Analysis Overview
SHA256
1677bc66ed7f88e9c69b31b50b5cc8a92466f01db7f422c06ae5632ec19437ef
Threat Level: Likely benign
The file CheatEngine75.exe was found to be: Likely benign.
Malicious Activity Summary
Launch Agent
Resource Forking
Launchctl
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 16:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 16:46
Reported
2024-06-17 16:51
Platform
macos-20240611-en
Max time kernel
235s
Max time network
238s
Command Line
Signatures
Launch Agent
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck | N/A | N/A |
| N/A | /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
| N/A | /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref | N/A | N/A |
| N/A | "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" | N/A | N/A |
| N/A | /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid | N/A | N/A |
| N/A | /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool | N/A | N/A |
| N/A | "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/CheatEngine75.exe"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/CheatEngine75.exe"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/CheatEngine75.exe]
/bin/zsh
[/bin/zsh -c /Users/run/CheatEngine75.exe]
/Users/run/CheatEngine75.exe
[/Users/run/CheatEngine75.exe]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 559]
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]
/usr/libexec/nfcd
[/usr/libexec/nfcd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]
/usr/libexec/studentd
[/usr/libexec/studentd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerformanceAnalysis.animationperfd]
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.preferences.softwareupdate.remoteservice 559]
/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
[/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice]
/usr/libexec/xpcproxy
[xpcproxy com.apple.softwareupdated]
/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
[/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suhelperd]
/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd
[/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.rtcreportingd]
/usr/libexec/rtcreportingd
[/usr/libexec/rtcreportingd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ncplugin.stocks 326]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ncplugin.weather 326]
/usr/libexec/xpcproxy
[xpcproxy com.apple.iCal.CalendarNC 326]
/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
[/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks]
/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
[/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather]
/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
[/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 613]
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]
/usr/libexec/xpcproxy
[xpcproxy com.apple.preference.sound.remoteservice 613]
/System/Library/PreferencePanes/Sound.prefPane/Contents/XPCServices/com.apple.preference.sound.remoteservice.xpc/Contents/MacOS/com.apple.preference.sound.remoteservice
[/System/Library/PreferencePanes/Sound.prefPane/Contents/XPCServices/com.apple.preference.sound.remoteservice.xpc/Contents/MacOS/com.apple.preference.sound.remoteservice]
/usr/libexec/xpcproxy
[xpcproxy com.apple.FaceTime.1860]
/System/Applications/FaceTime.app/Contents/MacOS/FaceTime
[/System/Applications/FaceTime.app/Contents/MacOS/FaceTime]
/usr/libexec/xpcproxy
[xpcproxy com.apple.telephonyutilities.callservicesd]
/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd
[/System/Library/PrivateFrameworks/TelephonyUtilities.framework/callservicesd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.videoconference.camera]
/usr/libexec/avconferenced
[/usr/libexec/avconferenced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.FaceTime.FaceTimeNotificationCenterService 622]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mediaremoted]
/System/Applications/FaceTime.app/Contents/XPCServices/FaceTimeNotificationCenterService.xpc/Contents/MacOS/FaceTimeNotificationCenterService
[/System/Applications/FaceTime.app/Contents/XPCServices/FaceTimeNotificationCenterService.xpc/Contents/MacOS/FaceTimeNotificationCenterService]
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]
/usr/libexec/xpcproxy
[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 622]
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 624]
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 623]
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AppStore.1900]
/System/Applications/App Store.app/Contents/MacOS/App Store
[/System/Applications/App Store.app/Contents/MacOS/App Store]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storeuid]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.adid]
/System/Library/PrivateFrameworks/CoreADI.framework/adid
[/System/Library/PrivateFrameworks/CoreADI.framework/adid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.Microsoft Word]
/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word
[/Applications/Microsoft Word.app/Contents/MacOS/Microsoft Word -psn_0_229432]
/usr/libexec/xpcproxy
[xpcproxy com.apple.XprotectFramework.AnalysisService 529]
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService
[/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storedownloadd]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.fba.2660]
/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant
[/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft Update Assistant.app/Contents/MacOS/Microsoft Update Assistant]
/bin/launchctl
[/bin/launchctl list]
/usr/libexec/xpcproxy
[xpcproxy com.microsoft.autoupdate.helper]
/bin/launchctl
[/bin/launchctl load /Library/LaunchAgents/com.microsoft.update.agent.plist]
/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper
[/Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/usr/bin/codesign
[/usr/bin/codesign -v /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PackageKit.InstallStatus]
/usr/libexec/xpcproxy
[xpcproxy com.apple.warmd_agent]
/usr/libexec/warmd_agent
[/usr/libexec/warmd_agent]
/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
[/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress]
/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]
/usr/libexec/studentd
[/usr/libexec/studentd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sessionlogoutd]
/System/Library/CoreServices/sessionlogoutd
[/System/Library/CoreServices/sessionlogoutd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/sbin/shutdown
[/sbin/shutdown -h now]
/bin/sh
[sh -c /usr/bin/wall -n]
/bin/bash
[sh -c /usr/bin/wall -n]
/usr/bin/wall
[/usr/bin/wall -n]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
[iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin]
/usr/sbin/spindump
[spindump -shutdownstall 2 -timelimit 5]
/bin/sh
[sh -c /usr/sbin/kextstat]
/bin/bash
[sh -c /usr/sbin/kextstat]
/usr/sbin/kextstat
[/usr/sbin/kextstat]
/bin/bash
[bash /private/var/install/shutdown_installer_tasks]
/bin/bash
[bash /private/var/install/deferred_install]
Network
| Country | Destination | Domain | Proto |
| GB | 51.132.193.104:443 | tcp | |
| GB | 17.250.81.67:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.17:443 | tcp | |
| US | 104.208.16.88:443 | mobile.events.data.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| US | 23.220.112.242:443 | tcp | |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | swdist.apple.com | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.77.118.121:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 2.16.170.49:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.29.216:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | geo-applefinance-cache.internal.query.g03.yahoodns.net | udp |
| IE | 87.248.100.168:443 | geo-applefinance-cache.internal.query.g03.yahoodns.net | tcp |
| IE | 87.248.100.168:443 | geo-applefinance-cache.internal.query.g03.yahoodns.net | tcp |
| IE | 87.248.100.168:443 | geo-applefinance-cache.internal.query.g03.yahoodns.net | tcp |
| IE | 87.248.100.168:443 | geo-applefinance-cache.internal.query.g03.yahoodns.net | tcp |
| US | 8.8.8.8:53 | pancake.g.aaplimg.com | udp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | profile.ess.apple.com | udp |
| US | 17.138.211.254:443 | profile.ess.apple.com | tcp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | apps.mzstatic.com | udp |
| US | 151.101.195.6:443 | apps.mzstatic.com | tcp |
| US | 8.8.8.8:53 | s.mzstatic.com | udp |
| US | 8.8.8.8:53 | play.itunes.apple.com | udp |
| BE | 104.117.77.96:443 | play.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | buy.itunes.apple.com | udp |
| US | 17.156.128.10:443 | buy.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | sf-api-token-service.itunes.apple.com | udp |
| BE | 104.90.24.24:443 | sf-api-token-service.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | amp-api-edge.apps.apple.com | udp |
| BE | 104.117.77.227:443 | amp-api-edge.apps.apple.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ecs.office.com | udp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| NL | 52.109.89.119:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | messaging.engagement.office.com | udp |
| IE | 52.111.236.4:443 | messaging.engagement.office.com | tcp |
| BE | 104.117.77.112:443 | play.itunes.apple.com | tcp |
| GB | 17.57.146.7:5223 | tcp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Printers/InstalledPrinters.plist
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Library/Printers/InstalledPrinters.plist
| MD5 | 3439dcb6d4ce19d3ea022b8bb17cba7a |
| SHA1 | e412c16548b6fcc5fd488315cd70b324ca4d782e |
| SHA256 | aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b |
| SHA512 | 8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b |
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist
| MD5 | 4091e798ff0080c1c9d024d201b795a5 |
| SHA1 | d4fea065d9499f2a27788e362681866c0f3432e6 |
| SHA256 | 55d0ed31978030eb7ab888c0da3a3546031766062ca388ca8db846524b4494d9 |
| SHA512 | 71d27fb5772aa97f772a043e32db8dbaae132d6223856a2cdd39678bf57bddf10147291cf1b53bb95790219a74cb28738442f64510e5f01fd2a7de57e9cc833b |
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/MajorOSInfo.pkg
| MD5 | d9612033a0bb5c1947be8c6d961e8dff |
| SHA1 | 89c0cdaa99797d57448dde971d42f77243881ff8 |
| SHA256 | e28ab534af7c6c3e135800e7f83d8c979227d8553b767a998574bf8c63a7d31c |
| SHA512 | dae630a872b120f404abed9f8274393591ef6e30caed5579041b6878c5b2cbb24800be26666291e8c094fd4639c030155bd753f6a7bd4e84c4658b4f84cf5f37 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist
| MD5 | 333836a7eb95f49b44940b2080fb9fc2 |
| SHA1 | 3a3ae4545749d078fb34d7c01afedb11798ca663 |
| SHA256 | f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685 |
| SHA512 | 2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings
| MD5 | 8b4ece7adf04487c3c0892458e42d9de |
| SHA1 | 5f54a72c67c2d88ff32b57ff5b24a919e872286c |
| SHA256 | 525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb |
| SHA512 | 57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_B95B41E4-0FA2-4259-B671-7D193D461B99/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns
| MD5 | 6691db1a52f872d5e2558838b1300191 |
| SHA1 | 1aae9d9580239f60271c9221dd07e45fe672ef76 |
| SHA256 | 0dcf31da652109b8f6c02f07085dd415256b8f75fe284dfc4cf1f59df16e05f7 |
| SHA512 | 39a515bcfb179000d824b504874ed5c23bd4fde10c87b6792ddf33990f35e53253e0864b7be76804acfdca4c3549a0e424b4db2086c74594a47436b39c10dcd5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95d1f6a479ea836bed553646ebef85c1 |
| SHA1 | 19da469018294e373c788d888e5c55e0bb18695e |
| SHA256 | fc78047a7293b7fba3abe949497f397804f86e2ff04c29c4a549df60aa877aa2 |
| SHA512 | 3f9b8aa7efc6cbbcf6672e0d08a630178c653894d800e9125ed18774de105bc564b097120e98b5711cec5d05d95b41fe822019bc10038055eabf341b0c12845d |
/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist
| MD5 | 5a5fef76bf1976d4cbd256957830cec4 |
| SHA1 | 76b8a2d107e4bf9b7c6eb625bd5794e18e57dd40 |
| SHA256 | 93edc92b03ff33c4d5123f624ad79048d31a8fff32f733a18b434aa2f2e7777f |
| SHA512 | 3ed315c85ed9bb4bfd8317a04de79e264a86eb2f8d0b6dadc16710431fbbc10b7d5f46e247427b392a5348ac3e0585f9bad30f3e4a3760d31ee3d15741f13736 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 6ae4670377c555eeed2a7754e42773f4 |
| SHA1 | 8e587cdd6aa2b68862ac189ad01e54d2847a7774 |
| SHA256 | 0ee413081ff7580eb7d9648b156e99d559ff9678b07d1b3a3934e0b9f7e18fb7 |
| SHA512 | 9ef1829f501bd66846e0d7fe6c186aef2213b08549b074d983472b35c6743fdff22dea63268d2fa654e68947e7a1fa25fe7f6d0b36393e468cc92dbacaf354e2 |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 6a003f481271c02af78da8a88c027e77 |
| SHA1 | 406c84d153484637bef5406c3ac90d5e78a97dd9 |
| SHA256 | 83fecf8998b2010bd2d66873bdefe2acf7f0ab9d22bc6ff658f5917fd7ae37fa |
| SHA512 | 48f7e8d4802b2901b24bf904af8011cca18fb75a459fe2a2a28826dc7f0bf579812651d96cab77e07da729f1d30d7f1cfef94b0e5692f36111569bc1ce572369 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | b5ed1a4aa9f5eb7122af5b836de7cefc |
| SHA1 | 50f9e5dbb61125650245824f2bc6b466ede59bf6 |
| SHA256 | c81bb42621fd0e666a3863f06db96ab6f5f2631cf135d41e2916c25d973c1056 |
| SHA512 | 3986a6f6457f3f794a04034f6d905cdb7ab37e67fd3d266a1aa7bf5deaeb544097d0c8668642288f2a6dfb33f343147241d2130abbff33f20140c6608f4a1211 |
/Users/run/Library/Caches/com.apple.systempreferences.imageCache
| MD5 | cbffa14ffde3f37eaa89da81a3607668 |
| SHA1 | 08321121d89288cdc0623665c8672c34195fb067 |
| SHA256 | 4e7afe8d21b3b308ee2c9b4476c27aceab15c32884b40d71a9a67a4679a95bb7 |
| SHA512 | 1652208da227c4e69c49e02f233bd469cbb0ab7d63d5ab5f6822da9c3b545721c44559e37f473997ca343da49324417c1684b69cbd49b0756e0c4dcb5b15c2a4 |
/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-17-16-47-50.event
| MD5 | f1669075dfdaf49203a1f27064df0534 |
| SHA1 | d0e0372eefaaa9ae08eae96dec5e1b25b95ce176 |
| SHA256 | 28ffddec5ed1aeaf02a7c6d837f97e59828a9381948b5dab4b4deea749bb1632 |
| SHA512 | d04fe796b31dcde935bf9312e95be28412077159fde2f13e9a53c9474c302ee30de9226265950964379a60a8e1d2916543a59f7150c0549963830924e40fc4e9 |
/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-17-16-47-50.event
| MD5 | 6f9b786bc7c646c63b22375df222c879 |
| SHA1 | ca8298b0e30e6c124696566ea80fe60e30352de6 |
| SHA256 | fb0ace6c52f631fd38c438d66074de17f04d26d19bad648ae533de379c72a942 |
| SHA512 | 28076f3f33d28276800a76f6430b3a884e9353a72ba66f1e9bef3640ee18354bbb59e56c84add9133da629c056f23594fa6c9ae12bcad9235a6deb61d174b509 |
/Users/run/Library/Group Containers/UBF8T346G9.Office/FontCache/4/PreviewFont/hier_officeFontsPreview_4_40.ttf
| MD5 | 8c638d09eea80c9b1963af8cc35870a5 |
| SHA1 | f67fc7503e05b99f232945bc1bbb7d50bc70f88d |
| SHA256 | 4bcfa32557e0bfffd5766cf6057b9e04ac9af9c101033fd305fba7190305a385 |
| SHA512 | b1cee1f2e0f2cdd2611c1af18d5cd3b481da6c7c761cc74f2fc9c99025215a8c03f117bd1f8cdd3fa01210c542ba9e1c7246954e43ce100c84b1ea4082000c07 |
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/microsoft word_Rules.xml
| MD5 | a98417637f615e1d9ae2c2c480f85f2e |
| SHA1 | 501bd22bddeea1caded9716d69c927ed05960328 |
| SHA256 | e992d0cba50a2a01836e44a92aff3bfa7909d91c3697609a7cadb10c38cbb122 |
| SHA512 | 36ae742c2c2c4a3a61b01ad521b39fb4c0881656b1b0090081b4055fdc1ad8075296e2d3878068a4ae9d53af65660c43c1c13309a58739eeec49494962700b25 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 2a315428aa56c1a07853f5b85e8e9e49 |
| SHA1 | 0709d9a89de260d3e86cc5b9cf929ea1d5763cdc |
| SHA256 | 07965c2c178a1a51c2ddd581930cb859669a5d1bd4474398b4afb39f7117aec0 |
| SHA512 | 26aa30a891006e23dcb8c7546985b040bb2fcbd2722679c73c0b6bcc7e0ed1173eff451e8d514145eb370f441fa473a815e3195318e738c2834d817cf983107f |
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/SurveyEventActivityStats.json
| MD5 | 6ca4960355e4951c72aa5f6364e459d5 |
| SHA1 | 2fd90b4ec32804dff7a41b6e63c8b0a40b592113 |
| SHA256 | 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3 |
| SHA512 | 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d |
/Users/run/Library/Containers/com.microsoft.Word/Data/Library/Application Support/Microsoft/Office/16.0/Floodgate/Word.GovernedChannelStates.json
| MD5 | c279b05d34a20aa07bc0234458ccc37e |
| SHA1 | e1fff46ec071384722a5da755e8202753d4f1ac7 |
| SHA256 | 8863afe2073648c74d5446de3e95ad4c6bb239366fda0ff15a252d09997b6fc0 |
| SHA512 | ce456abffa8178b4d4c3eae9c61b369a18a9d60df9dec05a9fe3b98df083405f68b4262d8043663037ae396b95260c6c703b01c5bdd768189131ddbb4d64f6f0 |
/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-17-16-47-50.event
| MD5 | 81579ec9f888b78333732278e9941311 |
| SHA1 | af9d458e50d29be032f7f9f4b909e7e2f3d12e2d |
| SHA256 | 466e6377baa649facf54020a5035e3b3ef494c78133170ba54dbad6191221e90 |
| SHA512 | a0b2e0c8f67581e133d0741d6e31a168bdcba861cc6d3307cccd8d34a4885b5ac95125f24539462a112e06fbcf2634f7679b50ae23e52000f6adb0e135894b0c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt
| MD5 | 89210a6a4e9f117e80c44ab7543c374a |
| SHA1 | d676663e3bc3aea337c6e0563dd67b700c9d5ac8 |
| SHA256 | 45bff1d4c08e061cd12f1d58a8cc209df01f305dede22862760a7bed11c77ec1 |
| SHA512 | dd17a26851875bb9c2fc04798055d0d33cc9b063075090b4bf1916ec6436e4491da29ef8cb4908004ad486054996433b37b48078c1491f722b1452bc0e0767f5 |