Malware Analysis Report

2024-10-10 07:35

Sample ID 240616-tl1q6azcqh
Target sample
SHA256 8f9b8e92a9625cb2bee89a7c370e909ab900a633c3d44b0add6172cae4937730
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

8f9b8e92a9625cb2bee89a7c370e909ab900a633c3d44b0add6172cae4937730

Threat Level: Likely benign

The file sample was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 16:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 16:09

Reported

2024-06-16 16:14

Platform

macos-20240611-en

Max time kernel

179s

Max time network

184s

Command Line

[xpcproxy com.apple.pluginkit.pkd]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager N/A N/A
N/A /System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/AXVisualSupportAgent.app/Contents/MacOS/AXVisualSupportAgent launchd -s N/A N/A
N/A /System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.apple.pluginkit.pkd]

/usr/libexec/pkd

[/usr/libexec/pkd]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/sample.html]

/bin/zsh

[/bin/zsh -c /Users/run/sample.html]

/Users/run/sample.html

[/Users/run/sample.html]

/bin/sh

[sh /Users/run/sample.html]

/bin/bash

[sh /Users/run/sample.html]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater66017B75/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.iChat.1880]

/System/Applications/Messages.app/Contents/MacOS/Messages

[/System/Applications/Messages.app/Contents/MacOS/Messages]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imdpersistence.IMDPersistenceAgent]

/System/Library/PrivateFrameworks/IMDPersistence.framework/XPCServices/IMDPersistenceAgent.xpc/Contents/MacOS/IMDPersistenceAgent

[/System/Library/PrivateFrameworks/IMDPersistence.framework/XPCServices/IMDPersistenceAgent.xpc/Contents/MacOS/IMDPersistenceAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.toolbox.reporting.service]

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/CAReportingService.xpc/Contents/MacOS/CAReportingService

[/System/Library/Frameworks/AudioToolbox.framework/XPCServices/CAReportingService.xpc/Contents/MacOS/CAReportingService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.rtcreportingd]

/usr/libexec/rtcreportingd

[/usr/libexec/rtcreportingd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CharacterPicker.FileService]

/System/Library/PrivateFrameworks/CharacterPicker.framework/Versions/A/XPCServices/com.apple.CharacterPicker.FileService.xpc/Contents/MacOS/com.apple.CharacterPicker.FileService

[/System/Library/PrivateFrameworks/CharacterPicker.framework/Versions/A/XPCServices/com.apple.CharacterPicker.FileService.xpc/Contents/MacOS/com.apple.CharacterPicker.FileService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.fmfd]

/usr/libexec/fmfd

[/usr/libexec/fmfd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 591]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.iCloudHelper]

/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper

[/System/Library/PrivateFrameworks/AOSKit.framework/Versions/A/XPCServices/com.apple.iCloudHelper.xpc/Contents/MacOS/com.apple.iCloudHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 625]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.softwareupdate.remoteservice 625]

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice

[/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.softwareupdated]

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

[/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suhelperd]

/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd

[/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SoftwareUpdateNotificationManager]

/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager

[/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues

[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preference.universalaccess.remoteservice 625]

/System/Library/PreferencePanes/UniversalAccessPref.prefPane/Contents/XPCServices/com.apple.preference.universalaccess.remoteservice.xpc/Contents/MacOS/com.apple.preference.universalaccess.remoteservice

[/System/Library/PreferencePanes/UniversalAccessPref.prefPane/Contents/XPCServices/com.apple.preference.universalaccess.remoteservice.xpc/Contents/MacOS/com.apple.preference.universalaccess.remoteservice]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.telephonyutilities.callservicesd]

/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd

[/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 655]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.accessibility.AXVisualSupportAgent]

/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/AXVisualSupportAgent.app/Contents/MacOS/AXVisualSupportAgent

[/System/Library/PrivateFrameworks/UniversalAccess.framework/Versions/A/Resources/AXVisualSupportAgent.app/Contents/MacOS/AXVisualSupportAgent launchd -s]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputMenuAgent]

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent

[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputSwitcher]

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher

[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccessibilityVisualsAgent]

/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent

[/System/Library/PrivateFrameworks/AccessibilitySupport.framework/Versions/A/Resources/AccessibilityVisualsAgent.app/Contents/MacOS/AccessibilityVisualsAgent]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.6:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.16:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.139:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
BE 23.55.96.225:443 tcp
US 8.8.8.8:53 swdist.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 2.21.185.87:443 help.apple.com tcp
GB 2.21.185.87:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.imdpersistence.IMDPersistenceAgent//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.imdpersistence.IMDPersistenceAgent//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 2ad2862170ecffa776b030dc2c41e32a
SHA1 c57805a57f323e545a73deff24504a0de344e85d
SHA256 948c602d37d54720ba868bf3c66caf38cc2ec7c7cfe0cc2dbeca6ccec582e6da
SHA512 1392e12d02984e7c0ef45f820883fb229ddecd973d56f50c775fa4e970adf33f9f98940c4bdc863af75adde0459c63a7c5e414d00611de646b92c7a0761b80ef

/Library/Printers/InstalledPrinters.plist

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Library/Printers/InstalledPrinters.plist

MD5 3439dcb6d4ce19d3ea022b8bb17cba7a
SHA1 e412c16548b6fcc5fd488315cd70b324ca4d782e
SHA256 aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b
SHA512 8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

MD5 fdfd66dddcac4e2e2fbc11b5fe1e19e3
SHA1 dc4e17ecd620c29a7fcf5c0800901df456982bc1
SHA256 d6e943cf79fcf97c0bf26d8fc4c542d90a64e0f85493fd3aed18a4214f98a527
SHA512 e800b56fd544d19ee5ac6e09ecb9e3bd2603a3c40ca87cb4ccaace773fef45234703754c2610164f39972069215ca0a0e6858c89bb0d9860ec18c540f702271d

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_E1212292-4F4A-4EF7-9C25-3126AF83C19F/MajorOSInfo.pkg

MD5 d9612033a0bb5c1947be8c6d961e8dff
SHA1 89c0cdaa99797d57448dde971d42f77243881ff8
SHA256 e28ab534af7c6c3e135800e7f83d8c979227d8553b767a998574bf8c63a7d31c
SHA512 dae630a872b120f404abed9f8274393591ef6e30caed5579041b6878c5b2cbb24800be26666291e8c094fd4639c030155bd753f6a7bd4e84c4658b4f84cf5f37

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_E1212292-4F4A-4EF7-9C25-3126AF83C19F/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

MD5 333836a7eb95f49b44940b2080fb9fc2
SHA1 3a3ae4545749d078fb34d7c01afedb11798ca663
SHA256 f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685
SHA512 2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_E1212292-4F4A-4EF7-9C25-3126AF83C19F/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

MD5 8b4ece7adf04487c3c0892458e42d9de
SHA1 5f54a72c67c2d88ff32b57ff5b24a919e872286c
SHA256 525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb
SHA512 57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_E1212292-4F4A-4EF7-9C25-3126AF83C19F/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

MD5 0627b59c0cba37a5a22d9cd8fc73ed66
SHA1 7ab20ef039015a2f02d21f7a22d7d1b65770814c
SHA256 6ae81760326ff938e1b139ee019b7cf939e45d99470258172ce4a94fc434e5c5
SHA512 84c49b083eb589acf9aee6d09c765c132c8540c70a770bb3f6f889d2164d86886f21cb6f609612a873c8b0c7ab0387b5431cafee002f862c367671e02300eb68