Christopher Anderton christopheranderton

Ät en mazarin i paus!

christopheranderton / wondershare-crap.txt

Created March 3, 2018 22:32

	# Sneaky installs (goes for many Wondershare and iSkysoft branded apps amongst others ”controlled by the mothership”.
	# ----------------
	$HOME/Library/Application Support/Helper/Wondershare Helper Compact.app
	$HOME/Library/Application Support/Wondershare/Helper/*
	$HOME/Library/Application Support/Helper/iSkysoft Helper Compact.app
	$HOME/Library/Preferences/com.Wondershare.Video Editor.plist
	$HOME/Library/Preferences/com.wondershare.helper_compact.plist
	/Users/Shared/.Wondershare.dat
	/Users/Shared/Wondershare.plist
	$HOME/Library/Helper/*

christopheranderton / wondershare-filmora-fsevents-install.txt

Created March 3, 2018 22:36

This file has been truncated, but you can view the full file.

	22:59:09 🆕 0x14100 /Users/picard/Library/Preferences/com.tristan.FSMonitor.plist.7ZKvz9b
	22:59:10 🛠 0x10400 /private/var/db/uuidtext/D0/AFA1DFF9A03096BBC6039FB407A3B8
	22:59:10 🆕 0x2a500 /Applications/Wondershare Filmora.app
	22:59:11 ↗️ 0x15900 /Library/Caches/com.apple.iconservices.store/DD70283E-F2E6-64BE-2B72-CF8C46B036A9.isdata.tmp
	22:59:11 ↘️ 0x10800 /Library/Caches/com.apple.iconservices.store/DD70283E-F2E6-64BE-2B72-CF8C46B036A9.isdata
	22:59:11 🆕 0x2a500 /Applications/Wondershare Filmora.app
	22:59:11 🆕 0x20100 /Applications/Wondershare Filmora.app/Contents
	22:59:11 🆕 0x1f100 /Applications/Wondershare Filmora.app/Contents/_CodeSignature/CodeResources
	22:59:11 🆕 0x2e100 /Applications/Wondershare Filmora.app/Contents/_CodeSignature
	22:59:11 🆕 0x20100 /Applications/Wondershare Filmora.app/Contents/Frameworks

christopheranderton / wondershare-filmora-fsmonitor-install.json

Created March 3, 2018 22:38

This file has been truncated, but you can view the full file.

	{
	"app": "FSMonitor",
	"doc_version": 1,
	"events": [
	{
	"date" : "22:59:09",
	"path" : "\/Users\/picard\/Library\/Preferences\/com.tristan.FSMonitor.plist.7ZKvz9b",
	"category" : "🆕",
	"flags" : "0x14100"
	},

christopheranderton / digging-into-wondershare-notes.md

Last active March 28, 2025 22:44

Scratchpad/Notes for digging into the shady business of Wondershare. Not complete (it's a scratchpad after all!)

NOTEPAD : Digging into Wondershare

[See the Host entries at the end of the document]

Sharer:	wadmin00126	Category:	software companies

Score: (59) PR: PR:PR:4

christopheranderton / svartgul.css

Created May 25, 2020 09:31

	.gnaget-schack-pattern {
	background-color: #ffdd00;
	background-image: linear-gradient(45deg, black 25%, transparent 25%, transparent 75%, black 75%), linear-gradient(45deg, black 25%, transparent 25%, transparent 75%, black 75%);
	background-size:100px 100px;
	background-position: 0 0, 50px 50px;
	}
	.gnaget-schack-pattern-alt {
	background-color: rgba(255, 221, 0, 1);
	background-image: linear-gradient(45deg, black 25%, transparent 25%, transparent 75%, black 75%, black), linear-gradient(45deg, black 25%, transparent 25%, transparent 75%, black 75%, black);
	background-size:60px 60px;

christopheranderton / checkGFK.sh

Created January 30, 2025 14:58

"Open Gatekeeper Friendly" Malware. Malicious Script Detection and Mitigation Script macOS

	#!/bin/bash

	# Malicious Script Detection and Mitigation Script
	# This script checks for traces of the malicious AppleScript payload on macOS systems and removes them if found.
	# More info: https://rentry.co/ogf_malware

	# Global variable to track if anything suspicious is detected
	suspicious_found=false

	# Function to check and clean suspicious temporary files and directories