Analysis Overview
SHA256
f91d32810260f25e95f93341f8ed47d6ca2d554ce9dbca78ab553a66117aedf6
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
JavaScript
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 11:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 11:35
Reported
2024-06-11 11:37
Platform
macos-20240410-en
Max time kernel
91s
Max time network
89s
Command Line
Signatures
JavaScript
| Description | Indicator | Process | Target |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar | N/A | N/A |
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
| N/A | /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/sample.html]
/usr/libexec/xpcproxy
[xpcproxy com.oracle.java.Java-Updater]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/bin/zsh
[/bin/zsh -c /Users/run/sample.html]
/Users/run/sample.html
[/Users/run/sample.html]
/bin/sh
[sh /Users/run/sample.html]
/bin/bash
[sh /Users/run/sample.html]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]
/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.B5235A83-5CD5-4918-8D92-3059AE478019 513]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.9EEDBD60-BCCB-4DE5-B6F5-85301447B5E0 513]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.iCal.CalendarNC 328]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ncplugin.stocks 328]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ncplugin.weather 328]
/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
[/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks]
/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
[/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC]
/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
[/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.1E49506F-23F9-4E80-A074-6F1450D3A809 513]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SafeBrowsing.Service]
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.AB31BDBB-D333-476E-8A90-670D91D516B2 513]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.0F1A01BC-FF67-4AD7-86ED-F4B77B16E2A7 513]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.4DDEA55D-7EEB-4F5F-9733-08FF5595B7D4 513]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SearchHelper 513]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.quicklook.ui.helper]
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
[/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.JarLauncher.2128]
/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher
[/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -jar /Users/run/tmp/hello.jar]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AppStore.1900]
/System/Applications/App Store.app/Contents/MacOS/App Store
[/System/Applications/App Store.app/Contents/MacOS/App Store]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storeuid]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.rtcreportingd]
/usr/libexec/rtcreportingd
[/usr/libexec/rtcreportingd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.coremedia.videodecoder 561]
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
[/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.accessibility.mediaaccessibilityd]
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.67.6:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.73.27:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | api-glb-aeuw3b.smoot.apple.com | udp |
| FR | 15.237.18.235:443 | api-glb-aeuw3b.smoot.apple.com | tcp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | apple-finance.query.yahoo.com | udp |
| IE | 87.248.100.168:443 | apple-finance.query.yahoo.com | tcp |
| IE | 87.248.100.168:443 | apple-finance.query.yahoo.com | tcp |
| IE | 87.248.100.168:443 | apple-finance.query.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | doodles.google | udp |
| GB | 216.58.212.241:443 | doodles.google | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.241:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 216.58.213.14:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | cdn2.smoot.apple.com | udp |
| US | 8.8.8.8:53 | cdn.smoot.apple.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | itunes.apple.com | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | apps.mzstatic.com | udp |
| US | 8.8.8.8:53 | s.mzstatic.com | udp |
| US | 8.8.8.8:53 | buy.itunes.apple.com | udp |
| US | 17.156.128.10:443 | buy.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | play.itunes.apple.com | udp |
| BE | 2.17.107.186:443 | play.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | sf-api-token-service.itunes.apple.com | udp |
| BE | 23.55.96.25:443 | sf-api-token-service.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | amp-api-edge.apps.apple.com | udp |
| BE | 2.17.107.155:443 | amp-api-edge.apps.apple.com | tcp |
| US | 8.8.8.8:53 | is1-ssl.mzstatic.com | udp |
| US | 8.8.8.8:53 | apptrailers.itunes.apple.com | udp |
| US | 8.8.8.8:53 | amp-api.apps.apple.com | udp |
| BE | 23.55.96.123:443 | amp-api.apps.apple.com | tcp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
| MD5 | cff401c364970f8137b0c41e57d549ef |
| SHA1 | a4c5b49e92361e0c3587ee106b11b143585e3b0b |
| SHA256 | 899ab34c300b83f0631f9dbd3dda28104cd4b52d689690e99e62e51d141f0e26 |
| SHA512 | fae8308884f7539d61b5e0efbb70ba4106c19169b04d4ac51dad468f850e2ede79bb26f62a1da9a0c82d42023c250cc4d0fd49e37013582728d4edce49686d5c |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
| MD5 | 1434d9567aafded7678dd6adeb2a3e94 |
| SHA1 | b3119a748b6abae286cef944212ad11d897c5ea0 |
| SHA256 | ef45d0028c4275031c03b3e00e29ecdbe28a8f9084fe3cf25b4e61e120d58232 |
| SHA512 | 41860dce24ea22a1716b5920dd770544907583fda6e824df640693e8c03af5d15f24a01cb0631244844ff1fc23186b8f984312b6127a51504375e3507e93ce67 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
| MD5 | b87a28c42a8c3c901bd53520fa00a568 |
| SHA1 | 22c133c950b99affaf5f2f0da20bc8f390ec90a9 |
| SHA256 | 1a075f16e0b0aaac3612bdf39118329489e573406325f2e651ef32ee0091e0ec |
| SHA512 | 8ac67ec44ebb0cfac79135112d1837bbd9a64643b6aae9068483c9c72abc15a2046b8092fb82d13b35968408d368c8bdbd5cd8a1c09dc77fb36a27545c9f5b4b |
/Users/run/Library/Safari/Favicon Cache/favicons/937D62F6A84284E4EDF46E5F016D186A
| MD5 | 919a16ae2de3bc543f19d3c8ceede9c4 |
| SHA1 | 31d41b3e184cbb7effe7a475b7ed3bba376ea9d3 |
| SHA256 | b6150bf94bf356fbca8639490fec589e19e896ffcd3ec3c651605b5733ef03e9 |
| SHA512 | e62023e2a88d088612f25ca508021aa79d3e43c81efcf4740d6825ae92be0b83161d84cbc6b562662e851f3e912323b704fe287f50e4202f2ba451a07358c1c2 |
/Users/run/Library/Safari/Favicon Cache/favicons/067EC0DCF7EB00AECEAAE5EAD338A875
| MD5 | 4f72663012543ad7cfa1dd5d78dc5af0 |
| SHA1 | 069001eaaa436c30a43a0c6073c3d31ad4a7d21a |
| SHA256 | 133e23f3ccf9be03dbd128bb941c6042b66f3ea331650c79f992ea88ee1a7d77 |
| SHA512 | d112f52124d0a70a36c0f0fd30dcf0b2b597f079c07aa7d772025bf5e1286b35846fc9bcfe99ca07d62ceb342c9ce84651d17dc69c8871b297bfe140a791c0e6 |
/Users/run/Library/Safari/Favicon Cache/favicons/C44B2F96CCF24BBBA3F1AF3899A740D7
| MD5 | 12ce3ae25e7d9c8f79686f4d7beb5e64 |
| SHA1 | 83963532b5fcdf1c152bd85e29f7f38abe6d63bf |
| SHA256 | 9e84d0f4aeb91bda595238a825824cb672a1f78915788229f3d34fefa4f4d7f4 |
| SHA512 | b31465a626630ba32c8cd131148eebe6a9078d4814a9a265bf12746558509fdd2c7abfc58cb8233b87cb3ba236615b16cffb67a5ebe9885a7f42beea3d487999 |
/Users/run/Library/Safari/lock/details.plist
| MD5 | 44402a84ee5c6c6a51f7669c3b72c096 |
| SHA1 | 27232bf2f4805c71f2cf588b773ad2d0b5bc11fd |
| SHA256 | 63b59b8cff0b95cf55bfbf4205b525c5d53bc6963db467e2ffef513329d661e7 |
| SHA512 | 2406c76230ae859c106ad27c30d7ab9d8ebcbba4b063e69c6b14c4afa02e0d1dda3367048c0c978ca385444d220369d4b567038c2680439eb45c0755e8f73a45 |
/System/Volumes/Data/Users/run/Library/Safari/Bookmarks.plist
| MD5 | 2ef2280f7ca19262cc8298f29a37a223 |
| SHA1 | 9cbc7f87d4e90ab89e5965cb55b7671c8c57dc05 |
| SHA256 | ed94b4091044e756fdddb7b0f32765b1039571562023a1b2aefadd1033e2b570 |
| SHA512 | 97e59c90dec02a700c3ed82d4d14d83718f2d9b35e9e6e26242dc8cbf9b01a45fe789ec5c5f12d88470b6c1da09eb716c094aa6ae6924aded78a2a71bd046658 |
/Users/run/Library/Safari/lock/details.plist
| MD5 | 521c586e9d1ad99b2c165ca98c5a7584 |
| SHA1 | be62b7779ef18447349e0e9236d2f9a3fe414dec |
| SHA256 | be5a7654f8978d02446ec079b592ec3e85b5c47c70d1d994c15e00d90020f96c |
| SHA512 | f7deb4c2928463dc840b517cd783d456776187e4a8ab3e98755765872dab98462897b17b7e1b5af174febf2c11b67274ba52b94564c87fa34647344e59d742a0 |
/Users/run/Library/Safari/Bookmarks.plist
| MD5 | 291105f91192709b54688b5a22e69695 |
| SHA1 | 8d65efbf91fc6e0836cff1e37e6d959144b8e214 |
| SHA256 | 63b64979d0388306ee87dbc5b42ed0a363e67d7b71f87c491ef583a7cc87d09c |
| SHA512 | ac2745041a6d91cbb703e164a6fe4f420a29bf36ff667b2c0ce2ba32e74023c8843efa047a7f784e14f65b0e0f46b95ef18723a4a61f9b0b5a0c34d09e9f53c5 |