Joe Sandbox Cloud Pro Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report lSrIxJfe79

Overview

General Information

Sample Name:lSrIxJfe79
Analysis ID:1304602
MD5:ecffbd1687bacaf5f766c92097435f14
SHA1:c2e0b35fd4f24e9e98319e10c6f2f803b01ec3f1
SHA256:cfa3d506361920f9e1db9d8324dfbb3a9c79723e702d70c3dc8f51825c171420

Most interesting Screenshot:

Detection

OceanLotus
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Detected macOS OceanLotus
Removes the quarantine attribute (used to protect from malware) from files
Yara detected OceanLotus
App bundle contains hidden files/directories
Executes the "ifconfig" command used to gather network information
Executes the "ioreg" command used to gather hardware information (I/O kit registry)
Explicitly modifies time stamps using the "touch" command
Likely queries the I/O Kit registry to detect VMs (based on "IOPlatformExpertDevice" class)
Process deletes its process image on disk
Process executable has an extension which is uncommon (probably to disguise the executable)
Process path indicates hidden application bundle (probably to disguise it)
Queries the unique Apple serial number of the machine
Searches for specific files/directories within the "Users" directory
Terminates several processes with shell command 'killall'
Writes Mach-O files to untypical directories
Changes permissions of written Mach-O files
Creates 'launchd' managed services aka launch agents with bundle ID names to possibly disguise malicious intentions
Creates memory-persistent launch services
Creates user-wide 'launchd' managed services aka launch agents
Deletes icon files
Executes commands using a shell command-line interpreter
Executes the "base64" command used to encode or decode data (e.g. files, payloads)
Executes the "chmod" command used to modify permissions
Executes the "find" command together with an exec argument (might be indicative for ransomware)
Executes the "rm" command used to delete files or directories
Executes the "sleep" command used to delay execution and potentially evade sandboxes
Executes the "system_profiler" command used to collect detailed system hardware and software information
Executes the "touch" command used to create files or modify time stamps
Executes the "uname" command used to read OS and architecture name
Explicitly loads/starts launch services
Explicitly unloads, stops, and/or removes launch services
Hides files and/or directories from GUI
Many shell processes execute programs via execve syscall (might be indicative for malicious behavior)
Queries OS software version with shell command 'sw_vers'
Reads hardware related sysctl values
Reads launchservices plist files
Reads the sysctl hardware model value (might be used for detecting VM presence)
Reads the systems OS release and/or type
Reads the systems hostname
Reads, modifies and/or removes extended attributes containing macOS specific file meta data
Sample tries to kill a process (SIGKILL)
Writes FAT Mach-O files to disk
Writes ZIP files to disk

Classification

Startup

  • System is mac1
  • ALL tim nha Chi Ngoc Canada (MD5: be43be21355fb5cc086da7cee667d6e7) Arguments: /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada
    • bash New Fork (PID: 554, Parent: 553)
      • bash New Fork (PID: 555, Parent: 554)
        • bash New Fork (PID: 556, Parent: 555)
        • dirname (MD5: 1c3b57818c27cfff8e7a7596709d6791) Arguments: dirname /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada
    • bash New Fork (PID: 557, Parent: 553)
    • basename (MD5: 22e3ead0b1fc8282c92bda50d5a66cf3) Arguments: basename /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada
    • bash New Fork (PID: 558, Parent: 553)
    • ls (MD5: d77c1dd5bb8e39c2dd27c96c3fd2263e) Arguments: ls /Users/henry/Downloads
    • bash New Fork (PID: 559, Parent: 553)
    • find (MD5: 1a070f1b112a0bbf99581914d1035970) Arguments: find /Users/henry -name *ALL tim nha Chi Ngoc Canada* -exec xattr -d com.apple.quarantine {} +
      • find New Fork (PID: 572, Parent: 559)
      • xattr (MD5: e2ca6555fe4b8c6a97d1ced2156c9b69) Arguments: xattr -d com.apple.quarantine /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada
      • Python (MD5: ba780ab677147d9db60c564ef3f51dd0) Arguments: /usr/bin/python /usr/bin/xattr-2.7 -d com.apple.quarantine /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada
    • bash New Fork (PID: 560, Parent: 553)
    • find (MD5: 1a070f1b112a0bbf99581914d1035970) Arguments: find / -name *ALL tim nha Chi Ngoc Canada* -exec xattr -d com.apple.quarantine {} +
    • bash New Fork (PID: 561, Parent: 553)
    • find (MD5: 1a070f1b112a0bbf99581914d1035970) Arguments: find /Users/henry -exec xattr -d com.apple.quarantine {} +
      • find New Fork (PID: 570, Parent: 561)
      • xattr (MD5: e2ca6555fe4b8c6a97d1ced2156c9b69) Arguments: xattr -d com.apple.quarantine /Users/henry /Users/henry/.bash_history /Users/henry/.bash_profile /Users/henry/.bash_sessions /Users/henry/.bash_sessions/1D29BF08-A0CC-4A14-9EBD-EEBB0B0F5DED.history /Users/henry/.bash_sessions/1D29BF08-A0CC-4A14-9EBD-EEBB0B0F5DED.historynew /Users/henry/.bash_sessions/1D29BF08-A0CC-4A14-9EBD-EEBB0B0F5DED.session /Users/henry/.bash_sessions/_expiration_check_timestamp /Users/henry/.CFUserTextEncoding /Users/henry/.DS_Store /Users/henry/.ssh /Users/henry/.Trash /Users/henry/.viminfo /Users/henry/Desktop /Users/henry/Desktop/.DS_Store /Users/henry/Desktop/.localized /Users/henry/Desktop/lSrIxJfe79.app /Users/henry/Desktop/unpack /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeDirectory /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeRequirements /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeResources /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeSignature /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Info.plist /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/PkgInfo /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Resources /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Resources/configureDefault.def /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Resources/info.icns /Users/henry/Documents /Users/henry/Documents/.localized /Users/henry/Downloads /Users/henry/Downloads/.DS_Store /Users/henry/Downloads/.localized /Users/henry/Library /Users/henry/Library/.localized /Users/henry/Library/Accounts /Users/henry/Library/Accounts/Accounts3.sqlite /Users/henry/Library/Accounts/Accounts3.sqlite-shm /Users/henry/Library/Accounts/Accounts3.sqlite-wal /Users/henry/Library/Accounts/Accounts4.sqlite /Users/henry/Library/Accounts/Accounts4.sqlite-shm /Users/henry/Library/Accounts/Accounts4.sqlite-wal /Users/henry/Library/Application Scripts /Users/henry/Library/Application Scripts/com.apple..NowPlayingWidgetContainer /Users/henry/Library/Application Scripts/com.apple.accessibility.heard /Users/henry/Library/Application Scripts/com.apple.accessibility.mediaaccessibilityd /Users/henry/Library/Application Scripts/com.apple.AddressBook /Users/henry/Library/Application Scripts/com.apple.AddressBook.ABPersonViewService /Users/henry/Library/Application Scripts/com.apple.AddressBook.ContactsAccountsService /Users/henry/Library/Application Scripts/com.apple.AddressBook.UrlForwarder /Users/henry/Library/Application Scripts/com.apple.AirPlayUIAgent /Users/henry/Library/Application Scripts/com.apple.AmbientDisplayAgent /Users/henry/Library/Application Scripts/com.apple.appkit.xpc.LegacyExternalColorPickerService /Users/henry/Library/Application Scripts/com.apple.appstore /Users/henry/Library/Application Scripts/com.apple.appstore.PluginXPCService /Users/henry/Library/Application Scripts/com.apple.AuthKitUI.AKFollowUpServerUIExtension /Users/henry/Library/Application Scripts/com.apple.BKAgentService /Users/henry/Library/Application Scripts/com.apple.calculator /Users/henry/Library/Application Scripts/com.apple.CalendarAgent /Users/henry/Library/Application Scripts/com.apple.CalendarFileHandler /Users/henry/Library/Application Scripts/com.apple.CalendarNotification.CalNCService /Users/henry/Library/Application Scripts/com.apple.CaptiveNetworkAssistant /Users/henry/Library/Application Scripts/com.apple.Chess /Users/henry/Library/Application Scripts/com.apple.CloudDocs.MobileDocumentsFileProvider /Users/henry/Library/Application Scripts/com.apple.CloudDocsDaemon.StorageManagement /Users/henry/Library/Application Scripts/com.apple.CloudPhotosConfiguration /Users/henry/Library/Application Scripts/com.apple.cloudphotosd /Users/henry/Library/Application Scripts/com.apple.contacts.donation-agent /Users/henry/Library/Application Scripts/com.apple.ContactsAgent /Users/henry/Library/Application Scripts/com.apple.ContactsUI.ContactPickerService /Users/henry/Library/Application Scripts/com.apple.coremedia.pluginformatreader /Users/henry/Library/Application Scripts/com.apple.CryptoTokenKit.pivtoken /Users/henry/Library/Application Scripts/com.apple.CryptoTokenKit.setoken /Users/henry/Library/Application Scripts/com.apple.DataDetectorsActionService /Users/henry/Library/Application Scripts/com.apple.DataDetectorsLocalSources /Users/henry/Library/Application Scripts/com.apple.DataDetectorsViewService /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.bluetooth /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.filevault /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.getmobilityinfo /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.installlog /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.maillogs /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.safari /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.spotlight /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.syslog /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.systemprofile /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.timemachine /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.wifi /Users/henry/Library/Application Scripts/com.apple.Dictionary /Users/henry/Library/Application Scripts/com.apple.FaceTime /Users/henry/Library/Application Scripts/com.apple.garageband10 /Users/henry/Library/Application Scripts/com.apple.geod /Users/henry/Library/Application Scripts/com.apple.Grab /Users/henry/Library/Application Scripts/com.apple.grapher /Users/henry/Library/Application Scripts/com.apple.iBooksX /Users/henry/Library/Application Scripts/com.apple.iBooksX-SecureUserDefaults /Users/henry/Library/Application Scripts/com.apple.iBooksX.CacheDelete /Users/henry/Library/Application Scripts/com.apple.iCal /Users/henry/Library/Application Scripts/com.apple.iCal.CalendarNC /Users/henry/Library/Application Scripts/com.apple.iChat /Users/henry/Library/Application Scripts/com.apple.ImageKit.RecentPictureService /Users/henry/Library/Application Scripts/com.apple.iMovieApp /Users/henry/Library/Application Scripts/com.apple.iPhoto /Users/henry/Library/Application Scripts/com.apple.iwork.ArchiveUpgrader /Users/henry/Library/Application Scripts/com.apple.iWork.Keynote /Users/henry/Library/Application Scripts/com.apple.iWork.Numbers /Users/henry/Library/Application Scripts/com.apple.iWork.Pages /Users/henry/Library/Application Scripts/com.apple.languageassetd /Users/henry/Library/Application Scripts/com.apple.lateragent /Users/henry/Library/Application Scripts/com.apple.Localization.SetDefaultsService /Users/henry/Library/Application Scripts/com.apple.LookupViewService /Users/henry/Library/Application Scripts/com.apple.mail /Users/henry/Library/Application Scripts/com.apple.MailCacheDelete /Users/henry/Library/Application Scripts/com.apple.MailServiceAgent /Users/henry/Library/Application Scripts/com.apple.Maps /Users/henry/Library/Application Scripts/com.apple.MarkupUI.Markup /Users/henry/Library/Application Scripts/com.apple.MarkupUI.MarkupPhotoExtension /Users/henry/Library/Application Scripts/com.apple.mediaanalysisd /Users/henry/Library/Application Scripts/com.apple.MediaLibraryService /Users/henry/Library/Application Scripts/com.apple.messages.MapRenderingService /Users/henry/Library/Application Scripts/com.apple.ncplugin.calculator /Users/henry/Library/Application Scripts/com.apple.ncplugin.FindMyFriends /Users/henry/Library/Application Scripts/com.apple.ncplugin.stocks /Users/henry/Library/Application Scripts/com.apple.ncplugin.weather /Users/henry/Library/Application Scripts/com.apple.ncplugin.WorldClock /Users/henry/Library/Application Scripts/com.apple.NetworkExtension.IKEv2Provider /Users/henry/Library/Application Scripts/com.apple.Notes /Users/henry/Library/Application Scripts/com.apple.Notes.datastore /Users/henry/Library/Application Scripts/com.apple.Notes.HTMLConverter /Users/henry/Library/Application Scripts/com.apple.Notes.NotesImporter /Users/henry/Library/Application Scripts/com.apple.Notes.SpotlightIndexExtension /Users/henry/Library/Application Scripts/com.apple.notificationcenterui.WeatherSummary /Users/henry/Library/Application Scripts/com.apple.OSDUIHelper /Users/henry/Library/Application Scripts/com.apple.osx-tailspin /Users/henry/Library/Application Scripts/com.apple.Pass-Viewer /Users/henry/Library/Application Scripts/com.apple.PassKit.PaymentAuthorizationUIExtension /Users/henry/Library/Application Scripts/com.apple.PassXPCService /Users/henry/Library/Application Scripts/com.apple.photoanalysisd /Users/henry/Library/Application Scripts/com.apple.PhotoBooth /Users/henry/Library/Application Scripts/com.apple.PhotoIngestService /Users/henry/Library/Application Scripts/com.apple.photolibraryd /Users/henry/Library/Application Scripts/com.apple.PhotoLibraryMigrationUtility /Users/henry/Library/Application Scripts/com.apple.photomodel /Users/henry/Library/Application Scripts/com.apple.photomoments /Users/henry/Library/Application Scripts/com.apple.Photos /Users/henry/Library/Application Scripts/com.apple.photos.ImageConversionService /Users/henry/Library/Application Scripts/com.apple.photos.VideoConversionService /Users/henry/Library/Application Scripts/com.apple.PhotoThemeService /Users/henry/Library/Application Scripts/com.apple.P
      • Python (MD5: ba780ab677147d9db60c564ef3f51dd0) Arguments: /usr/bin/python /usr/bin/xattr-2.7 -d com.apple.quarantine /Users/henry /Users/henry/.bash_history /Users/henry/.bash_profile /Users/henry/.bash_sessions /Users/henry/.bash_sessions/1D29BF08-A0CC-4A14-9EBD-EEBB0B0F5DED.history /Users/henry/.bash_sessions/1D29BF08-A0CC-4A14-9EBD-EEBB0B0F5DED.historynew /Users/henry/.bash_sessions/1D29BF08-A0CC-4A14-9EBD-EEBB0B0F5DED.session /Users/henry/.bash_sessions/_expiration_check_timestamp /Users/henry/.CFUserTextEncoding /Users/henry/.DS_Store /Users/henry/.ssh /Users/henry/.Trash /Users/henry/.viminfo /Users/henry/Desktop /Users/henry/Desktop/.DS_Store /Users/henry/Desktop/.localized /Users/henry/Desktop/lSrIxJfe79.app /Users/henry/Desktop/unpack /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeDirectory /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeRequirements /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeResources /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/_CodeSignature/CodeSignature /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Info.plist /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/MacOS/ALL tim nha Chi Ngoc Canada /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/PkgInfo /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Resources /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Resources/configureDefault.def /Users/henry/Desktop/unpack/ALL tim nha Chi Ngoc Canada.doc/Contents/Resources/info.icns /Users/henry/Documents /Users/henry/Documents/.localized /Users/henry/Downloads /Users/henry/Downloads/.DS_Store /Users/henry/Downloads/.localized /Users/henry/Library /Users/henry/Library/.localized /Users/henry/Library/Accounts /Users/henry/Library/Accounts/Accounts3.sqlite /Users/henry/Library/Accounts/Accounts3.sqlite-shm /Users/henry/Library/Accounts/Accounts3.sqlite-wal /Users/henry/Library/Accounts/Accounts4.sqlite /Users/henry/Library/Accounts/Accounts4.sqlite-shm /Users/henry/Library/Accounts/Accounts4.sqlite-wal /Users/henry/Library/Application Scripts /Users/henry/Library/Application Scripts/com.apple..NowPlayingWidgetContainer /Users/henry/Library/Application Scripts/com.apple.accessibility.heard /Users/henry/Library/Application Scripts/com.apple.accessibility.mediaaccessibilityd /Users/henry/Library/Application Scripts/com.apple.AddressBook /Users/henry/Library/Application Scripts/com.apple.AddressBook.ABPersonViewService /Users/henry/Library/Application Scripts/com.apple.AddressBook.ContactsAccountsService /Users/henry/Library/Application Scripts/com.apple.AddressBook.UrlForwarder /Users/henry/Library/Application Scripts/com.apple.AirPlayUIAgent /Users/henry/Library/Application Scripts/com.apple.AmbientDisplayAgent /Users/henry/Library/Application Scripts/com.apple.appkit.xpc.LegacyExternalColorPickerService /Users/henry/Library/Application Scripts/com.apple.appstore /Users/henry/Library/Application Scripts/com.apple.appstore.PluginXPCService /Users/henry/Library/Application Scripts/com.apple.AuthKitUI.AKFollowUpServerUIExtension /Users/henry/Library/Application Scripts/com.apple.BKAgentService /Users/henry/Library/Application Scripts/com.apple.calculator /Users/henry/Library/Application Scripts/com.apple.CalendarAgent /Users/henry/Library/Application Scripts/com.apple.CalendarFileHandler /Users/henry/Library/Application Scripts/com.apple.CalendarNotification.CalNCService /Users/henry/Library/Application Scripts/com.apple.CaptiveNetworkAssistant /Users/henry/Library/Application Scripts/com.apple.Chess /Users/henry/Library/Application Scripts/com.apple.CloudDocs.MobileDocumentsFileProvider /Users/henry/Library/Application Scripts/com.apple.CloudDocsDaemon.StorageManagement /Users/henry/Library/Application Scripts/com.apple.CloudPhotosConfiguration /Users/henry/Library/Application Scripts/com.apple.cloudphotosd /Users/henry/Library/Application Scripts/com.apple.contacts.donation-agent /Users/henry/Library/Application Scripts/com.apple.ContactsAgent /Users/henry/Library/Application Scripts/com.apple.ContactsUI.ContactPickerService /Users/henry/Library/Application Scripts/com.apple.coremedia.pluginformatreader /Users/henry/Library/Application Scripts/com.apple.CryptoTokenKit.pivtoken /Users/henry/Library/Application Scripts/com.apple.CryptoTokenKit.setoken /Users/henry/Library/Application Scripts/com.apple.DataDetectorsActionService /Users/henry/Library/Application Scripts/com.apple.DataDetectorsLocalSources /Users/henry/Library/Application Scripts/com.apple.DataDetectorsViewService /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.bluetooth /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.filevault /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.getmobilityinfo /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.installlog /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.maillogs /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.safari /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.spotlight /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.syslog /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.systemprofile /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.timemachine /Users/henry/Library/Application Scripts/com.apple.diagnosticextensions.osx.wifi /Users/henry/Library/Application Scripts/com.apple.Dictionary /Users/henry/Library/Application Scripts/com.apple.FaceTime /Users/henry/Library/Application Scripts/com.apple.garageband10 /Users/henry/Library/Application Scripts/com.apple.geod /Users/henry/Library/Application Scripts/com.apple.Grab /Users/henry/Library/Application Scripts/com.apple.grapher /Users/henry/Library/Application Scripts/com.apple.iBooksX /Users/henry/Library/Application Scripts/com.apple.iBooksX-SecureUserDefaults /Users/henry/Library/Application Scripts/com.apple.iBooksX.CacheDelete /Users/henry/Library/Application Scripts/com.apple.iCal /Users/henry/Library/Application Scripts/com.apple.iCal.CalendarNC /Users/henry/Library/Application Scripts/com.apple.iChat /Users/henry/Library/Application Scripts/com.apple.ImageKit.RecentPictureService /Users/henry/Library/Application Scripts/com.apple.iMovieApp /Users/henry/Library/Application Scripts/com.apple.iPhoto /Users/henry/Library/Application Scripts/com.apple.iwork.ArchiveUpgrader /Users/henry/Library/Application Scripts/com.apple.iWork.Keynote /Users/henry/Library/Application Scripts/com.apple.iWork.Numbers /Users/henry/Library/Application Scripts/com.apple.iWork.Pages /Users/henry/Library/Application Scripts/com.apple.languageassetd /Users/henry/Library/Application Scripts/com.apple.lateragent /Users/henry/Library/Application Scripts/com.apple.Localization.SetDefaultsService /Users/henry/Library/Application Scripts/com.apple.LookupViewService /Users/henry/Library/Application Scripts/com.apple.mail /Users/henry/Library/Application Scripts/com.apple.MailCacheDelete /Users/henry/Library/Application Scripts/com.apple.MailServiceAgent /Users/henry/Library/Application Scripts/com.apple.Maps /Users/henry/Library/Application Scripts/com.apple.MarkupUI.Markup /Users/henry/Library/Application Scripts/com.apple.MarkupUI.MarkupPhotoExtension /Users/henry/Library/Application Scripts/com.apple.mediaanalysisd /Users/henry/Library/Application Scripts/com.apple.MediaLibraryService /Users/henry/Library/Application Scripts/com.apple.messages.MapRenderingService /Users/henry/Library/Application Scripts/com.apple.ncplugin.calculator /Users/henry/Library/Application Scripts/com.apple.ncplugin.FindMyFriends /Users/henry/Library/Application Scripts/com.apple.ncplugin.stocks /Users/henry/Library/Application Scripts/com.apple.ncplugin.weather /Users/henry/Library/Application Scripts/com.apple.ncplugin.WorldClock /Users/henry/Library/Application Scripts/com.apple.NetworkExtension.IKEv2Provider /Users/henry/Library/Application Scripts/com.apple.Notes /Users/henry/Library/Application Scripts/com.apple.Notes.datastore /Users/henry/Library/Application Scripts/com.apple.Notes.HTMLConverter /Users/henry/Library/Application Scripts/com.apple.Notes.NotesImporter /Users/henry/Library/Application Scripts/com.apple.Notes.SpotlightIndexExtension /Users/henry/Library/Application Scripts/com.apple.notificationcenterui.WeatherSummary /Users/henry/Library/Application Scripts/com.apple.OSDUIHelper /Users/henry/Library/Application Scripts/com.apple.osx-tailspin /Users/henry/Library/Application Scripts/com.apple.Pass-Viewer /Users/henry/Library/Application Scripts/com.apple.PassKit.PaymentAuthorizationUIExtension /Users/henry/Library/Application Scripts/com.apple.PassXPCService /Users/henry/Library/Application Scripts/com.apple.photoanalysisd /Users/henry/Library/Application Scripts/com.apple.PhotoBooth /Users/henry/Library/Application Scripts/com.apple.PhotoIngestService /Users/henry/Library/Application Scripts/com.apple.photolibraryd /Users/henry/Library/Application Scripts/com.apple.PhotoLibraryMigrationUtility /Users/henry/Library/Application Scripts/com.apple.photomodel /Users/henry/Library/Application Scripts/com.apple.photomoments /Users/henry/Library/Application Scripts/com.apple.Photos /Users/henry/Library/Application Scripts/com.apple.photos.ImageConversionService /Users/henry/Library/Application Scripts/com.apple.photos.VideoConversionService /Users/henry/Library/Application Scripts/com.apple.PhotoThemeService /Users/henry/Library/Ap
      • find New Fork (PID: 580, Parent: 561)
      • xattr (MD5: e2ca6555fe4b8c6a97d1ced2156c9b69) Arguments: xattr -d com.apple.quarantine /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/D9C3964AC5395EBBF80A58EFA88D53C1583CB4CB-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/D9E09DA2199AE493A2428DB3457A79A8E83E2C97 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/D9E09DA2199AE493A2428DB3457A79A8E83E2C97-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DAF6E72CC50C5141FF4B7B1024C598C8CD9C8E4F /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DBB478B5B87BED8AD718A3A9F7C5FCDF94B3BAB2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DC61E27FFD8E466685B4441686EC8963B3EA3FDE /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DC61E27FFD8E466685B4441686EC8963B3EA3FDE-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DCFCC0A7387A4219D81451A4D6BC2F57563DC915 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DD573CC70EFEE6B1315C9AD552F7E2A0FC2B6221 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DD97D4D42BEB615C869B1D53C5B9846F5E367FC2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DD97D4D42BEB615C869B1D53C5B9846F5E367FC2-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DDC84C32BF59D4BD3CFD2255383DB7548E08720A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DE120302C72D2A20A7E45D547707E62A554AB1C9 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DF1581F0F9E357EC98574FE405963361AD877FCF /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DFAECDC754C1A5AA47FC47C23947915896E0B8E4 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DFCB81FB6C802DA34C7B809E50116A6335A07B94 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E0006C4B89BD617936DF1860511ACD802AAA423C /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E018B64D3547B9B4D699FA46ABF2BF86FD1DA903 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E018B64D3547B9B4D699FA46ABF2BF86FD1DA903-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E01B4C90542E9C284C5516E70C12B6368C489048 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E10C6FC7DE241949F10F1910C84B2DD68E6C7E51 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E20D0A26B971A6186DC463F741BB056AB089D513 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E217703D42DAB63CE6A35528479CCF17A01274EB /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E23609978F286DD53FE5A5B5A7B9AD92398BFFCE /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E2AE870CA4BF92E5A0B6A5547C85FE11D7D6905F /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E38911A9B37AAE01CAA17B0618E36A7C603889AE /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E39042808A21BD04F0FB35D33586C3B6FE1A7BB0 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E448AD04D1100C3CEAF438C606437BC42DE974FF /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E4BFAC580364E77748B84D5422B411F1C53DCA48 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E71B9897C92151C0FC8FCC898ACB825A837401E9 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E890E47C3E264A00E22987ED679A654B6DA0C669 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E906A5A2C5ECBFEEAD4C31C1A1763247B86A558B /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E97C51C02D1BA388CE7A6B9B05E64FACC0963DA4 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E97C51C02D1BA388CE7A6B9B05E64FACC0963DA4-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EA3E208F30B7537744FF6585411CC220568ED0E8 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EA3E208F30B7537744FF6585411CC220568ED0E8-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EC75EDEC2FB6B6D18EA5FA61847303B927863445 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/ED2BA903EA77C24C6EF61232570D20DC32998C8A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EE88D52E87DC9F6740F6225C963A8D4E40671F58 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EEE13D28AB7626B86DDF9C3CB786BBE0171A3A14 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F09360F22A0731A556DECB2B0F63DC37B8CBC789 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F0B2520EF5A09D84B09CD10DD2105EA3249F09CF /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F0B2520EF5A09D84B09CD10DD2105EA3249F09CF-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F127399766D5A469AD1309F879DB3CC8BFBF309F /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F127399766D5A469AD1309F879DB3CC8BFBF309F-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F219C8B26BAFC50B57DE3E560AD3B6C08779B532 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F2CFFC1EF5EB429945DAA5D1A898836A93FE410A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F37AE57A1FB55D9EC61D1EC99308359698E7456A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F3CFCDA9F3F4E38D478FE059F439F24C11F49CBA /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F4148745AE42706E280004AF00E6E7E65462B805 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F49323F022921F0F7B36EAC3692209DA92110441 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F50CC19346C6FC6124D1624D3840317ED8E7DDB2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F5447371D9F2E206112A0E9984E01F2C871AAAE2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F68B52C553FCB51913089319997DBE8D5806C269 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F83586300092D127275329B4BBD460BB9B0E2BDC /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F83586300092D127275329B4BBD460BB9B0E2BDC-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F8E5D1E9C5004733E050DC5C74DEE439A0F0E796 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F97D9FFCEAAC16C6979FEBB1A847FDCA7C25AEC8 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F98B5DE251957519AB374D950F9C5054B69E6F05 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11
      • Python (MD5: ba780ab677147d9db60c564ef3f51dd0) Arguments: /usr/bin/python /usr/bin/xattr-2.7 -d com.apple.quarantine /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/D9C3964AC5395EBBF80A58EFA88D53C1583CB4CB-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/D9E09DA2199AE493A2428DB3457A79A8E83E2C97 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/D9E09DA2199AE493A2428DB3457A79A8E83E2C97-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DAF6E72CC50C5141FF4B7B1024C598C8CD9C8E4F /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DBB478B5B87BED8AD718A3A9F7C5FCDF94B3BAB2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DC61E27FFD8E466685B4441686EC8963B3EA3FDE /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DC61E27FFD8E466685B4441686EC8963B3EA3FDE-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DCFCC0A7387A4219D81451A4D6BC2F57563DC915 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DD573CC70EFEE6B1315C9AD552F7E2A0FC2B6221 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DD97D4D42BEB615C869B1D53C5B9846F5E367FC2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DD97D4D42BEB615C869B1D53C5B9846F5E367FC2-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DDC84C32BF59D4BD3CFD2255383DB7548E08720A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DE120302C72D2A20A7E45D547707E62A554AB1C9 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DF1581F0F9E357EC98574FE405963361AD877FCF /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DFAECDC754C1A5AA47FC47C23947915896E0B8E4 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/DFCB81FB6C802DA34C7B809E50116A6335A07B94 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E0006C4B89BD617936DF1860511ACD802AAA423C /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E018B64D3547B9B4D699FA46ABF2BF86FD1DA903 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E018B64D3547B9B4D699FA46ABF2BF86FD1DA903-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E01B4C90542E9C284C5516E70C12B6368C489048 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E10C6FC7DE241949F10F1910C84B2DD68E6C7E51 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E20D0A26B971A6186DC463F741BB056AB089D513 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E217703D42DAB63CE6A35528479CCF17A01274EB /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E23609978F286DD53FE5A5B5A7B9AD92398BFFCE /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E2AE870CA4BF92E5A0B6A5547C85FE11D7D6905F /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E38911A9B37AAE01CAA17B0618E36A7C603889AE /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E39042808A21BD04F0FB35D33586C3B6FE1A7BB0 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E448AD04D1100C3CEAF438C606437BC42DE974FF /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E4BFAC580364E77748B84D5422B411F1C53DCA48 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E71B9897C92151C0FC8FCC898ACB825A837401E9 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E890E47C3E264A00E22987ED679A654B6DA0C669 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E906A5A2C5ECBFEEAD4C31C1A1763247B86A558B /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E97C51C02D1BA388CE7A6B9B05E64FACC0963DA4 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/E97C51C02D1BA388CE7A6B9B05E64FACC0963DA4-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EA3E208F30B7537744FF6585411CC220568ED0E8 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EA3E208F30B7537744FF6585411CC220568ED0E8-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EC75EDEC2FB6B6D18EA5FA61847303B927863445 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/ED2BA903EA77C24C6EF61232570D20DC32998C8A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EE88D52E87DC9F6740F6225C963A8D4E40671F58 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/EEE13D28AB7626B86DDF9C3CB786BBE0171A3A14 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F09360F22A0731A556DECB2B0F63DC37B8CBC789 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F0B2520EF5A09D84B09CD10DD2105EA3249F09CF /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F0B2520EF5A09D84B09CD10DD2105EA3249F09CF-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F127399766D5A469AD1309F879DB3CC8BFBF309F /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F127399766D5A469AD1309F879DB3CC8BFBF309F-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F219C8B26BAFC50B57DE3E560AD3B6C08779B532 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F2CFFC1EF5EB429945DAA5D1A898836A93FE410A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F37AE57A1FB55D9EC61D1EC99308359698E7456A /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F3CFCDA9F3F4E38D478FE059F439F24C11F49CBA /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F4148745AE42706E280004AF00E6E7E65462B805 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F49323F022921F0F7B36EAC3692209DA92110441 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F50CC19346C6FC6124D1624D3840317ED8E7DDB2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F5447371D9F2E206112A0E9984E01F2C871AAAE2 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F68B52C553FCB51913089319997DBE8D5806C269 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F83586300092D127275329B4BBD460BB9B0E2BDC /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F83586300092D127275329B4BBD460BB9B0E2BDC-blob /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F8E5D1E9C5004733E050DC5C74DEE439A0F0E796 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F97D9FFCEAAC16C6979FEBB1A847FDCA7C25AEC8 /Users/henry/Library/Caches/com.apple.iTunes/WebKitCache/Version 11/Records/AB5FD3F5EEF5444C88F3D6A45A505894E07BAB55/Resource/F98B5DE251957519AB374D950F9C5054B69E6F05 /Users/henry/Library/Caches/com.apple.
    • bash New Fork (PID: 562, Parent: 553)
    • find (MD5: 1a070f1b112a0bbf99581914d1035970) Arguments: find / -exec xattr -d com.apple.quarantine {} +
      • find New Fork (PID: 571, Parent: 562)
      • xattr (MD5: e2ca6555fe4b8c6a97d1ced2156c9b69) Arguments: xattr -d com.apple.quarantine / /.dfxdata.dat /.DocumentRevisions-V100 /.DS_Store /.file /.fseventsd /.hotfiles.btree /.PKInstallSandboxManager /.PKInstallSandboxManager-SystemSoftware /.Spotlight-V100 /.Trashes /.vol /.VolumeIcon.icns /Applications /Applications/.DS_Store /Applications/.localized /Applications/App Store.app /Applications/App Store.app/Contents /Applications/App Store.app/Contents/_CodeSignature /Applications/App Store.app/Contents/_CodeSignature/CodeResources /Applications/App Store.app/Contents/Info.plist /Applications/App Store.app/Contents/MacOS /Applications/App Store.app/Contents/MacOS/App Store /Applications/App Store.app/Contents/PkgInfo /Applications/App Store.app/Contents/PlugIns /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/_CodeSignature /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/_CodeSignature/CodeResources /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Info.plist /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/MacOS /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/MacOS/DockTile /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ar.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ar.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ca.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ca.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/cs.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/cs.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/da.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/da.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/de.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/de.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/el.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/el.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/en.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/en.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es_419.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es_419.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fi.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fi.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fr.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fr.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/he.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/he.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hi.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hi.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hr.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hr.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hu.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hu.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/id.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/id.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/it.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/it.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ja.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ja.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ko.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ko.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ms.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ms.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/nl.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/nl.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/no.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/no.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pl.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pl.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt_PT.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt_PT.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ro.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ro.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ru.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ru.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sk.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sk.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sv.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sv.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/th.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/th.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/tr.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/tr.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/uk.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/uk.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/vi.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/vi.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_CN.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_CN.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_TW.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_TW.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/version.plist /Applications/App Store.app/Contents/Resources /Applications/App Store.app/Contents/Resources/AppIcon.icns /Applications/App Store.app/Contents/Resources/ar.lproj /Applications/App Store.app/Contents/Resources/ar.lproj/InfoPlist.strings /Applications/App Store.app/Contents/Resources/ar.lproj/Localizable.strings /Applications/App Store.app/Contents/Resources/ar.lproj/MainMenu.strings /Applications/App Store.app/Contents/Resources/Assets.car /Applications/App Store.app/Contents/Resources/Base.lproj /Applications/App Store.app/Contents/Resources/Base.lproj/MainMenu.nib /Applications/App Store.app/Contents/Resources/ca.lproj /Applications/App Store.app/Contents/Resources/ca.lproj/InfoPlist.strings /Applications/App Store.app/Contents/Resources/ca.lproj/Localizable.strings /Applications/App Store.app/Contents/Resources/ca.lproj/MainMenu.strings /Applications/App Store.app/Contents/Resources/cs.lproj /Applications/App Store.app/Contents/Resources/cs.lproj/InfoPlist.strings /Applications/App Store.app/Contents/Resources/cs.lproj/Localiz
      • Python (MD5: ba780ab677147d9db60c564ef3f51dd0) Arguments: /usr/bin/python /usr/bin/xattr-2.7 -d com.apple.quarantine / /.dfxdata.dat /.DocumentRevisions-V100 /.DS_Store /.file /.fseventsd /.hotfiles.btree /.PKInstallSandboxManager /.PKInstallSandboxManager-SystemSoftware /.Spotlight-V100 /.Trashes /.vol /.VolumeIcon.icns /Applications /Applications/.DS_Store /Applications/.localized /Applications/App Store.app /Applications/App Store.app/Contents /Applications/App Store.app/Contents/_CodeSignature /Applications/App Store.app/Contents/_CodeSignature/CodeResources /Applications/App Store.app/Contents/Info.plist /Applications/App Store.app/Contents/MacOS /Applications/App Store.app/Contents/MacOS/App Store /Applications/App Store.app/Contents/PkgInfo /Applications/App Store.app/Contents/PlugIns /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/_CodeSignature /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/_CodeSignature/CodeResources /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Info.plist /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/MacOS /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/MacOS/DockTile /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ar.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ar.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ca.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ca.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/cs.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/cs.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/da.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/da.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/de.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/de.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/el.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/el.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/en.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/en.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es_419.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/es_419.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fi.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fi.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fr.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/fr.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/he.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/he.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hi.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hi.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hr.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hr.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hu.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/hu.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/id.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/id.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/it.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/it.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ja.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ja.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ko.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ko.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ms.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ms.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/nl.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/nl.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/no.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/no.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pl.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pl.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt_PT.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/pt_PT.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ro.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ro.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ru.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/ru.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sk.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sk.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sv.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/sv.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/th.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/th.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/tr.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/tr.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/uk.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/uk.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/vi.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/vi.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_CN.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_CN.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_TW.lproj /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/Resources/zh_TW.lproj/InfoPlist.strings /Applications/App Store.app/Contents/PlugIns/DockTile.docktileplugin/Contents/version.plist /Applications/App Store.app/Contents/Resources /Applications/App Store.app/Contents/Resources/AppIcon.icns /Applications/App Store.app/Contents/Resources/ar.lproj /Applications/App Store.app/Contents/Resources/ar.lproj/InfoPlist.strings /Applications/App Store.app/Contents/Resources/ar.lproj/Localizable.strings /Applications/App Store.app/Contents/Resources/ar.lproj/MainMenu.strings /Applications/App Store.app/Contents/Resources/Assets.car /Applications/App Store.app/Contents/Resources/Base.lproj /Applications/App Store.app/Contents/Resources/Base.lproj/MainMenu.nib /Applications/App Store.app/Contents/Resources/ca.lproj /Applications/App Store.app/Contents/Resources/ca.lproj/InfoPli