Tag Archives: 2018

For Sale – MacBook Pro 13” 2018

2018 13” MacBook Pro (Touch bar model). Purchased from Apple with AppleCare until 18 September 2021 that will be transferred to the new owner.

Comes boxed with power charger. I can see no marks or scratches but you are welcome to check as it is collection only. Looking for £1050 – do not intend to post.

Specs:
2.3 GHz Quad Core Intel i5
8GB RAM
512GB SSD Hard Drive
Intel Iris Plus Graphics 655
This is the Touch Bar model

Comes boxed. The Banksy Decals (stickers) are specific for the Mac and just peel off and will leave no residue if you don’t want them on. Cost over £2k new.

Go to Original Article
Author:

For Sale – Apple MacBook Air (Retina 13 inch 2018) Gold

Purchased this Retina MacBook Air direct from Apple on 21st November 2018 but is just not getting used so would like to move on to a good home. Has had minimal light use – internet and Football Manager only!!

1.6GHz dual‑core 8th‑generation Intel Core i5 processor, Turbo Boost up to 3.6GHz
Intel UHD Graphics 617
8GB 2133MHz LPDDR3 memory
512GB SSD storage
Force Touch trackpad
Two Thunderbolt 3 ports
Touch ID
Retina display
Backlit Keyboard – British
Accessory Kit

Comes in original box with all original accessories.

Has had a hard case on top / bottom since day one so is immaculate with no dents or dings and screen is in mint condition

Will be reset to factory running

It has no Apple Care so warranty to November 2019.

Will be posted insured signed for at my cost and will advise delivery date once courier decided and funds received.

Can also collect from London SE9 evenings or weekends

Payment by PayPal Gift, Bank Transfer or Cash if collecting.

Will post pics tonight

To spec this on Apple now will be £1499 so asking only £1099 or feel free to make an offer

Go to Original Article
Author:

For Sale – Apple MacBook Air (Retina 13 inch 2018) Gold

Purchased this Retina MacBook Air direct from Apple on 21st November 2018 but is just not getting used so would like to move on to a good home. Has had minimal light use – internet and Football Manager only!!

1.6GHz dual‑core 8th‑generation Intel Core i5 processor, Turbo Boost up to 3.6GHz
Intel UHD Graphics 617
8GB 2133MHz LPDDR3 memory
512GB SSD storage
Force Touch trackpad
Two Thunderbolt 3 ports
Touch ID
Retina display
Backlit Keyboard – British
Accessory Kit

Comes in original box with all original accessories.

Has had a hard case on top / bottom since day one so is immaculate with no dents or dings and screen is in mint condition

Will be reset to factory running

It has no Apple Care so warranty to November 2019.

Will be posted insured signed for at my cost and will advise delivery date once courier decided and funds received.

Can also collect from London SE9 evenings or weekends

Payment by PayPal Gift, Bank Transfer or Cash if collecting.

Will post pics tonight

To spec this on Apple now will be £1499 so asking only £1099 or feel free to make an offer

Go to Original Article
Author:

Insights from one year of tracking a polymorphic threat – Microsoft Security

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every 20-30 minutes on thousands of devices. We gave the threat the name “Dexphot,” based on certain characteristics of the malware code.

The Dexphot attack used a variety of sophisticated methods to evade security solutions. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Dexphot then used fileless techniques to run malicious code directly in memory, leaving only a few traces that can be used for forensics. It hijacked legitimate system processes to disguise malicious activity. If not stopped, Dexphot ultimately ran a cryptocurrency miner on the device, with monitoring services and scheduled tasks triggering re-infection when defenders attempt to remove the malware.

In the months that followed, we closely tracked the threat and witnessed the attackers upgrade the malware, target new processes, and work around defensive measures:

Timeline of evolution of Dexphot malware

While Microsoft Defender Advanced Threat Protection’s pre-execution detection engines blocked Dexphot in most cases, behavior-based machine learning models provided protection for cases where the threat slipped through. Given the threat’s persistence mechanisms, polymorphism, and use of fileless techniques, behavior-based detection was a critical component of the comprehensive protection against this malware and other threats that exhibit similar malicious behaviors.

Microsoft Defender ATP data shows the effectiveness of behavioral blocking and containment capabilities in stopping the Dexphot campaign. Over time, Dexphot-related malicious behavior reports dropped to a low hum, as the threat lost steam.

Number of machines that encountered Dexphot over time

Our close monitoring of Dexphot helped us ensure that our customers were protected from the evolving threat. More importantly, one year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.

Complex attack chain

The early stages of a Dexphot infection involves numerous files and processes. During the execution stage, Dexphot writes five key files to disk:

  1. An installer with two URLs
  2. An MSI package file downloaded from one of the URLs
  3. A password-protected ZIP archive
  4. A loader DLL, which is extracted from the archive
  5. An encrypted data file that holds three additional executables that are loaded into system processes via process hollowing

Except for the installer, the other processes that run during execution are legitimate system processes. This can make detection and remediation more difficult. These legitimate system processes include msiexec.exe (for installing MSI packages), unzip.exe (for extracting files from the password-protected ZIP archive), rundll32.exe (for loading the loader DLL), schtasks.exe (for scheduled tasks), powershell.exe (for forced updates). In later stages, Dexphot targets a few other system processes for process hollowing: svchost.exe, tracert.exe, and setup.exe.

Dexphot attack chain

Multiple layers of security evasion

Based on Microsoft Defender ATP signals, SoftwareBundler:Win32/ICLoader and its variants are primarily used to drop and run the Dexphot installer. The installer uses two URLs to download malicious payloads. These are the same two URLs that Dexphot use later to establish persistence, update the malware, and re-infect the device.

The installer downloads an MSI package from one of the two URLs, and then launches msiexec.exe to perform a silent install. This is the first of several instances of Dexphot employing living-off-the-land techniques, the use of legitimate system processes for nefarious purposes.

Dexphot’s package often contains an obfuscated batch script. If the package contains this file, the script is the first thing that msiexec.exe runs when it begins the installation process. The said obfuscated script is designed to check for antivirus products. Dexphot halts the infection process immediately if an antivirus product is found running.

When we first began our research, the batch script only checked for antivirus products from Avast and AVG. Later, Windows Defender Antivirus was added to the checklist.

If the process is not halted, Dexphot decompresses the password-protected ZIP archive from the MSI package. The password to this archive is within the MSI package. Along with the password, the malware’s authors also include a clean version of unzip.exe so that they don’t have to rely on the target system having a ZIP utility. The unzip.exe file in the package is usually named various things, such as z.exe or ex.exe, to avoid scrutiny.

The ZIP archive usually contains three files: the loader DLL, an encrypted data file (usually named bin.dat), and, often, one clean unrelated DLL, which is likely included to mislead detection.

Dexphot usually extracts the decompressed files to the target system’s Favorites folder. The files are given new, random names, which are generated by concatenating words and numbers based on the time of execution (for example, C:UsersFavorites\Res.Center.ponse). The commands to generate the new names are also obfuscated, for example:

Msiexec.exe next calls rundll32.exe, specifying loader DLL (urlmon.7z in the example above) in order to decrypt the data file. The decryption process involves ADD and XOR operations, using a key hardcoded in the binary.

The decrypted data contains three executables. Unlike the files described earlier, these executables are never written to the filesystem. Instead, they exist only in memory, and Dexphot runs them by loading them into other system processes via process hollowing.

Stealthy execution through fileless techniques

Process hollowing is a technique that can hide malware within a legitimate system process. It replaces the contents of the legitimate process with malicious code. Detecting malicious code hidden using this method is not trivial, so process hollowing has become a prevalent technique used by malware today.

This method has the additional benefit of being fileless: the code can be run without actually being saved on the file system. Not only is it harder to detect the malicious code while it’s running, it’s harder to find useful forensics after the process has stopped.

To initiate process hollowing, the loader DLL targets two legitimate system processes, for example svchost.exe or nslookup.exe, and spawns them in a suspended state. The loader DLL replaces the contents of these processes with the first and second decrypted executables. These executables are monitoring services for maintaining Dexphot’s components. The now-malicious processes are released from suspension and run.

Next, the loader DLL targets the setup.exe file in SysWoW64. It removes setup.exe’s contents and replaces them with the third decrypted executable, a cryptocurrency miner. Although Dexphot always uses a cryptocurrency miner of some kind, it’s not always the same miner. It used different programs like XMRig and JCE Miner over the course of our research.

Persistence through regularly scheduled malware updates

The two monitoring services simultaneously check the status of all three malicious processes. Having dual monitoring services provides redundancy in case one of the monitoring processes is halted. If any of the processes are terminated, the monitors immediately identify the situation, terminate all remaining malicious processes, and re-infect the device. This forced update/re-infection process is started by a PowerShell command similar to the one below:

The monitoring components also detect freshly launched cmd.exe processes and terminate them promptly. As a final fail-safe, Dexphot uses schtasks.exe to create scheduled tasks, with the command below.

This persistence technique is interesting, because it employs two distinct MITRE ATT&CK techniques: Scheduled Task and Signed Binary Proxy Execution.

The scheduled tasks call msiexec.exe as a proxy to run the malicious code, much like how msiexec.exe was used during installation. Using msiexec.exe, a legitimate system process, can make it harder to trace the source of malicious activity.

Furthermore, the tasks allow Dexphot to conveniently update the payload from the web every time the tasks run. They automatically update all of Dexphot’s components, both upon system reboot as well as every 90 or 110 minutes while the system is running.

Dexphot also generates the names for the tasks at runtime, which means a simple block list of hardcoded task names will not be effective in preventing them from running. The names are usually in a GUID format, although after we released our first round of Dexphot-blocking protections, the threat authors began to use random strings.

The threat authors have one more evasion technique for these scheduled tasks: some Dexphot variants copy msiexec.exe to an arbitrary location and give it a random name, such as %AppData%.exe. This makes the system process running malicious code a literal moving target.

Polymorphism

Dexphot exhibits multiple layers of polymorphism across the binaries it distributes. For example, the MSI package used in the campaign contains different files, as shown in the table below. The MSI packages generally include a clean version of unzip.exe, a password-protected ZIP file, and a batch file that checks for currently installed antivirus products. However, the batch file is not always present, and the names of the ZIP files and Loader DLLs, as well as the password for extracting the ZIP file, all change from one package to the next.

In addition, the contents of each Loader DLL differs from package to package, as does the encrypted data included in the ZIP file. This leads to the generation of a different ZIP archive and, in turn, a unique MSI package, each time the attacker bundles the files together. Because of these carefully designed layers of polymorphism, a traditional file-based detection approach wouldn’t be effective against Dexphot.

MSI package ID MSI package contents Password for ZIP file Contents of encrypted ZIP
Unzip.exe name ZIP file name Batch file name Loader DLL file name Encrypted data name
MSI-1 ex.exe webUI.r0_ f.bat kjfhwehjkf IECache.dll bin.dat
MSI-2 ex.exe analog.tv f.bat ZvDagW kernel32.bin bin.dat
MSI-3 z.exe yandex.zip f.bat jeremy SetupUi.dll bin.dat
MSI-4 unzip.exe ERDNT.LOC.zip iso100 ERDNT.LOC data.bin
MSI-5 pck.exe mse.zip kika _steam.dll bin.dat
MSI-6 z.exe msi.zip arima ic64.dll bin.dat
MSI-7 z.exe mse.zip f.bat kika _steam.dll bin.dat
MSI-8 z.exe mse.zip kika _steam.dll bin.dat
MSI-9 z.exe yandex.zip f.bat jeremy SetupUi.dll bin.dat
MSI-10 hf.exe update.dat f.bat namr x32Frame.dll data.bin
MSI-11 z.exe yandex.zip f.bat jeremy SetupUi.dll bin.dat
MSI-12 unzip.exe PkgMgr.iso.zip pack PkgMgr.iso data.bin
MSI-13 ex.exe analog.tv f.bat kjfhwefkjwehjkf urlmon.7z bin.dat
MSI-14 ex.exe icon.ico f.bat ZDADW default.ocx bin.dat
MSI-15 hf.exe update.dat namr AvastFileRep.dll data.bin
MSI-16 pck.exe mse.zip f.bat kika _steam.dll bin.dat
MSI-17 z.exe mse.zip f.bat joft win2k.wim bin.dat
MSI-18 ex.exe plugin.cx f.bat ZDW _setup.ini bin.dat
MSI-19 hf.exe update.dat namr AvastFileRep.dll data.bin
MSI-20 ex.exe installers.msu f.bat 000cehjkf MSE.Engine.dll bin.dat
MSI-21 z.exe msi.zip f.bat arima ic64.dll bin.dat
MSI-22 z.exe archive00.x f.bat 00Jmsjeh20 chrome_watcher.dll bin.dat

A multitude of payload hosts

Besides tracking the files and processes that Dexphot uses to execute an attack, we have also been monitoring the domains used to host malicious payloads. The URLs used for hosting all follow a similar pattern. The domain address usually ends in a .info or .net TLD, while the file name for the actual payload consists of random characters, similar to the randomness previously seen being used to generate file names and scheduled tasks. Some examples from our research are shown in the table below.

Scheduled task name Download URL
hboavboja https://supe********709.info/xoslqzu.pdi
{C0B15B19-AB02-0A10-259B-1789B8BD78D6} https://fa*****r.com/jz5jmdouv4js.uoe
ytiazuceqeif https://supe********709.info/spkfuvjwadou.bbo
beoxlwayou https://rb*****.info/xgvylniu.feo
{F1B4C720-5A8B-8E97-8949-696A113E8BA5} https://emp*******winc.com/f85kr64p1s5k.naj
gxcxhbvlkie https://gu*****me.net/ssitocdfsiu.pef
{BE7FFC87-6635-429F-9F2D-CD3FD0E6DA51} https://sy*****.info/pasuuy/xqeilinooyesejou.oew
{0575F553-1277-FB0F-AF67-EB649EE04B39} https://sumb*******on.info/gbzycb.kiz
gposiiobhkwz https://gu*****me.net/uyuvmueie.hui
{EAABDEAC-2258-1340-6375-5D5C1B7CEA7F} https://refr*******r711.info/3WIfUntot.1Mb
zsayuuec https://gu*****me.net/dexaeuioiexpyva.dil
njibqhcq https://supe********709.info/aodoweuvmnamugu.fux
{22D36F35-F5C2-29D3-1CF1-C51AC19564A4} https://pr*****.info/ppaorpbafeualuwfx/hix.ayk
qeubpmnu https://gu*****me.net/ddssaizauuaxvt.cup
adeuuelv https://supe********709.info/tpneevqlqziee.okn
{0B44027E-7514-5EC6-CE79-26EB87434AEF} https://sy*****.info/huauroxaxhlvyyhp/xho.eqx
{5A29AFD9-63FD-9F5E-F249-5EC1F2238023} https://refr*******r711rb.info/s28ZXoDH4.78y
{C5C1D86D-44BB-8EAA-5CDC-26B37F92E411} https://fa*****r.com/rbvelfbflyvf.rws

Many of the URLs listed were in use for an extended period. However, the MSI packages hosted at each URL are frequently changed or updated. In addition, every few days more domains are generated to host more payloads. After a few months of monitoring, we were able to identify around 200 unique Dexphot domains.

Conclusion: Dynamic, comprehensive protection against increasingly complex everyday threats

Dexphot is not the type of attack that generates mainstream media attention; it’s one of the countless malware campaigns that are active at any given time. Its goal is a very common one in cybercriminal circles — to install a coin miner that silently steals computer resources and generates revenue for the attackers — yet Dexphot exemplifies the level of complexity and rate of evolution of even everyday threats, intent on evading protections and motivated to fly under the radar for the prospect of profit.

To combat threats, several next-generation protection engines in Microsoft Defender Advanced Threat Protection’s antivirus component detect and stop malicious techniques at multiple points along the attack chain. For Dexphot, machine learning-based detections in the cloud recognize and block the DLLs loaded by rundll32.exe, stopping the attack chain in its early stages. Memory scans detect and terminate the loading of malicious code hidden by process hollowing — including the monitoring processes that attempt to update the malware code and re-infect the machine via PowerShell commands.

Behavioral blocking and containment capabilities are especially effective in defeating Dexphot’s fileless techniques, detection evasion, and persistence mechanisms, including the periodic and boot-time attempts to update the malware via scheduled tasks. As mentioned, given the complexity of the attack chain and of Dexphot’s persistence methods, we released a remediation solution that prevents re-infection by removing artifacts.

Microsoft Defender ATP solutions for Dexphot attack

The detection, blocking, and remediation of Dexphot on endpoints are exposed in Microsoft Defender Security Center, where Microsoft Defender ATP’s rich capabilities like endpoint detection and response, automated investigation and remediation, and others enable security operations teams to investigate and remediate attacks in enterprise environments. With these capabilities, Microsoft Defender ATP provides comprehensive protection against Dexphot and the countless other complex and evolving threats that we face every day.

Sample indicators of compromise (IoCs)

Installer (SHA-256):
72acaf9ff8a43c68416884a3fff3b23e749b4bb8fb39e16f9976643360ed391f

MSI files (SHA-256):
22beffb61cbdc2e0c3eefaf068b498b63a193b239500dab25d03790c467379e3
65eac7f9b67ff69cefed288f563b4d77917c94c410c6c6c4e4390db66305ca2a
ba9467e0d63ba65bf10650a3c8d36cd292b3f846983032a44a835e5966bc7e88

Loader DLLs  (SHA-256):
537d7fe3b426827e40bbdd1d127ddb59effe1e9b3c160804df8922f92e0b366e
504cc403e0b83233f8d20c0c86b0611facc040b868964b4afbda3214a2c8e1c5
aa5c56fe01af091f07c56ac7cbd240948ea6482b6146e0d3848d450977dff152

Hazel Kim

Microsoft Defender ATP Research Team


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft Defender ATP community.

Read all Microsoft security intelligence blog posts.

Follow us on Twitter @MsftSecIntel.

Go to Original Article
Author: Steve Clarke

With Time on its hands, Meredith drives storage consolidation

After Meredith Corp. closed its $2.8 billion acquisition of Time Inc. in January 2018, it adopted the motto “Be Bold. Together.”

David Coffman, Meredith’s director of enterprise infrastructure, took that slogan literally. “I interpreted that as ‘Drive it like you stole it,'” said Coffman, who was given a mandate to overhaul the combined company’s data centers that held petabytes of data. He responded with an aggressive backup and primary storage consolidation.

The Meredith IT team found itself with a lot of Time data on its hands, and in need of storage consolidation because a variety of vendors were in use. Meredith was upgrading its own Des Moines, Iowa, data center at the time, and Coffman’s team standardized technology across legacy Time and Meredith. It dumped most of its traditional IT gear and added newer technology developed around virtualization, convergence and the cloud.

Although Meredith divested some of Time’s best-known publications, it now publishes People, Better Homes and Gardens, InStyle, Southern Living and Martha Stewart Living. The company also owns 17 local television stations and other properties.

The goal is to reduce its data centers to two major sites in New York and Des Moines with the same storage, server and data protection technologies. The sites can serve as DR sites for each other. Meredith’s storage consolidation resulted in implementing Nutanix hyper-converged infrastructure for block storage and virtualization, Rubrik data protection and a combination of Nasuni and NetApp for file storage.

“I’ve been working to merge two separate enterprises into one,” Coffman said. “We decided we wanted to go with cutting-edge technologies.”

At the time of the merger, Meredith used NetApp-Cisco FlexPod converged infrastructure for primary storage and Time had Dell EMC and Hitachi Vantara in its New York and Weehawken, N.J. data centers. Both companies backed up with Veritas NetBackup software. Meredith had a mixture of tape and NetBackup appliances and Time used tape and Dell EMC Data Domain disk backup.

By coincidence, both companies were doing proofs of concept with Rubrik backup software on integrated appliances and were happy with the results.

Meredith installed Rubrik clusters in its Des Moines and New York data centers as well as a large Birmingham, Alabama office after the merger. They protect Nutanix clusters in all those sites.

“If we lost any of those sites, we could hook up our gear to another site and do restores,” Coffman said.

Meredith also looked at Cohesity and cloud backup vendor Druva while evaluating Rubrik Cloud Data Management. Coffman and Michael Kientoff, senior systems administrator of data protection at Meredith, said they thought Rubrik had the most features and they liked its instant restore capabilities.

Coffman said Cohesity was a close second, but he didn’t like that Cohesity includes its own file system and bills itself as secondary storage.

“We didn’t think a searchable file system would be that valuable to us,” Coffman said. “I didn’t want more storage. I thought, ‘These guys are data on-premises when I’m already getting yelled out for having too much data on premises.’ I didn’t want double the amount of storage.”

Coffman swept out most of the primary storage and servers from before the merger. Meredith still has some NetApp for file storage, and Nasuni cloud NAS for 2 PB of data that is shared among staff in different offices. Nasuni stores data on AWS.

Kientoff is responsible for protecting the data across Meredith’s storage systems.

“All of a sudden, my world expanded exponentially,” he said of the Time aftermath. “I had multiple NetBackup domains all across the world to manage. I was barely keeping up on the NetBackup domain we had at Meredith.”

Coffman and Kientoff said they were happy to be rid of tape, and found Rubrik’s instant restores and migration features valuable. Instead of archiving to tape, Rubrik moves data to AWS after its retention period expires.

Rubrik’s live mount feature can recover data from a virtual machine in seconds. This comes in handy when an application running in a VM dies, but also for migrating data.

However, that same feature is missing from Nutanix. Meredith is phasing out VMware in favor of Nutanix’s AHV hypervisor to save money on VMware licenses and to have, as Coffman put it, “One hand to shake, one throat to choke. Nutanix provided the opportunity to have consolidation between the hypervisor and the hardware.”

The Meredith IT team has petitioned for Nutanix to add a similar live mount capability for AHV. Even without it, though, Kientoff said backing up data from Nutanix with Rubrik beats using tapes.

“With a tape restore, calling backup tapes from off-site, it might be a day or two before they get their data back,” he said. “Now it might take a half an hour to an hour to restore a VM instead of doing a live mount [with VMware]. Getting out of the tape handling business was a big cost savings.”

The Meredith IT team is also dealing with closing smaller sites around the country to get down to the two major data centers. “That’s going to take a lot of coordinating with people, and a lot of migrations,” Coffman said.

Meredith will back up data from remote offices locally and move them across the WAN to New York or Des Moines.

Kientoff said Rubrik’s live restores is a “killer feature” for the office consolidation project. “That’s where Rubrik has really shone for us,” he said. “We recently shut down a sizeable office in Tampa. We migrated most of those VMs to New York and some to Des Moines. We backed up the cluster across the WAN, from Tampa to New York. We shut down the VM in Tampa, live mounted in New York, changed the IP address and put it on the network. There you go — we instantly moved VMs form one office to another.”

Go to Original Article
Author:

For Sale – Apple MacBook Air (Retina 13 inch 2018) Gold

Purchased this Retina MacBook Air direct from Apple on 21st November 2018 but is just not getting used so would like to move on to a good home. Has had minimal light use – internet and Football Manager only!!

1.6GHz dual‑core 8th‑generation Intel Core i5 processor, Turbo Boost up to 3.6GHz
Intel UHD Graphics 617
8GB 2133MHz LPDDR3 memory
512GB SSD storage
Force Touch trackpad
Two Thunderbolt 3 ports
Touch ID
Retina display
Backlit Keyboard – British
Accessory Kit

Comes in original box with all original accessories.

Has had a hard case on top / bottom since day one so is immaculate with no dents or dings and screen is in mint condition

Will be reset to factory running

It has no Apple Care so warranty to November 2019.

Will be posted insured signed for at my cost and will advise delivery date once courier decided and funds received.

Can also collect from London SE9 evenings or weekends

Payment by PayPal Gift, Bank Transfer or Cash if collecting.

Will post pics tonight

To spec this on Apple now will be £1499 so asking only £1099 or feel free to make an offer

Go to Original Article
Author:

For Sale – Acer predator X34P ultrawide monitor.

Purchased from Ebuyer in Feb 2018, non smoking household. Unfortunately I don’t have original packaging so will have to be collection only. There are a couple of marks on the screen which are a 1mm scratch on the far left of the screen and a 5mm hairline scratch at the far right side of the screen however totally unnoticeable when playing and won’t even be picked up in photos to show on here.

Location
Sidcup DA15
Price and currency
380
Delivery cost included
Delivery is NOT included
Prefer goods collected?
I prefer the goods to be collected
Advertised elsewhere?
Not advertised elsewhere
Payment method
bacs

Go to Original Article
Author:

For Sale – Apple MacBook Air (Retina 13 inch 2018) Gold

Purchased this Retina MacBook Air direct from Apple on 21st November 2018 but is just not getting used so would like to move on to a good home. Has had minimal light use – internet and Football Manager only!!

1.6GHz dual‑core 8th‑generation Intel Core i5 processor, Turbo Boost up to 3.6GHz
Intel UHD Graphics 617
8GB 2133MHz LPDDR3 memory
512GB SSD storage
Force Touch trackpad
Two Thunderbolt 3 ports
Touch ID
Retina display
Backlit Keyboard – British
Accessory Kit

Comes in original box with all original accessories.

Has had a hard case on top / bottom since day one so is immaculate with no dents or dings and screen is in mint condition

Will be reset to factory running

It has no Apple Care so warranty to November 2019.

Will be posted insured signed for at my cost and will advise delivery date once courier decided and funds received.

Can also collect from London SE9 evenings or weekends

Payment by PayPal Gift, Bank Transfer or Cash if collecting.

Will post pics tonight

To spec this on Apple now will be £1499 so asking only £1099 or feel free to make an offer

Go to Original Article
Author:

For Sale – Apple MacBook Air (Retina 13 inch 2018) Gold

Purchased this Retina MacBook Air direct from Apple on 21st November 2018 but is just not getting used so would like to move on to a good home. Has had minimal light use – internet and Football Manager only!!

1.6GHz dual‑core 8th‑generation Intel Core i5 processor, Turbo Boost up to 3.6GHz
Intel UHD Graphics 617
8GB 2133MHz LPDDR3 memory
512GB SSD storage
Force Touch trackpad
Two Thunderbolt 3 ports
Touch ID
Retina display
Backlit Keyboard – British
Accessory Kit

Comes in original box with all original accessories.

Has had a hard case on top / bottom since day one so is immaculate with no dents or dings and screen is in mint condition

Will be reset to factory running

It has no Apple Care so warranty to November 2019.

Will be posted insured signed for at my cost and will advise delivery date once courier decided and funds received.

Can also collect from London SE9 evenings or weekends

Payment by PayPal Gift, Bank Transfer or Cash if collecting.

Will post pics tonight

To spec this on Apple now will be £1499 so asking only £1099 or feel free to make an offer

Go to Original Article
Author:

For Sale – Apple Mac Mini 2018 – 3.6GHz Quad-Core Processor 128GB SSD/32GB Ram + Magic Keyboard and Mouse gen1

Hi guys,

selling my Apple Mac Mini 2018 – 3.6GHz Quad-Core Processor 128GB SSD/32GB Ram and throwing in a Magic Keyboard and Mouse gen1 combo for free!

Comes with a fresh install of Mojave!

Warranty until the 26th of February 2020 and still in time to buy AppleCare.

£750 ono + delivery of choice or can be collected from Northampton

IMG_0108.jpgIMG_0109.jpgIMG_0110.jpgIMG_0113.jpgIMG_0114.jpgIMG_0115.jpgIMG_0116.jpgIMG_0117.jpgApple Mac Mini.jpg

Go to Original Article
Author: