f06a87 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/sudo |
Arguments: | /usr/bin/sudo -u drew /Users/drew/Desktop/ZNznZtSA34 |
File size: | 1216576 bytes |
MD5 hash: | f21c2a2dc106642f7c38801e121c8c86 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/sudo |
Arguments: | n/a |
File size: | 1216576 bytes |
MD5 hash: | f21c2a2dc106642f7c38801e121c8c86 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | /Users/drew/Desktop/ZNznZtSA34 |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (open '/Users/drew/Library/Fonts/BitazuCapital_JobDescription.pdf' && rm -rf '/Users/drew/Library/Saved Application State/com.apple.Terminal.savedState') 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/open |
Arguments: | open /Users/drew/Library/Fonts/BitazuCapital_JobDescription.pdf |
File size: | 292560 bytes |
MD5 hash: | 81d0c6fefba2004d451915c6fa861914 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/rm |
Arguments: | rm -rf /Users/drew/Library/Saved Application State/com.apple.Terminal.savedState |
File size: | 105984 bytes |
MD5 hash: | 6cd9e187f33d60ce3cb05b12435f0673 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (tar zxvf '/Users/drew/Library/Fonts/safarifontsagent_' -C '/Users/drew/Library/Fonts') 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/tar |
Arguments: | tar zxvf /Users/drew/Library/Fonts/safarifontsagent_ -C /Users/drew/Library/Fonts |
File size: | 214896 bytes |
MD5 hash: | dbeb13c3b2ade21995470fde7650314a |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (tar zxvf '/Users/drew/Library/Fonts/fontsupdater_' -C '/Users/drew/Library/Fonts') 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/tar |
Arguments: | tar zxvf /Users/drew/Library/Fonts/fontsupdater_ -C /Users/drew/Library/Fonts |
File size: | 214896 bytes |
MD5 hash: | dbeb13c3b2ade21995470fde7650314a |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (pgrep -f safarifontsagent) 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/pgrep |
Arguments: | pgrep -f safarifontsagent |
File size: | 141136 bytes |
MD5 hash: | 8c476a299c23f6971101e7bbd6462c3c |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (pgrep -f safarifontsagent) 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/pgrep |
Arguments: | pgrep -f safarifontsagent |
File size: | 141136 bytes |
MD5 hash: | 8c476a299c23f6971101e7bbd6462c3c |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (open -a '/Users/drew/Library/Fonts/FinderFontsUpdater.app') 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/open |
Arguments: | open -a /Users/drew/Library/Fonts/FinderFontsUpdater.app |
File size: | 292560 bytes |
MD5 hash: | 81d0c6fefba2004d451915c6fa861914 |
Start time: | 12:11:03 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Desktop/ZNznZtSA34 |
Arguments: | n/a |
File size: | 1618272 bytes |
MD5 hash: | 51731fd8bd72d6cc4c8a58810d1a627f |
Start time: | 12:11:03 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (pgrep -f safarifontsagent) 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:03 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:03 |
Start date: | 04/05/2022 |
Path: | /usr/bin/pgrep |
Arguments: | pgrep -f safarifontsagent |
File size: | 141136 bytes |
MD5 hash: | 8c476a299c23f6971101e7bbd6462c3c |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 196720 bytes |
MD5 hash: | 395c4370ee6c31ff7061018e365ee7b9 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /System/Applications/Preview.app/Contents/MacOS/Preview |
Arguments: | /System/Applications/Preview.app/Contents/MacOS/Preview |
File size: | 5291440 bytes |
MD5 hash: | 510c4010daefc87831ff8730ab2f5092 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 196720 bytes |
MD5 hash: | 395c4370ee6c31ff7061018e365ee7b9 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Library/Fonts/FinderFontsUpdater.app/Contents/MacOS/FinderFontsUpdater |
Arguments: | /Users/drew/Library/Fonts/FinderFontsUpdater.app/Contents/MacOS/FinderFontsUpdater |
File size: | 189376 bytes |
MD5 hash: | c6ad06ba0f0d2305596e013ae19c8b5a |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Library/Fonts/FinderFontsUpdater.app/Contents/MacOS/FinderFontsUpdater |
Arguments: | n/a |
File size: | 189376 bytes |
MD5 hash: | c6ad06ba0f0d2305596e013ae19c8b5a |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Library/Fonts/safarifontsagent |
Arguments: | /Users/drew/Library/Fonts/safarifontsagent |
File size: | 155520 bytes |
MD5 hash: | 8fd522272d06d460ea668d2f87a1e353 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /Users/drew/Library/Fonts/safarifontsagent |
Arguments: | n/a |
File size: | 155520 bytes |
MD5 hash: | 8fd522272d06d460ea668d2f87a1e353 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | bash -c (killall Terminal) 2>&1 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/killall |
Arguments: | killall Terminal |
File size: | 122272 bytes |
MD5 hash: | f3e64d320b9eed9c6dbd97435daddded |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 120912 bytes |
MD5 hash: | 8356936fbf1eeb3548896b9206a685a0 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /bin/bash |
Arguments: | sh -c sw_vers -productVersion |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 12:11:02 |
Start date: | 04/05/2022 |
Path: | /usr/bin/sw_vers |
Arguments: | sw_vers -productVersion |
File size: | 121408 bytes |
MD5 hash: | 7e6a3895092064bd002ecb1d4300b0db |