Malware Analysis Report

2024-10-16 06:38

Sample ID 240617-vadypazeqj
Target CheatEngine75.exe
SHA256 1677bc66ed7f88e9c69b31b50b5cc8a92466f01db7f422c06ae5632ec19437ef
Tags
evasion execution persistence
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

1677bc66ed7f88e9c69b31b50b5cc8a92466f01db7f422c06ae5632ec19437ef

Threat Level: Likely benign

The file CheatEngine75.exe was found to be: Likely benign.

Malicious Activity Summary

evasion execution persistence

Launch Agent

Resource Forking

Launchctl

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-17 16:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 16:46

Reported

2024-06-17 16:51

Platform

macos-20240611-en

Max time kernel

235s

Max time network

238s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/CheatEngine75.exe"]

Signatures

Launch Agent

persistence

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A

Launchctl

execution
Description Indicator Process Target
N/A /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/CheatEngine75.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/CheatEngine75.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/CheatEngine75.exe]

/bin/zsh

[/bin/zsh -c /Users/run/CheatEngine75.exe]

/Users/run/CheatEngine75.exe

[/Users/run/CheatEngine75.exe]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 559]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerformanceAnalysis.animationperfd]

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd

[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.softwareupdate.remoteservice 559]

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice

[/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.softwareupdated]

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

[/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suhelperd]

/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd

[/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues

[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.rtcreportingd]

/usr/libexec/rtcreportingd

[/usr/libexec/rtcreportingd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ncplugin.stocks 326]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ncplugin.weather 326]

/usr/libexec/xpcproxy

[xpcproxy com.apple.iCal.CalendarNC 326]

/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks

[/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks]

/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather

[/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather]

/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC

[/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 613]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preference.sound.remoteservice 613]

/System/Library/PreferencePanes/Sound.prefPane/Contents/XPCServices/com.apple.preference.sound.remoteservice.xpc/Contents/MacOS/com.apple.preference.sound.remoteservice

[/System/Library/PreferencePanes/Sound.prefPane/Contents/XPCServices/com.apple.preference.sound.remoteservice.xpc/Contents/MacOS/com.apple.preference.sound.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.FaceTime.1860]

/System/Applications/FaceTime.app/Contents/MacOS/FaceTime

[/System/Applications/FaceTime.app/Contents/MacOS/FaceTime]

/usr/libexec/xpcproxy

[xpcproxy com.apple.telephonyutilities.callservicesd]

/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd

[/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.videoconference.camera]

/usr/libexec/avconferenced

[/usr/libexec/avconferenced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.FaceTime.FaceTimeNotificationCenterService 622]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoted]

/System/Applications/FaceTime.app/Contents/XPCServices/FaceTimeNotificationCenterService.xpc/Contents/MacOS/FaceTimeNotificationCenterService

[/System/Applications/FaceTime.app/Contents/XPCServices/FaceTimeNotificationCenterService.xpc/Contents/MacOS/FaceTimeNotificationCenterService]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 622]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 624]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 623]

/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AppStore.1900]

/System/Applications/App Store.app/Contents/MacOS/App Store

[/System/Applications/App Store.app/Contents/MacOS/App Store]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storeuid]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]

/usr/libexec/xpcproxy

[xpcproxy com.apple.adid]

/System/Library/PrivateFrameworks/CoreADI.framework/adid

[/System/Library/PrivateFrameworks/CoreADI.framework/adid]

/usr/libexec/xpcproxy

[xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.Microsoft Word]

/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word

[/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word -psn_0_229432]

/usr/libexec/xpcproxy

[xpcproxy com.apple.XprotectFramework.AnalysisService 529]

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService

[/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storedownloadd]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.autoupdate.fba.2660]

/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant

[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]

/bin/launchctl

[/bin/launchctl list]

/usr/libexec/xpcproxy

[xpcproxy com.microsoft.autoupdate.helper]

/bin/launchctl

[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]

/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper

[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]

/usr/bin/codesign

[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PackageKit.InstallStatus]

/usr/libexec/xpcproxy

[xpcproxy com.apple.warmd_agent]

/usr/libexec/warmd_agent

[/usr/libexec/warmd_agent]

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress

[/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sessionlogoutd]

/System/Library/CoreServices/sessionlogoutd

[/System/Library/CoreServices/sessionlogoutd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.akd]

/sbin/shutdown

[/sbin/shutdown -h now]

/bin/sh

[sh -c /usr/bin/wall -n]

/bin/bash

[sh -c /usr/bin/wall -n]

/usr/bin/wall

[/usr/bin/wall -n]

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]

/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose

[iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin]

/usr/sbin/spindump

[spindump -shutdownstall 2 -timelimit 5]

/bin/sh

[sh -c /usr/sbin/kextstat]

/bin/bash

[sh -c /usr/sbin/kextstat]

/usr/sbin/kextstat

[/usr/sbin/kextstat]

/bin/bash

[bash /private/var/install/shutdown_installer_tasks]

/bin/bash

[bash /private/var/install/deferred_install]

Network

Country Destination Domain Proto
GB 51.132.193.104:443 tcp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.17:443 tcp
US 104.208.16.88:443 mobile.events.data.trafficmanager.net tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 23.220.112.242:443 tcp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
US 8.8.8.8:53 swdist.apple.com udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 104.77.118.121:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 2.16.170.49:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 a479.dscg4.akamai.net udp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 2.21.189.171:443 help.apple.com tcp
GB 2.21.189.171:443 help.apple.com tcp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.29.216:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 geo-applefinance-cache.internal.query.g03.yahoodns.net udp
IE 87.248.100.168:443 geo-applefinance-cache.internal.query.g03.yahoodns.net tcp
IE 87.248.100.168:443 geo-applefinance-cache.internal.query.g03.yahoodns.net tcp
IE 87.248.100.168:443 geo-applefinance-cache.internal.query.g03.yahoodns.net tcp
IE 87.248.100.168:443 geo-applefinance-cache.internal.query.g03.yahoodns.net tcp
US 8.8.8.8:53 pancake.g.aaplimg.com udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 profile.ess.apple.com udp
US 17.138.211.254:443 profile.ess.apple.com tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 apps.mzstatic.com udp
US 151.101.195.6:443 apps.mzstatic.com tcp
US 8.8.8.8:53 s.mzstatic.com udp
US 8.8.8.8:53 play.itunes.apple.com udp
BE 104.117.77.96:443 play.itunes.apple.com tcp
US 8.8.8.8:53 buy.itunes.apple.com udp
US 17.156.128.10:443 buy.itunes.apple.com tcp
US 8.8.8.8:53 sf-api-token-service.itunes.apple.com udp
BE 104.90.24.24:443 sf-api-token-service.itunes.apple.com tcp
US 8.8.8.8:53 amp-api-edge.apps.apple.com udp
BE 104.117.77.227:443 amp-api-edge.apps.apple.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ecs.office.com udp
US 52.113.194.132:443 ecs.office.com tcp
US 8.8.8.8:53 odc.officeapps.live.com udp
NL 52.109.89.119:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 roaming.officeapps.live.com udp
NL 52.109.89.19:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 messaging.engagement.office.com udp
IE 52.111.236.4:443 messaging.engagement.office.com tcp
BE 104.117.77.112:443 play.itunes.apple.com tcp
GB 17.57.146.7:5223 tcp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Printers/InstalledPrinters.plist

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Library/Printers/InstalledPrinters.plist

MD5 3439dcb6d4ce19d3ea022b8bb17cba7a
SHA1 e412c16548b6fcc5fd488315cd70b324ca4d782e
SHA256 aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b
SHA512 8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

MD5 4091e798ff0080c1c9d024d201b795a5
SHA1 d4fea065d9499f2a27788e362681866c0f3432e6
SHA256 55d0ed31978030eb7ab888c0da3a3546031766062ca388ca8db846524b4494d9
SHA512 71d27fb5772aa97f772a043e32db8dbaae132d6223856a2cdd39678bf57bddf10147291cf1b53bb95790219a74cb28738442f64510e5f01fd2a7de57e9cc833b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/MajorOSInfo.pkg

MD5 d9612033a0bb5c1947be8c6d961e8dff
SHA1 89c0cdaa99797d57448dde971d42f77243881ff8
SHA256 e28ab534af7c6c3e135800e7f83d8c979227d8553b767a998574bf8c63a7d31c
SHA512 dae630a872b120f404abed9f8274393591ef6e30caed5579041b6878c5b2cbb24800be26666291e8c094fd4639c030155bd753f6a7bd4e84c4658b4f84cf5f37

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

MD5 333836a7eb95f49b44940b2080fb9fc2
SHA1 3a3ae4545749d078fb34d7c01afedb11798ca663
SHA256 f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685
SHA512 2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

MD5 8b4ece7adf04487c3c0892458e42d9de
SHA1 5f54a72c67c2d88ff32b57ff5b24a919e872286c
SHA256 525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb
SHA512 57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

MD5 6691db1a52f872d5e2558838b1300191
SHA1 1aae9d9580239f60271c9221dd07e45fe672ef76
SHA256 0dcf31da652109b8f6c02f07085dd415256b8f75fe284dfc4cf1f59df16e05f7
SHA512 39a515bcfb179000d824b504874ed5c23bd4fde10c87b6792ddf33990f35e53253e0864b7be76804acfdca4c3549a0e424b4db2086c74594a47436b39c10dcd5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 95d1f6a479ea836bed553646ebef85c1
SHA1 19da469018294e373c788d888e5c55e0bb18695e
SHA256 fc78047a7293b7fba3abe949497f397804f86e2ff04c29c4a549df60aa877aa2
SHA512 3f9b8aa7efc6cbbcf6672e0d08a630178c653894d800e9125ed18774de105bc564b097120e98b5711cec5d05d95b41fe822019bc10038055eabf341b0c12845d

/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist

MD5 5a5fef76bf1976d4cbd256957830cec4
SHA1 76b8a2d107e4bf9b7c6eb625bd5794e18e57dd40
SHA256 93edc92b03ff33c4d5123f624ad79048d31a8fff32f733a18b434aa2f2e7777f
SHA512 3ed315c85ed9bb4bfd8317a04de79e264a86eb2f8d0b6dadc16710431fbbc10b7d5f46e247427b392a5348ac3e0585f9bad30f3e4a3760d31ee3d15741f13736

/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml

MD5 9a43af57707d2fb460832049d1f217d1
SHA1 056d813f8cb5198ca82072f7e3484f38ea5267f8
SHA256 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c
SHA512 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 6ae4670377c555eeed2a7754e42773f4
SHA1 8e587cdd6aa2b68862ac189ad01e54d2847a7774
SHA256 0ee413081ff7580eb7d9648b156e99d559ff9678b07d1b3a3934e0b9f7e18fb7
SHA512 9ef1829f501bd66846e0d7fe6c186aef2213b08549b074d983472b35c6743fdff22dea63268d2fa654e68947e7a1fa25fe7f6d0b36393e468cc92dbacaf354e2

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 6a003f481271c02af78da8a88c027e77
SHA1 406c84d153484637bef5406c3ac90d5e78a97dd9
SHA256 83fecf8998b2010bd2d66873bdefe2acf7f0ab9d22bc6ff658f5917fd7ae37fa
SHA512 48f7e8d4802b2901b24bf904af8011cca18fb75a459fe2a2a28826dc7f0bf579812651d96cab77e07da729f1d30d7f1cfef94b0e5692f36111569bc1ce572369

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 b5ed1a4aa9f5eb7122af5b836de7cefc
SHA1 50f9e5dbb61125650245824f2bc6b466ede59bf6
SHA256 c81bb42621fd0e666a3863f06db96ab6f5f2631cf135d41e2916c25d973c1056
SHA512 3986a6f6457f3f794a04034f6d905cdb7ab37e67fd3d266a1aa7bf5deaeb544097d0c8668642288f2a6dfb33f343147241d2130abbff33f20140c6608f4a1211

/Users/run/Library/Caches/com.apple.systempreferences.imageCache

MD5 cbffa14ffde3f37eaa89da81a3607668
SHA1 08321121d89288cdc0623665c8672c34195fb067
SHA256 4e7afe8d21b3b308ee2c9b4476c27aceab15c32884b40d71a9a67a4679a95bb7
SHA512 1652208da227c4e69c49e02f233bd469cbb0ab7d63d5ab5f6822da9c3b545721c44559e37f473997ca343da49324417c1684b69cbd49b0756e0c4dcb5b15c2a4

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-17-16-47-50.event

MD5 f1669075dfdaf49203a1f27064df0534
SHA1 d0e0372eefaaa9ae08eae96dec5e1b25b95ce176
SHA256 28ffddec5ed1aeaf02a7c6d837f97e59828a9381948b5dab4b4deea749bb1632
SHA512 d04fe796b31dcde935bf9312e95be28412077159fde2f13e9a53c9474c302ee30de9226265950964379a60a8e1d2916543a59f7150c0549963830924e40fc4e9

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-17-16-47-50.event

MD5 6f9b786bc7c646c63b22375df222c879
SHA1 ca8298b0e30e6c124696566ea80fe60e30352de6
SHA256 fb0ace6c52f631fd38c438d66074de17f04d26d19bad648ae533de379c72a942
SHA512 28076f3f33d28276800a76f6430b3a884e9353a72ba66f1e9bef3640ee18354bbb59e56c84add9133da629c056f23594fa6c9ae12bcad9235a6deb61d174b509

/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/PreviewFont/hier_officeFontsPreview_4_40.ttf

MD5 8c638d09eea80c9b1963af8cc35870a5
SHA1 f67fc7503e05b99f232945bc1bbb7d50bc70f88d
SHA256 4bcfa32557e0bfffd5766cf6057b9e04ac9af9c101033fd305fba7190305a385
SHA512 b1cee1f2e0f2cdd2611c1af18d5cd3b481da6c7c761cc74f2fc9c99025215a8c03f117bd1f8cdd3fa01210c542ba9e1c7246954e43ce100c84b1ea4082000c07

/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml

MD5 a98417637f615e1d9ae2c2c480f85f2e
SHA1 501bd22bddeea1caded9716d69c927ed05960328
SHA256 e992d0cba50a2a01836e44a92aff3bfa7909d91c3697609a7cadb10c38cbb122
SHA512 36ae742c2c2c4a3a61b01ad521b39fb4c0881656b1b0090081b4055fdc1ad8075296e2d3878068a4ae9d53af65660c43c1c13309a58739eeec49494962700b25

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 2a315428aa56c1a07853f5b85e8e9e49
SHA1 0709d9a89de260d3e86cc5b9cf929ea1d5763cdc
SHA256 07965c2c178a1a51c2ddd581930cb859669a5d1bd4474398b4afb39f7117aec0
SHA512 26aa30a891006e23dcb8c7546985b040bb2fcbd2722679c73c0b6bcc7e0ed1173eff451e8d514145eb370f441fa473a815e3195318e738c2834d817cf983107f

/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/SurveyEventActivityStats.json

MD5 6ca4960355e4951c72aa5f6364e459d5
SHA1 2fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA256 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA512 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/Word.GovernedChannelStates.json

MD5 c279b05d34a20aa07bc0234458ccc37e
SHA1 e1fff46ec071384722a5da755e8202753d4f1ac7
SHA256 8863afe2073648c74d5446de3e95ad4c6bb239366fda0ff15a252d09997b6fc0
SHA512 ce456abffa8178b4d4c3eae9c61b369a18a9d60df9dec05a9fe3b98df083405f68b4262d8043663037ae396b95260c6c703b01c5bdd768189131ddbb4d64f6f0

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-17-16-47-50.event

MD5 81579ec9f888b78333732278e9941311
SHA1 af9d458e50d29be032f7f9f4b909e7e2f3d12e2d
SHA256 466e6377baa649facf54020a5035e3b3ef494c78133170ba54dbad6191221e90
SHA512 a0b2e0c8f67581e133d0741d6e31a168bdcba861cc6d3307cccd8d34a4885b5ac95125f24539462a112e06fbcf2634f7679b50ae23e52000f6adb0e135894b0c

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

MD5 89210a6a4e9f117e80c44ab7543c374a
SHA1 d676663e3bc3aea337c6e0563dd67b700c9d5ac8
SHA256 45bff1d4c08e061cd12f1d58a8cc209df01f305dede22862760a7bed11c77ec1
SHA512 dd17a26851875bb9c2fc04798055d0d33cc9b063075090b4bf1916ec6436e4491da29ef8cb4908004ad486054996433b37b48078c1491f722b1452bc0e0767f5