Malware Analysis Report

2025-08-05 22:27

Sample ID 240312-scsthsbe7w
Target Banner Crop.jpeg
SHA256 ba22e8469c7dce4c2eafcdf4637fd06ba89ec77087949d21355022024658e0aa
Tags
evasion execution persistence
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

ba22e8469c7dce4c2eafcdf4637fd06ba89ec77087949d21355022024658e0aa

Threat Level: Likely benign

The file Banner Crop.jpeg was found to be: Likely benign.

Malicious Activity Summary

evasion execution persistence

Launch Agent

Resource Forking

Launchctl

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-12 14:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-12 14:59

Reported

2024-03-12 15:08

Platform

macos-20240214-en

Max time kernel

498s

Max time network

496s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Banner Crop.jpg"]

Signatures

Launch Agent

persistence

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" N/A N/A
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" N/A N/A
N/A /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Banner Crop.jpg"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Banner Crop.jpg"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Banner Crop.jpg]

/bin/zsh

[/bin/zsh -c /Users/run/Banner Crop.jpg]

/Users/run/Banner

[/Users/run/Banner Crop.jpg]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secd]

/usr/libexec/secd

[/usr/libexec/secd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.A44DB2B0-BA74-4684-9B54-2992D9E2EC21 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.akd]

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.B4A5A3BA-5EFC-4113-9CED-62CE5FD07D5F 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.cfprefsd.xpc.agent]

/usr/sbin/cfprefsd

[/usr/sbin/cfprefsd agent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SearchHelper 568]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SafeBrowsing.Service]

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service

[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.1721DF32-A8FB-449A-A59B-6737F7607CDF 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.49A09F8C-E980-4685-B304-3E1B7C033B14 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.472F8413-5732-4294-B842-3646DC98095B 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.B7103EA1-56D7-44B6-87BB-D1053D7E3DBB 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.174EF15B-0130-4CB2-B371-B0CA2108B56F 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.speech.speechsynthesisd]

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.80F3A81C-2822-4FD4-BAB7-9998F00FB5E5 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mobile.keybagd]

/usr/libexec/keybagd

[/usr/libexec/keybagd -t 15]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.keychain-circle-notification]

/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification

[/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.passd]

/System/Library/PrivateFrameworks/PassKitCore.framework/passd

[/System/Library/PrivateFrameworks/PassKitCore.framework/passd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoted]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.adid]

/System/Library/PrivateFrameworks/CoreADI.framework/adid

[/System/Library/PrivateFrameworks/CoreADI.framework/adid]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.8729FC94-050D-4591-9DF1-E97DC949F3A8 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.B088A1F0-FAA2-459F-918C-A9909308939A 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.454D4A1F-40D1-451F-BA54-7883EE17836E 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.05F190B6-F6D3-48D9-BF67-9FD40C2006E0 568]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AppStore.1900]

/System/Applications/App Store.app/Contents/MacOS/App Store

[/System/Applications/App Store.app/Contents/MacOS/App Store]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storeuid]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]

/usr/libexec/xpcproxy

[xpcproxy com.apple.iconservices.iconservicesd]

/System/Library/CoreServices/iconservicesd

[/System/Library/CoreServices/iconservicesd]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.Powerpoint.2044]

/usr/libexec/xpcproxy

[xpcproxy com.apple.rtcreportingd]

/usr/libexec/rtcreportingd

[/usr/libexec/rtcreportingd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.coremedia.videodecoder 658]

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService

[/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService]

/Applications/Microsoft PowerPoint.app/Contents/MacOS/Microsoft PowerPoint

[/Applications/Microsoft PowerPoint.app/Contents/MacOS/Microsoft PowerPoint]

/usr/libexec/xpcproxy

[xpcproxy com.apple.accessibility.mediaaccessibilityd]

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd

[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storedownloadd]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.autoupdate.fba.2660]

/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant

[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]

/bin/launchctl

[/bin/launchctl list]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.autoupdate.helper]

/bin/launchctl

[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]

/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper

[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]

/usr/bin/codesign

[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 682]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.softwareupdate.remoteservice 682]

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice

[/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.softwareupdated]

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

[/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suhelperd]

/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd

[/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SoftwareUpdateNotificationManager]

/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager

[/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/usr/libexec/xpcproxy

[xpcproxy com.apple.StreamingUnzipService 189]

/System/Library/PrivateFrameworks/StreamingZip.framework/Versions/A/XPCServices/com.apple.StreamingUnzipService.xpc/Contents/MacOS/com.apple.StreamingUnzipService

[/System/Library/PrivateFrameworks/StreamingZip.framework/Versions/A/XPCServices/com.apple.StreamingUnzipService.xpc/Contents/MacOS/com.apple.StreamingUnzipService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.system_installd]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd]

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues

[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PackageKit.InstallStatus]

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress

[/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress]

/usr/libexec/xpcproxy

[xpcproxy com.apple.warmd_agent]

/usr/libexec/warmd_agent

[/usr/libexec/warmd_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.keychain-circle-notification]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ViewBridgeAuxiliary]

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary

[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]

/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification

[/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SoftwareUpdateNotificationManager]

/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager

[/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager]

/usr/libexec/xpcproxy

[xpcproxy com.apple.notificationcenterui.agent]

/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter

[/System/Library/CoreServices/NotificationCenter.app/Contents/MacOS/NotificationCenter]

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues

[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]

/usr/libexec/xpcproxy

[xpcproxy com.apple.softwareupdated]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash.Root]

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

[/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.notificationcenterui.WeatherSummary 716]

/System/Library/CoreServices/NotificationCenter.app/Contents/XPCServices/com.apple.notificationcenterui.WeatherSummary.xpc/Contents/MacOS/com.apple.notificationcenterui.WeatherSummary

[/System/Library/CoreServices/NotificationCenter.app/Contents/XPCServices/com.apple.notificationcenterui.WeatherSummary.xpc/Contents/MacOS/com.apple.notificationcenterui.WeatherSummary]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sessionlogoutd]

/System/Library/CoreServices/sessionlogoutd

[/System/Library/CoreServices/sessionlogoutd]

/sbin/shutdown

[/sbin/shutdown -r now]

/bin/sh

[sh -c /usr/bin/wall -n]

/bin/bash

[sh -c /usr/bin/wall -n]

/usr/bin/wall

[/usr/bin/wall -n]

/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose

[iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin]

/usr/sbin/spindump

[spindump -shutdownstall 2 -timelimit 5]

/bin/sh

[sh -c /usr/sbin/kextstat]

/bin/bash

[sh -c /usr/sbin/kextstat]

/usr/sbin/kextstat

[/usr/sbin/kextstat]

/bin/bash

[bash /private/var/install/shutdown_installer_tasks]

/bin/bash

[bash /private/var/install/deferred_install]

Network

Country Destination Domain Proto
US 20.42.73.24:443 tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 bag.itunes.apple.com.edgesuite.net udp
US 17.137.170.36:443 tcp
US 17.171.98.2:443 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 api2.smoot.apple.com udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 clients1.google.com udp
NL 142.251.39.110:443 clients1.google.com tcp
US 8.8.8.8:53 17-courier.push.apple.com udp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
NL 142.251.39.110:443 clients1.google.com tcp
US 8.8.8.8:53 www.icloud.com udp
NL 23.206.110.57:443 www.icloud.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 cdn2.smoot.apple.com udp
US 8.8.8.8:53 cdn.smoot.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
FR 40.79.150.120:443 tcp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp
US 8.8.8.8:53 38-courier.push.apple.com udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
DE 17.253.79.203:443 gsp-ssl.ls.apple.com tcp
N/A 224.0.0.251:5353 udp
NL 142.251.39.110:443 clients1.google.com tcp
US 8.8.8.8:53 cdn.smoot.g.aaplimg.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 2-courier.push.apple.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 40-courier.push.apple.com udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
NL 142.251.39.110:443 clients1.google.com tcp
GB 17.57.146.153:5223 0-courier.push.apple.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 symbolsdb.com udp
US 104.21.59.148:443 symbolsdb.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 172.67.179.188:443 symbolsdb.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 api2.smoot.apple.com udp
US 8.8.8.8:53 iplogger.com udp
US 172.67.188.178:80 iplogger.com tcp
US 172.67.188.178:80 iplogger.com tcp
US 8.8.8.8:53 www.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 172.67.188.178:80 iplogger.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 172.67.188.178:443 iplogger.com tcp
US 172.67.188.178:443 iplogger.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.21.76.57:443 iplogger.com tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 151.101.1.229:443 jsdelivr.map.fastly.net tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 local udp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 stun.fpapi.io udp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 pay.google.com udp
US 8.8.8.8:53 cdn.iplogger.org udp
US 104.21.4.208:443 cdn.iplogger.org tcp
US 8.8.8.8:53 ctt.ac udp
US 134.209.68.5:443 ctt.ac tcp
NL 108.177.119.127:19302 stun.l.google.com udp
US 8.8.8.8:53 smp-device-content.apple.com udp
US 8.8.8.8:53 clicktotweet.com udp
US 134.209.68.5:443 clicktotweet.com tcp
US 134.209.68.5:443 clicktotweet.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.27.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 api.x.com udp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 video.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 104.244.42.2:443 api.x.com tcp
PL 93.184.220.70:443 pbs.twimg.com tcp
US 68.232.34.217:443 video.twimg.com tcp
US 104.244.42.5:443 t.co tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 itunes.apple.com udp
US 104.244.42.130:443 api.twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 2.18.80.28:443 itunes.apple.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 apps.mzstatic.com udp
US 8.8.8.8:53 s.mzstatic.com udp
US 8.8.8.8:53 play.itunes.apple.com udp
GB 104.77.160.88:443 play.itunes.apple.com tcp
US 8.8.8.8:53 buy.itunes.apple.com udp
US 8.8.8.8:53 sf-api-token-service.itunes.apple.com udp
GB 173.222.12.27:443 sf-api-token-service.itunes.apple.com tcp
US 17.36.202.137:443 buy.itunes.apple.com tcp
US 8.8.8.8:53 amp-api-edge.apps.apple.com udp
GB 173.222.12.27:443 amp-api-edge.apps.apple.com tcp
US 8.8.8.8:53 is1-ssl.mzstatic.com udp
US 8.8.8.8:53 amp-api.apps.apple.com udp
GB 173.222.12.151:443 amp-api.apps.apple.com tcp
US 8.8.8.8:53 apptrailers.itunes.apple.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 8.8.8.8:53 odc.officeapps.live.com udp
GB 52.109.28.48:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
GB 23.48.165.161:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 search.itunes.apple.com udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
IE 52.109.76.243:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 messaging.engagement.office.com udp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
FR 52.111.231.8:443 messaging.engagement.office.com tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.135.107:443 binaries.templates.cdn.office.net tcp
GB 88.221.134.147:443 binaries.templates.cdn.office.net tcp
GB 88.221.134.147:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 apptrailers-ssl.itunes.apple.com udp
GB 2.19.157.51:443 apptrailers-ssl.itunes.apple.com tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
GB 173.222.12.246:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 swcdn.apple.com udp
RO 82.78.25.240:80 swcdn.apple.com tcp
RO 82.78.25.240:80 swcdn.apple.com tcp
RO 82.78.25.240:80 swcdn.apple.com tcp
RO 82.78.25.240:80 swcdn.apple.com tcp
US 8.8.8.8:53 swdist.apple.com udp
RO 82.78.25.240:80 swcdn.apple.com tcp
RO 82.78.25.240:80 swcdn.apple.com tcp
RO 82.78.25.240:80 swcdn.apple.com tcp
US 8.8.8.8:53 a1806.dscw154.akamai.net udp
GB 104.77.160.86:443 a1806.dscw154.akamai.net tcp
US 8.8.8.8:53 e17437.dsct.akamaiedge.net udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 c05b619361d2cac0288befbdef519546
SHA1 634e507971e2bd2697df0cdbbe8772e6fbec276e
SHA256 1b2c817978649cad70d67be41215a663790d97707b7512cfc156b488438cbec8
SHA512 86308ab30375670ff5eb886d50e3b5be5f3b7d60e0de53458e0372c0c67cbfd1c58450acb201c7d21a5f351c2b0e796d1777dbaa1e2b83ef7f69a83dac26ba20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 e251c94fc14a772dbd695b0919d4f53a
SHA1 63c2eaa2aae3f097a6ad8952064d4764fe8295e0
SHA256 2e8a5e8288abdb773269792173899a3261c3a04c2a4d07c119988542d1978b49
SHA512 92222001d9e6f4bebf5abfc02f4a0b379b33c4f7dc4e9b27170e8b2d43f7c7e017632f893619d04f01eeaa48cfd79f77c7b910cc47d74d5b81f69ea83bd69a5d

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 7d3535f2750c80fb5549715a6eb18997
SHA1 e4c3448aa704f5a1c3e3dc8c6362ec9238e38ef9
SHA256 273fc7ecbe78aaf71d4692bc0c939735d1d6b02e48b9b7b503e9554bf54980b7
SHA512 a3344e01a57099e812e88cd83577f43e0dc756a06460ceb3177dae23a15a09a77a6175d99f7704eef66dc0edbf3539afa7982686703d7a0f2cd0a729be59fe83

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 520bb9b65b89f03050030e5a985b9cd1
SHA1 91defba6d4540d4c8ede177730d104d747e8f57b
SHA256 6bb23965fd46b9ffe67a1cdb2144943543894e063c05db3a4de54e94b84968a0
SHA512 81eebb3eda761a9ecc94aa9564deab4d476522d94025ec19e002e91b12b7fbf2bffda23e7c393c09cb91b6ecd953ec1bf39ef5f787058b70289a5a5d777f0cf6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 16a15c7222b5f487f9e47219bec96c9e
SHA1 47bb4748ff46c6365fb2bf5b22ca60387b4f42bb
SHA256 9ae1d6f1888fc41b8d9c6315df10394ef187eb1f57ac0abe48c5606b3277463c
SHA512 41595eb4b33c09cf1d087977c2a49c14a2894083a4d73dc88a0c9532e6c6b546f872c7cec14a16f674ebd0137c04e690124b777e197677cb964eb9336745d919

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 4bd4e076cdb9563dfbc7bea812f6b8d2
SHA1 cb8b1e1d5abb1ab296b3109701f9f7dab86d7dc7
SHA256 8585aeda97144c699c8c461a2a54f4bb10afcc0d2ef7d4033c33d5a246a49b66
SHA512 f055dfdc3dad4eae10d8a6ec1b9d60d086614276600ede09b0306350ca8706acd269b7775156d6ff237acc2f39d8612082ab198758e4485c620ff61860d529d1

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ec947bef4adaaed45d96478df07b4f55
SHA1 ffbd892bedcda59fb002ad6f988dca9a817460d8
SHA256 ea4cbb3647148e573f6b6fd396f916479d32ce858a6bd89c0758df239007e1c1
SHA512 f72d513e5b3ceb706aa414753f4a265e18b0a7544560f2171676ce840255139ebde2ce3570ee960788cddfac0db4669b3f168dcd1db17f342421aefe0316bb4d

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 051c5b26e84dc91253ade03c56a0e230
SHA1 b39f3f404a9e996432f957c183ea3fb18112ddf4
SHA256 9055628e5d1c2daf2823d6c7164057972ace3415eb23e0d88e2baedaab07d050
SHA512 6b5a15b21fc1e68d710271bbdbe61c0bd14177c6901904f5b2dda1910ccefa347bbbcef1f4ed3f38b2f42011b0b6149b6326d2b4e9a9b7921b3d7f80254809b1

/Users/run/Library/Safari/Favicon Cache/favicons/FC676C2FCCE648ABA07AD2DE7A32C211

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

/Users/run/Library/Safari/Favicon Cache/favicons/E6748539A5E6437C1A9B36FAC58FEEB5

MD5 0a362a1a0cf4cc6bc56d65db8049dd6f
SHA1 ebfd1b824377525e1588719e935bf4b06349cddf
SHA256 d994f806b1e4225b50be5ab681b2cecf845cc216a19a432d878cea3cb815bafd
SHA512 9bc3349815f97884a92965f5936a7abc4ee937232f305148bd6d791de0d0199c51c5a314e6f4f5efbcac925a860c8da4da6e94472471f36db7725caf4b49ac8b

/Users/run/Library/Safari/Favicon Cache/favicons/2F6F797398114E5FD06D8F80CB53E9D3

MD5 fd091849669d84145e9eb24a76b7842b
SHA1 6290d39b389def0c2d74c576b7671bd8ff4f270c
SHA256 0697eb59d59ac94e39d52153e4ecba0d939db988a7f9bfbb6be745b6ed671e29
SHA512 53c329c1e7c4cd5239c8b4bef31ec322ec503ce92772e9c3464079040dffec15b0ad859d304bb8b58e65008611ed7a78dd434072137bb2ed1321d413ff43f52a

/Users/run/Library/Safari/Favicon Cache/favicons/7843EF61415781647CBA03F0D1BDB26A

MD5 daa88084bf2ecf5e94ca54ba8e261b3d
SHA1 02ff10fd4ead7e0e17e4e787f785f59bd1c03333
SHA256 2fe3aac74619520a945f7de1175a682194a9969b3caf5dda76c3d1e28da400da
SHA512 e7e6cdc274b9b2254621da303cbca0a70fa042d81bdbdf23aad62a38eb5eef30d8a817fedbdc0a1cdd0e33254a952c1de3f96992d95fbfa289e06da3c437105d

/Users/run/Library/Safari/Favicon Cache/favicons/B06C91F8479A0A58628B4D7DBC987862

MD5 798422cf94a410f3d86a7600fc99ec9e
SHA1 cec9826b2422f9e1658e945070a3264c87aadee6
SHA256 f058e8e24636745d671762fb3c27b8efc30f35d662bfc843080184f766832398
SHA512 697f5bd2f229dc5e71e80c288907213888a5d6cc0c67f6eaa1a5405c4509edaf557ca76822e4e54869d13ebc11d948e60924a7a95ca7f15013912fa679874244

/Users/run/Library/Caches/PassKit/cache.plist

MD5 983afa02ac9bd03474cbd0754dfec41e
SHA1 696bf72962cb4a3f8872e4cca621f08657986dcb
SHA256 6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8
SHA512 398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

/Users/run/Library/Passes/WebServiceTasks_v6.archive

MD5 09dfdae412e2ce9c6666f52f76002c1a
SHA1 d175b94d9dbbc3980c77cbd1da8fa7b853cf0783
SHA256 c620ab626d4350382bd8d7c999e0f3f765e7414a02264987cc38aa428ea03260
SHA512 54bfe4cf51f958dcec06b6bf81df0000d8b4cf464d7c1eadb22450fd0f86d42558f68acfc5e6806557cb1c76b2cd9b1c310c7c1e6fcbef018579e5789e183969

/Users/run/Library/Passes/PaymentWebServiceContext.archive

MD5 690c0ea3a08f5e99b5fee65066ca7bb4
SHA1 82f7710fc2a8d859df680ab34c3cf83384464b69
SHA256 432efcef2f2296754527783a2120e80e477a36e76ce6c111b3b8bbbc383d2138
SHA512 9017b3c7663dd9423d61e681a404a2bc14166155a356302a46cd730adbe12bdcbcb61c8302c1237aa10dac2fa217de2ec4bd691085d6c6e1c53537420fa4cfb4

/Users/run/Library/Passes/ScheduledActivities.archive

MD5 40b0cb29a11fe7439a9dcd3cb645ea7f
SHA1 5b262de84191b33bef9d1c392fdab54a9707dcfe
SHA256 9b80dce04c59d121d07a171ab11fe667f6669c41a73251e7f7d96e555fcadf71
SHA512 4058e9109450cd2ade18f8566574bc05e67355f0f957ecfb41a24ddb53dcb689812d84ddbbd43191571c254e6adb74fb8d599e5120f9843b3350ca8498c75611

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/Office/16.0/microsoft powerpoint_Rules.xml

MD5 8ab603d14c51c7e7eaebe0ffb8578d5b
SHA1 a50c2f94210265d99cc7e6541348f5e4789d168b
SHA256 2578b20f1174339f1d760b25b16e2a9a0bfbfbd160f2957b5745037932bbc291
SHA512 b9a68bdd1c96e6ebd4b02dee8b80c5ed165c93bc05d7e86d9e137f6770ead2d78b6c724dac8ab654497aca6f8733ef4b6b1079cbf0e58de624024976e08a8b53

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/FontCache/systemfontmetadata.json

MD5 943bab1f6544ad06f1396f7ea77f0170
SHA1 640a6c3720d8da46884c4633271dde35afeed22a
SHA256 8eef4f3c8e7bb0ed976570636e8fd27160d71e06d39bfe44072198f6ab55b9e6
SHA512 28ac10d03e35f920fd34ca4d970b9091ccedc3dbf7428b3ceaf352c1589ebc48fc28a3544dfe94c007a53ccd50913972754c43350c236bfbf0e93db888dec624

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 66ca8efb6a87c44377e578541c6acb6e
SHA1 8cc81351307e64c1a77d5760ea900a6e5bcb43e2
SHA256 478b967f41adfcea2233a154b18d568902ad9644f5cdf13af19b523bb1886bbe
SHA512 7d5ecc6140ad2f420d6341d85d3313943360c24b641539cc327ff2ef961fc63729751793d17b3f022f483130db3662ca136d68cb21cdc26ace006b25cc4f69b3

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0d21b39886d88f2cff6ef538abc03653
SHA1 cf3b18a70716fd9b7816cfcef3ee4fbea4cec620
SHA256 0e1f2d18c12a124b25e4e61d8a41c82d5bf4fb83564bb3bf2202390d10fdce00
SHA512 8566ff93b478dec8e3fd0845a2fb6652cf962d9239077f2ab31089b2dea67a9ab9d1de1878b64b53dd87259f8dce5caabeec5422472097773afe5a339e884d72

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 e1e09531f04b52c2ba997a62b3a2b4e9
SHA1 130a7e6827f421a02a216d9dec58865506af3d62
SHA256 2ff4b6c04404f67a22244dcacf30553df46249e59567b138bc079dd7ca845dac
SHA512 fb7a0eef336eda8b2be421164ed625cbecef737dd9b5beedd61bcf5a523488873a29bfbaba626312e1302067af39137978b7e80c3e916f694024b34c4c99997b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate/swcdn.apple.com/content/downloads/47/55/002-90015-A_VSZB7DY8DG/a3aeutlgmbhbfj02uok0g73k9h4i9uz50h/InstallAssistant.pkg.partialState

MD5 bee738fe24d4bf464db35f2ae59ed5e4
SHA1 dbc21cd86bf8d454e2c9f57608dec00f80c97da1
SHA256 26864b81a5a8f59b44b81242e3076fafd457f550706a0849dd2486cad5c19283
SHA512 d4126beb637859f7d74e79c5a17cb05c2c0de5859b83a216ae931b67ed96892d85b6359fb29758e4fd7c7ee29db20673805c583d8f5ff748bbe0795ffebcdd37

/Library/Printers/InstalledPrinters.plist

MD5 3439dcb6d4ce19d3ea022b8bb17cba7a
SHA1 e412c16548b6fcc5fd488315cd70b324ca4d782e
SHA256 aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b
SHA512 8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

MD5 7ce589b1e24c70d9243fa4ed787eea0c
SHA1 4c4f26f560afe72002bcef78c24becb8720f664e
SHA256 a3811b7af4329060677ee9d5d9d9f3f852b8397ca6ddc16a4917ba40e20a9902
SHA512 582f8e05f3b076322bf89695da0b70eea8192d0768eea6f280035179b2009fdbd31ae3cda5a4796f82bd08c1d34f2c2919735769c675251bf01db37df33356c6

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/PowerPoint.Settings.json

MD5 e4e83f8123e9740b8aa3c3dfa77c1c04
SHA1 5281eae96efde7b0e16a1d977f005f0d3bd7aad0
SHA256 6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31
SHA512 bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/PowerPoint.Settings.json

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/SurveyEventActivityStats.json

MD5 6ca4960355e4951c72aa5f6364e459d5
SHA1 2fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA256 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA512 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/PowerPoint.CampaignStates.json

MD5 da7b321936a4650a446dc9236c1894ce
SHA1 4950cd50437470597303a7451ae4e8b1d98af034
SHA256 5d468a964d6ad8e3ce0e0078b7955977545c2083cdb1c8929b1bf1c40f074c1c
SHA512 e27efae91b4622e0c4838daf0752ba20cf1f21e88dbd2251adf20dc0df4859876a3d29be0a5adae8b7f5bbcbc02b9ea0f583d786a6d6b7902a55cb66fa8cb3bf

/Users/run/Library/Containers/com.microsoft.Powerpoint/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/PowerPoint.GovernedChannelStates.json

MD5 c279b05d34a20aa07bc0234458ccc37e
SHA1 e1fff46ec071384722a5da755e8202753d4f1ac7
SHA256 8863afe2073648c74d5446de3e95ad4c6bb239366fda0ff15a252d09997b6fc0
SHA512 ce456abffa8178b4d4c3eae9c61b369a18a9d60df9dec05a9fe3b98df083405f68b4262d8043663037ae396b95260c6c703b01c5bdd768189131ddbb4d64f6f0

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-03-12-15-08-00.event

MD5 4fb3679b18b28af0726b69b24f969beb
SHA1 0098a04c1ef9d2d0ae8a2d6dbc8d6394e295b0c7
SHA256 794c68041d206d08de3e692b4adb42620c3ffa1a395eb547f6d8255aa6e244a1
SHA512 280f2570946eb452605fef114146084d8cf62189292a2cd2a424485cb26108f168ce652fdb4500add07011c5547406d53a17cf3bdeab2d5385936d2534538a4e

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-62010_0B972D49-732B-4E8E-A6C2-4A9DF4619EC9/MajorOSInfo.pkg

MD5 2999ee27dcaea576fe2c2ec78413fbe7
SHA1 6bf5ebcb8b7e46e20824cfd18ced18a6f3095657
SHA256 928f1848914a90e0a9e16e8819d58f8e298244c2edcbac0f6139a33a944b632f
SHA512 1a4a805328acd1f94111fe0874513550b795f97b03f6c3a3ee80bf5d1d823c6572617344ace88c633517ccb9ecde3c4684f70fe84e48342c32161a60a097a36b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-62010_0B972D49-732B-4E8E-A6C2-4A9DF4619EC9/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

MD5 333836a7eb95f49b44940b2080fb9fc2
SHA1 3a3ae4545749d078fb34d7c01afedb11798ca663
SHA256 f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685
SHA512 2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-62010_0B972D49-732B-4E8E-A6C2-4A9DF4619EC9/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

MD5 8b4ece7adf04487c3c0892458e42d9de
SHA1 5f54a72c67c2d88ff32b57ff5b24a919e872286c
SHA256 525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb
SHA512 57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/052-62010_0B972D49-732B-4E8E-A6C2-4A9DF4619EC9/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

MD5 0bfc4a706c1f2c334cd9515e2767a41c
SHA1 ef15e54c8b55e81156a1668386cd27f77d385853
SHA256 c001ecbcde0e2e7758ff21e87292824596ea43233c6207b164d4de2b3a9b0ad7
SHA512 7c5ad039e1e788ac0ebb4942fc545b5b73edf3b6ffbcd5f48a5b198cbbd1904e57725fcaa71d8f37499778837bee93c4e4ca54ee81fad8580d0a259c6e5df07b

/Users/run/Library/Preferences/com.apple.security.KCN.plist

MD5 7606138cc162dd16e9840c27735e4f40
SHA1 826b2400103a86f74d3f2ce58461f74bc2b62e77
SHA256 a21c84888cf9c5aeae9c0d488861928384348cbdbd9597788a599692eabcf5a0
SHA512 a66e37d1bb28395d5b8105af463118c0826910a1de19e8547ae393e0d880fc05050bc902e995d2e32cba8b7e24f15df3152e35ba42cd4e3a78e6b45c77e3b6e6

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/q/052-62210/052-62210.English.dist

MD5 e3c93547313732edfc819f47193930ff
SHA1 330644f9b50c3c6aa72d55d74a22584ebb3a2f78
SHA256 3c50370c84621b17e1dc2ee89a78901d72312443ae225981c1cf5871dd58a5a0
SHA512 8e1f0f4998d2ce8c3d6f738c8abfe97b61faececb64ef49dc3192bf7bb04d18ab20c7a0fb2abaab84ff9eb388a2fc84d4077adae75d146ae3b2a07221181fcae

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/k/052-57724/052-57724.English.dist

MD5 18cd11d810b26e3bb8759fd2e7c2f987
SHA1 e6ec54d62f9e88b3deaeda391b40a389d4abc8e3
SHA256 a565811f664c20035707228761d76e12472f25a0d1eb10c2b569c5659906ae5d
SHA512 e4eed2e3a1c2800134013ca0c41c14c760fb12479d307cf6d6dda089bd20253550da46605443b9bde3090ede8aed9f3fd8c3a8af76612b22ad70e6f02224f04b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/e/052-25574/052-25574.English.dist

MD5 968ab128ea706e0998a0f477b93b35d5
SHA1 5290f79457ceaca10f86b870175e5096de273281
SHA256 275cccf0e27e7b1a61f26a627c778bc3a8078d953b3896f39f3fb734957361a8
SHA512 0298a3ff7a8b2c9919b10b2452b9550a9138730241f75fbab35fe2db3d778a1293aff4940148101f45a81532979f6c8d0f119924fc1f4dd8dce976909bdd0964

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/g/012-04872/012-04872.English.dist

MD5 84af1f7a03435cfef5fbcffb7a3c58c4
SHA1 966643bdee53124295304e3fc6ad4e09a988222a
SHA256 4286594444bfc059d0fc98d4048ba91b4aba3c5072dcda73c8851e650b836166
SHA512 0ced3739663a028a1a3dd6155e64650454a0967573fc42c64862fab7355c4e682477a7a3fd56ce2a151a33baa8dd8fa3749e7ff543c1d49c10e3198267fafbcf

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

MD5 039fde10b62a2bf6f27d64a9c5707cd2
SHA1 1fec1bb88419688d49bff88f546d836aacb249f0
SHA256 18a61d12222510a388665a370d9690c6a0f69f6deda08aa9df135e9dcae98ebb
SHA512 d6fb071ca66f98bd9d5fcd35902250f263ce460dfabb7359f313af36ead28d5a6a65176d287e16d5fa4a983dd7f4f41d0588f820b2ee1b1ad0cb3c0ab2ecf8bc