Built off the open source project Osquery
Description: It searches for a specific hash.
What The Data Shows: Looks for specific hash in the Users directories for files that are less than 50MB (osquery files size limitation.)
SQL:
SELECT path,sha256
FROM hash
WHERE path in
(SELECT path
FROM file
WHERE size < 50000000
AND path LIKE ""/Users/%/Documents/%%"")
AND sha256 = ""16d28cd1d78b823c4f961a6da78d67a8975d66cde68581798778ed1f98a56d75"";
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.