Malware Analysis Report

2024-10-16 06:44

Sample ID 240618-zaebnswcpe
Target Product information_tesafilm® 57315_de-DE.pdf
SHA256 fe3c2e5c8d18becaa0e8e9b14b31faaeabe1cf2ee7bcc8c4e47e8c6d3a8f0f1a
Tags
pdf link evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

fe3c2e5c8d18becaa0e8e9b14b31faaeabe1cf2ee7bcc8c4e47e8c6d3a8f0f1a

Threat Level: Likely benign

The file Product information_tesafilm® 57315_de-DE.pdf was found to be: Likely benign.

Malicious Activity Summary

pdf link evasion

Resource Forking

One or more HTTP URLs in PDF identified

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-18 20:30

Signatures

One or more HTTP URLs in PDF identified

pdf link

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 20:30

Reported

2024-06-18 20:36

Platform

macos-20240611-en

Max time kernel

308s

Max time network

311s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd N/A N/A
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Product information_tesafilm® 57315_de-DE.pdf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pluginkit.pkd]

/usr/libexec/pkd

[/usr/libexec/pkd]

/bin/zsh

[/bin/zsh -c /Users/run/Product information_tesafilm® 57315_de-DE.pdf]

/Users/run/Product

[/Users/run/Product information_tesafilm® 57315_de-DE.pdf]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater66017B75/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputMenuAgent]

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent

[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputSwitcher]

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher

[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systemprofiler]

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information

[/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information]

/usr/libexec/xpcproxy

[xpcproxy com.apple.replayd]

/usr/libexec/replayd

[/usr/libexec/replayd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storedownloadd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.installd]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.system_installd]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.CacheDeleteExtension 597]

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension

[/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 627]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/usr/libexec/studentd

[/usr/libexec/studentd]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.softwareupdate.remoteservice 627]

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice

[/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.softwareupdated]

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated

[/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suhelperd]

/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd

[/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd]

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues

[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SoftwareUpdateNotificationManager]

/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager

[/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager]

/usr/libexec/xpcproxy

[xpcproxy com.apple.rtcreportingd]

/usr/libexec/rtcreportingd

[/usr/libexec/rtcreportingd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues

[/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.DA2E99D9-2F6A-466F-9856-64FB125BDDEE 663]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.akd]

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.04BE9D84-D45A-4E9A-8114-B9E97ADC15DE 663]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SafeBrowsing.Service]

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service

[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoted]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.64281237-A8E3-4704-A3EB-8B00EA0F3ED3 663]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.accessibility.mediaaccessibilityd]

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd

[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.coremedia.videodecoder 670]

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService

[/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.quicklook.satellite.AF32497B-4799-421C-A27F-8EB4E23E2FBC 604]

/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite

[/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.233DE54A-C02C-4BF9-8843-E1C12F7628AF]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.quicklook.ui.helper]

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper

[/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.Archive Utility]

/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility

[/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility -psn_0_233529]

/usr/libexec/xpcproxy

[xpcproxy com.apple.XprotectFramework.AnalysisService 596]

/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService

[/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService]

/usr/bin/macbinary

[/usr/bin/macbinary probe --verbose /Users/run/Desktop/payload.zip]

/usr/bin/file

[/usr/bin/file -b /Users/run/Desktop/payload.zip]

/usr/libexec/xpcproxy

[xpcproxy com.apple.archiveutility.auhelperservice 688]

/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService

[/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService]

/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService

[/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 688]

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner

[/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.B1A0E531-4B91-4804-AF93-96D7472736C5]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.4C3D6614-91CE-4E12-89BA-605AF628BD36]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.3FFA618A-42D2-4956-AB5C-B5D2ACC31778]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.3C38E088-8AF2-4D1D-9594-AD70CB2CFA40]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 705]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerformanceAnalysis.animationperfd]

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd

[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.sharing.remoteservice 705]

/System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.apple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences.sharing.remoteservice

[/System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.apple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences.sharing.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systemadministration.writeconfig]

/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig

[/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AssetCacheManagerService]

/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService

[/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.sharing.SharingPrefsExtension 714]

/System/Library/PrivateFrameworks/AMPSharing.framework/Versions/A/PlugIns/SharingPrefsExtension.appex/Contents/MacOS/SharingPrefsExtension

[/System/Library/PrivateFrameworks/AMPSharing.framework/Versions/A/PlugIns/SharingPrefsExtension.appex/Contents/MacOS/SharingPrefsExtension]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preferences.sharing.SharingBluetoothService 714]

/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/SharingBluetoothService.appex/Contents/MacOS/SharingBluetoothService

[/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/SharingBluetoothService.appex/Contents/MacOS/SharingBluetoothService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.6:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 h3.apis.apple.map.fastly.net udp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.91.71.16:443 tcp
DE 2.21.20.152:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 swdist.apple.com udp
US 8.8.8.8:53 swcdn.apple.com udp
US 151.101.195.8:80 swcdn.apple.com tcp
US 151.101.195.8:80 swcdn.apple.com tcp
US 151.101.195.8:80 swcdn.apple.com tcp
US 151.101.195.8:80 swcdn.apple.com tcp
US 151.101.195.8:80 swcdn.apple.com tcp
US 151.101.195.8:80 swcdn.apple.com tcp
US 151.101.195.8:80 swcdn.apple.com tcp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 api-glb-aeuw3b.smoot.apple.com udp
FR 15.237.18.235:443 api-glb-aeuw3b.smoot.apple.com tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
GB 216.58.204.74:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 e673.dsce9.akamaiedge.net udp
US 8.8.8.8:53 securemvt.apple.com udp
IE 17.8.130.172:443 securemvt.apple.com tcp
US 8.8.8.8:53 is1-ssl.mzstatic.com udp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
US 23.220.113.166:443 help.apple.com tcp
US 23.220.113.166:443 help.apple.com tcp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 itunes.apple.com udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 7.0.127.10.in-addr.arpa udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 6c515e6608e16cc97bf768d132939a62
SHA1 5de9eeb0718a9a0ab3aedc6a24ef1c95ec681bea
SHA256 1cc436e06df3ee5b3640aa05ad791efb03a0c50d5f2b3479a5e380a24e859d2a
SHA512 3815e51172bef1474801855ba0423af9c1d62688edad9776917c4ba4fe4492a868324206881cf5432b905dea278f1f16dd34e805abd580b8efe37a35cf219ca9

/Library/Printers/InstalledPrinters.plist

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Library/Printers/InstalledPrinters.plist

MD5 3439dcb6d4ce19d3ea022b8bb17cba7a
SHA1 e412c16548b6fcc5fd488315cd70b324ca4d782e
SHA256 aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b
SHA512 8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate/swcdn.apple.com/content/downloads/47/55/002-90015-A_VSZB7DY8DG/a3aeutlgmbhbfj02uok0g73k9h4i9uz50h/InstallAssistant.pkg.partialState

MD5 bee738fe24d4bf464db35f2ae59ed5e4
SHA1 dbc21cd86bf8d454e2c9f57608dec00f80c97da1
SHA256 26864b81a5a8f59b44b81242e3076fafd457f550706a0849dd2486cad5c19283
SHA512 d4126beb637859f7d74e79c5a17cb05c2c0de5859b83a216ae931b67ed96892d85b6359fb29758e4fd7c7ee29db20673805c583d8f5ff748bbe0795ffebcdd37

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

MD5 9ad2d94b5e92326943ebb00f86af4943
SHA1 87b2c89c0b2616ceeb9979497b683178b9e0703d
SHA256 0b3da297d821b43ef6ffe40b4627ce4294b7e3c9d52064495b6d3cf354bc5cea
SHA512 c1ac631f03c49834e5374030bb6ce164000e5afc90f2789b8a6afc86ac4906453d9b2eb7167756e4d2e568cca9aa966afbc1a28e0b013079407c420bb54491f0

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/MajorOSInfo.pkg

MD5 d9612033a0bb5c1947be8c6d961e8dff
SHA1 89c0cdaa99797d57448dde971d42f77243881ff8
SHA256 e28ab534af7c6c3e135800e7f83d8c979227d8553b767a998574bf8c63a7d31c
SHA512 dae630a872b120f404abed9f8274393591ef6e30caed5579041b6878c5b2cbb24800be26666291e8c094fd4639c030155bd753f6a7bd4e84c4658b4f84cf5f37

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist

MD5 333836a7eb95f49b44940b2080fb9fc2
SHA1 3a3ae4545749d078fb34d7c01afedb11798ca663
SHA256 f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685
SHA512 2034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings

MD5 8b4ece7adf04487c3c0892458e42d9de
SHA1 5f54a72c67c2d88ff32b57ff5b24a919e872286c
SHA256 525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb
SHA512 57edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns

MD5 6691db1a52f872d5e2558838b1300191
SHA1 1aae9d9580239f60271c9221dd07e45fe672ef76
SHA256 0dcf31da652109b8f6c02f07085dd415256b8f75fe284dfc4cf1f59df16e05f7
SHA512 39a515bcfb179000d824b504874ed5c23bd4fde10c87b6792ddf33990f35e53253e0864b7be76804acfdca4c3549a0e424b4db2086c74594a47436b39c10dcd5

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-18-20-31-46.event

MD5 497da707fedea8441e87850568537ce2
SHA1 9ca3e46b64f68a1e1e538e723c06574b6e91a1a0
SHA256 702dc0e9c7768a36a924bd00886d81d49ed993108d5cc554069ebe599e70df41
SHA512 4a2df162994d4694326de8a84a11ad4867ddaf23aac98fcc0c6f447f2a1a864fcf225f9ca678dbcc10b96e11170349b85c369119aad58498361a760163793339

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/f/062-14334/062-14334.English.dist

MD5 a7b653470ef625dad0c284de32caf4ce
SHA1 0dc4203bb17860eb9b65e8b2cbe58d5e2b029e2a
SHA256 67b630ec1b4682b514a42255ee4e21a1d5099fb7ea3ce93603cb7b550f8fced0
SHA512 3568f9d7e5c2623d77351210bbf1b5b0339a5aa2f623aed005d8eeb05210338d65625f07a724b6682d2761f41140aa3bbf8f532d542257f602633f675097d6a0

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/e/052-25574/052-25574.English.dist

MD5 968ab128ea706e0998a0f477b93b35d5
SHA1 5290f79457ceaca10f86b870175e5096de273281
SHA256 275cccf0e27e7b1a61f26a627c778bc3a8078d953b3896f39f3fb734957361a8
SHA512 0298a3ff7a8b2c9919b10b2452b9550a9138730241f75fbab35fe2db3d778a1293aff4940148101f45a81532979f6c8d0f119924fc1f4dd8dce976909bdd0964

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/x/062-16716/062-16716.English.dist

MD5 178f5ebbf05b005bdd36e0cddd2f4440
SHA1 dbccafe49f3bbf0e19c490ffdd43a349306617a8
SHA256 549acf5e9d84473c115122702794b29e794e99b00eee289c4426379d0c5afbdb
SHA512 dd55dec93677c3247cb16f0f22a1ffedd33a762b54e338573b29b4c19eddfe49f2ca5233c116b57a16be3082c3d1f54df736000fc76284cd215f1df4ccb362b4

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/g/012-04872/012-04872.English.dist

MD5 84af1f7a03435cfef5fbcffb7a3c58c4
SHA1 966643bdee53124295304e3fc6ad4e09a988222a
SHA256 4286594444bfc059d0fc98d4048ba91b4aba3c5072dcda73c8851e650b836166
SHA512 0ced3739663a028a1a3dd6155e64650454a0967573fc42c64862fab7355c4e682477a7a3fd56ce2a151a33baa8dd8fa3749e7ff543c1d49c10e3198267fafbcf

/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/ProductMetadata.plist

MD5 9ac377316f06c6a6fd99ee3e07593b87
SHA1 1dbea8980aff3e7d370a7d5599897d8ae0809da2
SHA256 0694f19b95b76c8cf749a539321a09c173543f9d5a0b12140ebe8e84c53248b7
SHA512 b9284cb2dfc836ccb6f5c5b4badbf2ca454c3da16a30030ea0b671213e7f31387046b834f9c14b6122bce94b78611e620cdea24107625ab7a3aa2e8bcd398432

/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-18-20-31-46.event

MD5 08f2f5910f1ecebc80c74258e1ff295c
SHA1 44d460a6de4aedca1c4742f31c2d590eb6487545
SHA256 21f34a1b54ddbea266e1a210e1523f8063282258e625b2cced855ab32969e524
SHA512 c95bb3f412fe3be4208bdb5995c26729512c65448a34e9164c47e500a482cfbf55447dae011213719ff4beee7c2032c1919abff3429aff5cafb542e3c5f3e8fe

/Users/run/Library/Safari/Favicon Cache/favicons/98FF4077638C1BA5BBBD6CA020AD796A

MD5 38cfdb248210ffd12a6e774119609de8
SHA1 d10a44e5d06c8a95e4c61ae770cc8f0c8d372253
SHA256 5493c61cf725cf3a1d63cd9d07de75b0d6faa5564e772f7d0a6074f341442938
SHA512 7d0ae6125e5c10d52847ac10e5200f2aaa84932ea5d10af54440c0abc27af19285cb760f0e8dad0bac4371e4b384ffaddcf235f9f1ba29e6dc41ef29deac4fba

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

MD5 355d837549cee18c4a84a77a70a2756b
SHA1 33c5de31fda7ac065b17b89a6fc9e644a03c078c
SHA256 d2547621952f15189bd0b01868fdfa09350acce54562ee432c458f664a102d44
SHA512 d4afd49ba36e5759516ac96feb0b4919a1f0bfac4c5b2c2d5f51cd35c0a17ff5a8d8a3dc117611e513be8541ef694566b540671b7b9736a8385a157e5ba5ce11

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

MD5 0bcc4233ff947f08d3d87d0a1632992f
SHA1 dbe83745fbf6dfb824d65a810111dafce5856ffe
SHA256 cb77635c5059038c7db8ad61a8b7c5acf5a6e752ead26e8cc9e2e83207b105b5
SHA512 eeb41e036563bd1f36d58849e9f2c3c313d1e84c61d505d5ce50ce81fb21100f66f6035a214900eb7cb363533a06485c2a1bc799faf7d7eb1624b750fb3467eb

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

MD5 43e320fb688db6b017a0c447a99f2e3c
SHA1 449e3aba77122668547c8b557fd473b4ea1ef72f
SHA256 5cfc622fbee9ba615c9a2a4a4c0733b1950cce10ddd18b0b7fa8b4ec60eb453e
SHA512 82b69433eed63ffd12506961eeef3bc9d4b7f65b3639393f2d6ef14a67165b19e9c0b41ec68c55e683251592bb5239127616da5408aba76d6757007435633531

/Users/run/Desktop/payload/settings.json

MD5 b35182a5d0722d6f81654bbf9755bb77
SHA1 05203798855cfdf6f32161189ee340efe27386fb
SHA256 f9169b9b0d3706f8622513a6be8a722cdcef97826f1e71476439cb387792416c
SHA512 584f5d1afd86c2492a344447039c34b2239903af5b27590371226a13bc8668afa106af8bbefcfd75ed61a247ab251c93c51ce8192347b6d5ac53bf2b44bf89f9

/Users/run/Library/Caches/com.apple.systempreferences.imageCache

MD5 ce9032fc27dc24f38c40c4116b2aec09
SHA1 617bf0e6e5838af3740393cedbf38307b7248371
SHA256 7bff5dd79349e4e42419a9f1720119cc19767df0ec1bedd6fada6a28a8be3749
SHA512 a1883e330fd3483da59388e16da1f392af2174170700093f213a1b218f3d04ae9b1d3f6d3bc9ebeb69324440de414f7a92b92739e98e5880f3b7b078b9676af1

/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

MD5 660f24d2556cea09d277fe75fceea086
SHA1 834d7f6a4d044d2000a4276435e47f626679a04a
SHA256 33cfc68d173d8a73bbefd7fc035f747f0dd90d669721ac6fb7cf822fe19088f0
SHA512 379a768bdeee988b34a817d114df99d06dfe993cdaab913c9d675489f0196ad05e044e2bc02d48b8db615cc19474f2f1f99433359a3fc5863e771337a15cf2e3