Malware Analysis Report

2025-08-05 22:26

Sample ID 240312-s3a2dsef79
Target Badmashlaunda
SHA256 9e9b9352d3b6aed9f9a5e7376009771260e9a35c6ee31a73433e755b8a841ac6
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

9e9b9352d3b6aed9f9a5e7376009771260e9a35c6ee31a73433e755b8a841ac6

Threat Level: Likely benign

The file Badmashlaunda was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-12 15:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-12 15:38

Reported

2024-03-12 15:41

Platform

macos-20240214-en

Max time kernel

149s

Max time network

152s

Command Line

[xpcproxy com.apple.pluginkit.pkd]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.apple.pluginkit.pkd]

/usr/libexec/pkd

[/usr/libexec/pkd]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Badmashlaunda.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Badmashlaunda.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Badmashlaunda.html]

/bin/zsh

[/bin/zsh -c /Users/run/Badmashlaunda.html]

/Users/run/Badmashlaunda.html

[/Users/run/Badmashlaunda.html]

/bin/sh

[sh /Users/run/Badmashlaunda.html]

/bin/bash

[sh /Users/run/Badmashlaunda.html]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.BA457BAE-A853-4462-B822-06066E13D5A6 550]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.akd]

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.12F18BFD-7927-4F3F-9ACE-6EAC576D8344 550]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterDA6CE80A/OneDrive.app]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SearchHelper 550]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SafeBrowsing.Service]

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service

[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.52415089-DECF-405E-8B38-B3547D383DC9 550]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.EBA89BC8-E806-432B-9F4B-574A406397DD 550]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.F5A2832D-547B-4CFD-B524-AC62984E9977 550]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.636CEB02-2734-42D5-BA80-EAA916D32F5F 550]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoted]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.SandboxHelper 581]

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper

[/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.accessibility.mediaaccessibilityd]

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd

[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.speech.speechsynthesisd]

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 2-courier.push.apple.com udp
GB 17.57.146.12:5223 2-courier.push.apple.com tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.85:443 a1366.dscapi6.akamai.net tcp
GB 104.91.71.86:443 a1366.dscapi6.akamai.net tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
GB 51.105.71.136:443 tcp
US 8.8.8.8:53 api2.smoot.apple.com udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 clients1.google.com udp
NL 142.251.39.110:443 clients1.google.com tcp
NL 142.251.39.110:443 clients1.google.com tcp
NL 142.251.39.110:443 clients1.google.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
NL 172.217.23.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 www.oracle.com udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 a68.dscw27.akamai.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 173.222.14.94:443 www.oracle.com tcp
GB 173.222.14.94:443 www.oracle.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 tms.oracle.com udp
US 8.8.8.8:53 d.oracleinfinity.io udp
US 8.8.8.8:53 dc.oracleinfinity.io udp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 oracle.112.2o7.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 tags.tiqcdn.com udp
US 8.8.8.8:53 consent.trustarc.com udp
GB 92.123.128.157:443 d.oracleinfinity.io tcp
DE 147.154.150.92:443 dc.oracleinfinity.io tcp
FR 3.162.38.103:443 tags.tiqcdn.com tcp
FR 52.222.201.12:443 consent.trustarc.com tcp
FR 3.162.38.111:443 tags.tiqcdn.com tcp
FR 52.222.201.16:443 consent.trustarc.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
FR 52.84.174.33:443 tms.oracle.com tcp
FR 52.84.174.33:443 tms.oracle.com tcp
US 8.8.8.8:53 cdn2.smoot.apple.com udp
US 8.8.8.8:53 cdn.smoot.apple.com udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 only-fans.uk udp
US 104.21.41.236:80 only-fans.uk tcp
US 104.21.41.236:80 only-fans.uk tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 www.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 104.21.41.236:443 only-fans.uk tcp
US 172.67.196.185:443 only-fans.uk tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 104.21.41.236:80 only-fans.uk tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 104.21.41.236:443 only-fans.uk tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 216.58.214.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.37.220:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 cds.apple.com udp
US 8.8.8.8:53 help.apple.com udp
GB 23.44.233.108:443 help.apple.com tcp
GB 23.44.233.108:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
GB 17.57.146.12:5223 47.courier-push-apple.com.akadns.net tcp
US 8.8.8.8:53 41-courier.push.apple.com udp
GB 17.57.146.12:5223 41-courier.push.apple.com tcp
US 8.8.8.8:53 8-courier.push.apple.com udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 79701da921a609cdeefa7a94aea0e4de
SHA1 56f3c6bc18ea0d5ad7c3f38ddcc71d73d46ab494
SHA256 c18ec90be42d1861c5fc1e7ccf95f4b0bf5b64ac503730c5b59d637062da1610
SHA512 37c1f78ee93902d3db02b8c2fc98b43ada02c86a997a6f5deb7e275de8c8fc034647a24d815b3dfa9802a3ab1773be7baf4af290664820f3b5f0959f0fe0093b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 d5c88055bb725414f2e6679ed2df4510
SHA1 1586c986a5531d9933a9702520ebaa3d86186b49
SHA256 64218c90179befa33176d0e4fab02e3426fb216d9977ba06dca17aa94ccb8de5
SHA512 31bf93b595ade2a539790932542cb9ef0ecab6079d3a61d4bb764eb70bbb6331b5975c6ce345b458352eeb59f09c2f5084ed1abe5daddaa5230d47789e5e40da

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 d3c3ba0218c6811b32db59f995699f1d
SHA1 efb9bbfe3ecfd9383cda4617341e8d557e40aef1
SHA256 2ca2562ff218940615d20ed1a89bc225f7057b919ce2975e902648d17867561a
SHA512 154de70edd58262426591aca7d97822bb7ac1d4f71033b0243876aed5d4be9e989a22cb3b368a98d80d14c256ffdf46fa2ac5303c202edef6c6f441bfc453713

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

MD5 bf100ccf8235e9546fc38e01f83061f9
SHA1 7f5d5e0061d788a86e610334372f80d360558fa4
SHA256 4717074a948bd5fd3d170c15c5f5aaf7fc90b885ae1a44d5d57615daa4ed89d6
SHA512 34657c88c30326bf0f927d6c43490f410d5749f953fe501465d3c1fe377e690c3cf104eaaeda2efe1d5641d4cee1bc15f515025263dfe5dbb6c5207752a03dc6

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

MD5 fdc1213eec00ae7806622464b98a5b9f
SHA1 bb2c6e63387a5b0b70f06383395e06ceee7704a1
SHA256 071e421c03a7770d3f0a4adb98eb36d5fcd9a01c9140f67c4e2de715e0de911b
SHA512 8e11971af89ba1f85ecd0153b9dd346cac54867eb2fb557715c1080d87d9527fffe084f4ba80c6f6474ee42389710b4de97ec483007e35f034b1ca6f53bcbacd

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

MD5 6d523c8b847b950d5bb35bea8999d5e6
SHA1 0b4f0793b0ab374e78c84331d4d47254e6fe4bbf
SHA256 444d12e19b104ff27b3604c9d37065d43f54a041da10dfb9244504598bc15369
SHA512 5f8dd0537e116a33b7913c75b2016fcec96e2701ee7a7aedb8d90e14a9cbe4475482f0c9228ef1228eced3fdfaf97a40066efd8c803db279ddb717484484b4ab

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 669ba4f46287f857f962ec3164723dec
SHA1 aec42a380eca3928aa190859f4ccc7faa81dead4
SHA256 9fb536e1f696d34d75232e41cd7b96ba08235e7185f26722e85eec90f13b5374
SHA512 fcbd7df87e78ea789935e45619177d87c5f4a10c8742d84c88d5d658939377b6d83c0afd9dae0463a15374f5950b5d19d3f3b98c90c74fa8ffe06ed7b03b8999

/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml

MD5 f627cf4820da06be8e6ff3fdec6ebfee
SHA1 993d8ec88721b9e76c3fe1f5987338a61b452bf8
SHA256 f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7
SHA512 bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 ecf35e85dcbaf12cf6a859909abb78bd
SHA1 680eaeb2f629d99834b3b25c77476eda0eb3e0c0
SHA256 8c0cd579524e78a5c25504930bc9e77293cbc4c548a05c152c24a4c5cd6257ff
SHA512 d4b5d4327fc7183636551624018f8c8ec720512132e05f008e85fe9266b23bf5542406f2424776572d0a1ec136707316864d6a4d6a61073a89e601510d0debe6

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 eac2b090ed9700b9ddf7f9617d3621b6
SHA1 a91b08b2b39ab253b1e6525d43e83d0d39131f8a
SHA256 e522d702c821111481390458c77d521ce5dca4f4b24f7fd34c07858c59a945d0
SHA512 7c0fa4f1829ddfcf0fe76db64e26ac1dc334cac6d13ba1dbe39680e3e24e0d07366bcd73d351faf394eed4b4acccb2aefae9bd7e61303019c79357f27262a9c8

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 6523a084f3df0e178935981daaba52bc
SHA1 0df70617639ec931f92089bf14ef6a785d483d56
SHA256 45b6028b88f774baf7a9c00d2c009c7bdca28f4d236b641535dbf31a566919a1
SHA512 fb2528c34e1384678ed815e9e3117872b7ad2d4870de1711de4a3f3663a3acd16764b2d299c8f88ba939bd0b65b6300a4ac9ae0e981abddc63ac3d1ae96ef4be