Malware Analysis Report

2024-10-10 07:36

Sample ID 240615-vn982ssarq
Target af7d5280ce29a8e77d97d9003fe55fb2_JaffaCakes118
SHA256 ef8aaed1c045940a3ffb77151586b7af057a5445f7debb1e2b04225b2f9415ad
Tags
evasion persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ef8aaed1c045940a3ffb77151586b7af057a5445f7debb1e2b04225b2f9415ad

Threat Level: Shows suspicious behavior

The file af7d5280ce29a8e77d97d9003fe55fb2_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion persistence

Installer Packages

File Deletion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 17:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 17:09

Reported

2024-06-15 17:12

Platform

macos-20240611-en

Max time kernel

122s

Max time network

134s

Command Line

[sh -c sudo /bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"]

Signatures

Installer Packages

persistence
Description Indicator Process Target
N/A /tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/postinstall /Users/run/setup.pkg / / / N/A N/A

File Deletion

evasion

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/InstallerSandboxes/.PKInstallSandboxManager/10A341B6-0337-4729-A0E6-9963BAE7E235.activeSandbox/Root / N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd N/A N/A
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"]

/bin/bash

[sh -c sudo /bin/zsh -c "installer -pkg /Users/run/setup.pkg -target /"]

/usr/bin/sudo

[sudo /bin/zsh -c installer -pkg /Users/run/setup.pkg -target /]

/bin/zsh

[/bin/zsh -c installer -pkg /Users/run/setup.pkg -target /]

/usr/sbin/installer

[installer -pkg /Users/run/setup.pkg -target /]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.installd]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/install_monitor -t /private/var/run/installd.commit.pid]

/tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/preinstall

[/tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/preinstall /Users/run/setup.pkg / / /]

/usr/bin/sudo

[sudo killall Advanced Mac Cleaner]

/usr/bin/killall

[killall Advanced Mac Cleaner]

/bin/sleep

[sleep 1]

/usr/bin/sudo

[sudo rm -rf /Applications/Advanced Mac Cleaner.app]

/bin/rm

[rm -rf /Applications/Advanced Mac Cleaner.app]

/usr/bin/sudo

[sudo rm -rf /Library/Application Support/amc]

/bin/rm

[rm -rf /Library/Application Support/amc]

/usr/bin/sudo

[sudo rm -rf /Users/run/Library/Application Support/amc]

/bin/rm

[rm -rf /Users/run/Library/Application Support/amc]

/usr/bin/sudo

[sudo rm -rf /Users/run/Library/Advanced Mac Cleaner/msets.plist]

/bin/rm

[rm -rf /Users/run/Library/Advanced Mac Cleaner/msets.plist]

/usr/bin/sudo

[sudo rm -rf /Users/run/Library/Advanced Mac Cleaner/params.plist]

/bin/rm

[rm -rf /Users/run/Library/Advanced Mac Cleaner/params.plist]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/shove -f -s /Library/InstallerSandboxes/.PKInstallSandboxManager/10A341B6-0337-4729-A0E6-9963BAE7E235.activeSandbox/Root /]

/tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/postinstall

[/tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/postinstall /Users/run/setup.pkg / / /]

/usr/bin/sudo

[sudo mkdir -p /Users/run/Library/Application Support/Advanced Mac Cleaner]

/bin/mkdir

[mkdir -p /Users/run/Library/Application Support/Advanced Mac Cleaner]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :Disabled bool '0' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :Disabled bool '0' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :KeepAlive bool '1' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :KeepAlive bool '1' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :Label string 'com.pcv.hlpramcn' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :Label string 'com.pcv.hlpramcn' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :LimitLoadToSessionType string 'Aqua' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :LimitLoadToSessionType string 'Aqua' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :Program string '/Users/run/Library/Application Support/amc/helperamc.app/Contents/MacOS/helperamc' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :Program string '/Users/run/Library/Application Support/amc/helperamc.app/Contents/MacOS/helperamc' /Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :buynow string 'http://advancedmaccleaner.safecart.store/amc/price' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :buynow string 'http://advancedmaccleaner.safecart.store/amc/price' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :urlsFileUrl string 'http://cdn2121.advancedmaccleaner.com/amc/prefs/appurls.plist' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :urlsFileUrl string 'http://cdn2121.advancedmaccleaner.com/amc/prefs/appurls.plist' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :afterinstall string 'http://www.advancedmaccleaner.com/amc/afterinstall.asp' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :afterinstall string 'http://www.advancedmaccleaner.com/amc/afterinstall.asp' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :uninstall string 'http://www.advancedmaccleaner.com/amc/afteruninstall.asp' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :uninstall string 'http://www.advancedmaccleaner.com/amc/afteruninstall.asp' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :afterexpire string 'http://advancedmaccleaner.safecart.store/amc/renewal' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :afterexpire string 'http://advancedmaccleaner.safecart.store/amc/renewal' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :trackscan string 'http://www.advancedmaccleaner.com/trackscan/' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :trackscan string 'http://www.advancedmaccleaner.com/trackscan/' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :allowedCC string 'us,uk,au,de,fr,ja,es,pt-br,fi,it,no,ru,da,nl,sv' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :allowedCC string 'us,uk,au,de,fr,ja,es,pt-br,fi,it,no,ru,da,nl,sv' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :showPhone string '1' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.bird]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :showPhone string '1' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :urlgetip string 'http://advancedmaccleaner.com/getIpAddress.asp' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :urlgetip string 'http://advancedmaccleaner.com/getIpAddress.asp' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :urlruntimefile string 'http://trkr.advancedmaccleaner.com/ipfiles' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :urlruntimefile string 'http://trkr.advancedmaccleaner.com/ipfiles' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :runtimerequired string '1' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :runtimerequired string '1' /Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :utm_source string 'mclkibm' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :utm_source string 'mclkibm' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :utm_campaign string 'mclkibm' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :utm_campaign string 'mclkibm' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :utm_medium string 'mclkibm' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird

[/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :utm_medium string 'mclkibm' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :utm_content string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :utm_content string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :affiliateid string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :affiliateid string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :x-at string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :x-at string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :utm_term string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :utm_term string '' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :pxl string 'MCL874_MCL857_RUNT' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2E18A62F/OneDrive.app]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :pxl string 'MCL874_MCL857_RUNT' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :lpid string '0' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :lpid string '0' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo /usr/libexec/PlistBuddy -c Add :btnid string '0' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/libexec/PlistBuddy

[/usr/libexec/PlistBuddy -c Add :btnid string '0' /Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist]

/usr/bin/sudo

[sudo open /Applications/Advanced Mac Cleaner.app --args -af_ins -fire_ai]

/usr/bin/open

[open /Applications/Advanced Mac Cleaner.app --args -af_ins -fire_ai]

/usr/libexec/xpcproxy

[xpcproxy com.techyutils.cleaner.2304]

/Applications/Advanced Mac Cleaner.app/Contents/MacOS/Advanced Mac Cleaner

[/Applications/Advanced Mac Cleaner.app/Contents/MacOS/Advanced Mac Cleaner -af_ins -fire_ai]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportCrash]

/System/Library/CoreServices/ReportCrash

[/System/Library/CoreServices/ReportCrash agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.xpc.launchd.oneshot.0x10000001.Problem Reporter]

/System/Library/CoreServices/Problem Reporter.app/Contents/MacOS/Problem Reporter

[/System/Library/CoreServices/Problem Reporter.app/Contents/MacOS/Problem Reporter -psn_0_163880]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.6:443 tcp
US 8.8.8.8:53 bag-cdn.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 104.77.118.129:443 tcp
GB 17.253.77.202:80 valid.apple.com tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 2.21.189.171:443 help.apple.com tcp
GB 2.21.189.171:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/private/var/run/installd.commit.pid

MD5 1bb91f73e9d31ea2830a5e73ce3ed328
SHA1 9d6ad3cc125c3c4d07b17f6aac6ff9ebf9a338c8
SHA256 dd8e8c8c9dae8978f122d7bcf3d0d49f6a0e86b9fc35528f55e78f7408927bb1
SHA512 2570d9315c878c26607216dd43925eea48f9909eac7b7ca6d01ed6f393da4bee023858315ed6be2ca07dc763b99da4abb44524f0106f9e39ce15559104f5382e

/tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/preinstall

MD5 cd9b48ef81256a964b8f59bf0848283f
SHA1 1b2348281249bd202b41a8d27547e0567f6db782
SHA256 27125201f918d5c6ba017acf585967f5da2820430d71ffc61af063fa2e67c39b
SHA512 761d0a4cefa17e43a5e54208a75eb87d2c0be9bf60101f36f2c0951a91a00c4dc931feb7b3ffb65314c7b82932d0001831d20fd38ba02fb9b27ac06a7fdd065b

/tmp/PKInstallSandbox.Y3qo6z/Scripts/com.pcvark.advancedMacCleaner.Root.pkg.MVqKBn/postinstall

MD5 38d4f310e9d388c3e139646988dc1985
SHA1 358042308acc17de4891680eb8f8d7e00613aaae
SHA256 8944a12a2d09570e58e62fb31e4e6377ad1802de31f641b1d628de301dbb1cf8
SHA512 b40f36a341508f8caf26e634fd60413d73f06aa25f162af43da1bd9ab49da3ce9a37ae04781134066f9f93a4f34d88d6ecd97ddfaee5d9723c06ef5944f11522

/Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist

MD5 f12494347f18900ea8e2d2d9acae1216
SHA1 222ea6460d84115f186e831063a3b9b32b304ddf
SHA256 1922a2fa60046e0d03c979b9dd637ceb8f8ae5055d9471a0f8977e67eb18ded7
SHA512 e3eb38b378d1a139c96411a10479b6ef82ed07a75886bb844eed9c6bffcb733f114754f909a9e4595d93b20b685df562b9a581f0b498acddeda3201492cbd866

/Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist

MD5 85aa1670e170dc96084805cc58044f95
SHA1 792bf1bbc8e483de10326cad99a869535cd0f7bb
SHA256 ed02a3cb0bdfef9d6e122036a49981fb74c1e8c8d7c9c9a53957b517d67c179a
SHA512 f3c1fe70ef3fe25c56484ee919894913f879df359f4d4b36d20b29ddae40de8abd72df1f45329a98e47bfad3aa27aeab2896fabc0c59f15d7c51c93e55a40f34

/Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist

MD5 c9c66501a0578b81f4a92878490e3004
SHA1 6e04a70037c0c4f9750c91c3418f322d1c3bfffc
SHA256 ca9d3411b463a196f3de5eff3b140224d32cc9b00f3cd725628e0d4dfc7c0aa7
SHA512 4eed26e240094cef547a14dc2d0f3690cbbf66b3b14e8ba69745b249ec49f4cf5f0979688a56dfae34d8fb37fb1f9261593c859303e464bfee2ed57da39b9650

/Users/run/Library/LaunchAgents/com.pcv.hlpramcn.plist

MD5 98535aa524096dc2e3708c2079c4ceb9
SHA1 72db15b3f8125d27c88ebddae04380e93e785670
SHA256 a86702f891958b9afaeb4208c324266526d7afb92e140304dabd62dcf6d0e3ab
SHA512 2b1656c6c3b1af8ccd4924dbdc9412528139295377942b357cc0818b6346a6ba746b90fb9e42612435870794e58f2adddb02f1c00960900c0c3773c20c5c26ef

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 a8f9bc5e4c0c86198617f4be4e5ce5de
SHA1 fe2e04a39712d3e23aa54c672350ecab8af6df38
SHA256 ecf2e9c05149568b33f2583b1acfa461bdde5513a248d9a6fdafc4a14c21f73e
SHA512 bac9e995353f07134910cac29879fc4902e7b28f59793f677373428e40fae8675c4be523052bd17c279679ea30fd4debc9ba23658315bb2540606577ae8a56af

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 81be8390addb493b1f3274e635e917e2
SHA1 a30869bb3c867502b95a1df488466d38bbf36763
SHA256 ac33dff0f0cfa9f943f30e082dfa2c399245699ebae697cb7a03373ff421af11
SHA512 d809ca82f74f6133da7ca9795db6a9c4587687f711a1559612b1aff1cd601ab5ef92c7fb58aa2b08c66bf955a3e8dfa3c75100ae09d8c88d37859ecb76cb0036

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 d44f106586ab553a692e5bf5ffe0aec7
SHA1 eeff7a0dd19d08dff6c3568ec4733392dd4196d7
SHA256 d69fca2b7da745f317bc482a80dba39dd60f2a70c3145dfcec7bdbdd867189d5
SHA512 34913e3e6327b7ac47c17848ce46acc02d2d6b9195c7f91ffd45c214c56428db3ca1db0158c4079ab2d24286f80c7d614e1b87db0b2c77fce61ed295a5036256

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 acb00bd85f7ec052ddff30c5eb150c83
SHA1 0ad52b90ce7d8af4a8d0d15ddc677badd4e21087
SHA256 6c5467b45f0c821fe7c2e8715eaade371ffda1662de109f3b3e2ac8b13437140
SHA512 f0a7a347fc3c4fa9f3d1b1ddf050357cae41b6f95c846d5a09fadb9c842396a3ab7b4caea7a8dbe23712b1ddf17884d2208bd430604149ccb8543566530f8a33

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 9ea668045068cddc8780d928f0bacca9
SHA1 77d4deb0eab8dc6e860f69c6e98910f154f5b458
SHA256 bf8a0a0f2c1c2c5c03b199d6aa642c070f0c31367fd23cf3431ea0e4d753c0b7
SHA512 23d7e9b3f0050066a610f5ad2bb9becbddaea069595ab21a2995cceb9f3375be169401ea86ce7ff11325d98c7dd9175c2e2163689ca032f27b547a34dd7a0d88

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 d861af7d1b5f4a5833787c5648e2d4e9
SHA1 ae32513e65cfcbe51ddc6425b7b00d2894207ba0
SHA256 698693279fbaea687250dbb7b7745959f9c01368b352e8e27273f9d66af54ac0
SHA512 6d0f04c1c672810784717cac0d7dd2bf3c8eb4ca132588243b2b29859f252e413168268bad2921a071b88f0c33b1b003102e6bef3a63db62a0580d24663f0849

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 93cafd1e2efe8a2ba38e874928ee6fa2
SHA1 4c7b92bb57afe1b301a7549c3b8ebd92c39b4d24
SHA256 e07ac1c252817ba801dde27c05f4d49648f6273c4b720154c10c08bba9bf152a
SHA512 6599b3fbc67ece4d910b7a4710bb00f7500b12dc5608f528171740221fd0b9c50e2a866235137bd950360ea4e1c2e9c786e92baed9689187c3027d9b3c83427a

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 3c1c68148b1e470652d731ce5d184821
SHA1 9346a491941b7a673033294c7684040d8491d7d7
SHA256 c39124f9c4e8738f1067df1b039d52e319bdca9596be6926a66a910ddec86a9f
SHA512 625c08f692c2b4247fa78a2a1b23d542afd704b2707c0b348e725fc17bb7b2df989135488e5192b56c53dd8e64278c02f0b330ff4850d1416d9ce8660fed330e

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 d8fba0896ead5c339a8ed3da6b5a30ca
SHA1 e7bde31866a0c341a55fba291bcba2b89e41b92f
SHA256 7f8165dceaf280c28b145418c946be79d3aee6e39ad6b72137c5ddc5441514e0
SHA512 6cbfa0fbbc13f8f93d01e6fa0ccd9bcaba68e8f9d0171025e99094dad7a7b44383f594ed6ede95e83d0ca8e32c0aabd7541359b025f0e31134e525ad4448db41

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Application Support/Advanced Mac Cleaner/settings.plist

MD5 08b4580388a353c340d38cde850bbd6c
SHA1 c51f0e4c0f90dd330c840ea3fa35c88445658e84
SHA256 98b959d843a59ecdfa83f7bc58cfa9b7fb5b1f509a156a8f4874eeeeb4494741
SHA512 b9d1e9d3057929d5d4cdaa110e2256de6edbb5bb305827b06ade8e2fa522af6e050c6f61ed1f9e3ebd84cf2db261cc0e3b2b0f10e877b4dc2bc27480288fba5b

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 5c908ed1b976c241d32f7f129a61f5a0
SHA1 4017cdd82400aa9327642aec0f02c5521563fe19
SHA256 15b4dde54cdafd9f49c7def3910c0d33941e4afef12ea88fcaa82e466e2dcbc7
SHA512 3d3026c37e019ba7f6372825e7e73365ab9d582fb9f58df441017df74450a7999e55ea9ea0e5c5ad335e69372fce783b3b96914db39be8704a38d732a084b608

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 8b08547d261c74926b3f3759bbae1f49
SHA1 d03a8fec1cfaa3bad8f4e4e8d884bc0c722db17a
SHA256 1cb19b98da0c35e1fd97b5175a6125296b7aefcfc3fc08b93bb3c269dfff5164
SHA512 363e7f0c97d4546736e22364222e72373b485f3c3d4c12af22b06213e1270fc5d161b0d342026a6a254ae55c675e9025a4b7a7b728204d6f1cd8a208e445837c

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 39035b07e777652557671c282053bf86
SHA1 26fd118e82156aa9108d4251d31ecff286b82528
SHA256 5d1908948ab1200f7c3180bb1edbef3e136269bff640593e903bc83710ed1675
SHA512 c55cef2211df5c2738a54a13682f37287de772aef671e89aec751929284529deb01a02be6e9bc0872e5ec35c2099dc3f79b8813627c3c7b43dfc96e8062cdef7

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 fa35525385f30ee4be5ffd4061060f2c
SHA1 8fb3846e9e261c9ddc9251407127a8b2d06dc2d8
SHA256 04ad9a1d2e992a0ad0a4d35b5a4cba0a1c7e141c8a754985a7097e493e3a5585
SHA512 5108c8f3e1df473222ecbb9699931ca0a8f3eaa6fd02ba2d3199249952426acc5b0eeb6bd6d99c7e35bc9add4ff3c7139b94f2cf132add1ec988e35e783a304f

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 315466df72faaa7fae455bfbd0737e05
SHA1 445594ffa69ede13fc02c06085f090d34c52897d
SHA256 382faea470e8567ed99a20149a1fdbfaaa94a446595697e7f11b4e04c9cd1db9
SHA512 134b8dc28994a8f2d9484df0d273ee4947623e3d8272a7b0d324dbfc7ba959d467974b71209f5a635309fe792ef48804911f4a091f96f8622b835388e1d19434

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 51994b1cbefa511b23b65ef71e0e3e3e
SHA1 d3ec2decade1c1f4ffbf27af854e6dbf848760c7
SHA256 5c577f133b84c8281b5b5a51094398ba68ff13be3f43b59dfc48cc47247a5ce2
SHA512 a38dbb54f6645813dcfcc00cc6bb1362438fb0e466bc587e27ca7b66e3c57d9068dfd7d9ee7ac436efe254ddf6e51b2d17659c84b1feecfa3c0af9b2add9b3a7

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 3aeec3cfc35cc8fb42030786fc36181a
SHA1 7242088274b54e70da671792ec06ce3365a370c8
SHA256 801ae3a0890b15198d3b0f67c84d116dde1c57f241bad2508be560d709f93f46
SHA512 5d0c541776caf87d89462aa52568726d133c10965ff904273ffbec86446fa157fe653f2cf68e12454d9c86ba3b949ca32a3fbee51e01605460c4ecaffc859399

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 49782efe1b581005f2883874d0dad980
SHA1 a4598cb83292556fd4a3381ecb035814fd5479d9
SHA256 b671552029216b70afec7ddc7ce58af6123ca55dd29e093547e67136c134963a
SHA512 ae024ccbe835900891ed3de4939b32bcc692bdfe06dc718a4f470837429207181917e5c61a9d9fe6eca7e771d4ce9813dd41fbff4bf26061be0caf4bf14c8df1

/Users/run/Library/Application Support/Advanced Mac Cleaner/params.plist

MD5 7c76bd66af515b7b6fd41218befe4c78
SHA1 6ca29bb47629e29885d5f6f6a1f0126366f08588
SHA256 2a3af68fb7a2cc70cfc309748417aaa315d2cb0a53486a5b1fea6555e5f62063
SHA512 eb6557954e74ec9663cde20ee744e3783c99c7d4a26aa8f361a9d5bcc65c49c82e60fa15787236ccbcd75a7d0d592cbad1534ffd58ba94880cc0c7b3acacfa5a

/Applications/Advanced Mac Cleaner.app/Contents/Info.plist

MD5 bae7dc2c382b52daeb0763128644abfd
SHA1 517a6c99e77e3b59de2db60c84591387ec931c28
SHA256 ab636985d2b0d007cfbc383ce99b43aba5bbc7872dc2a56d2a46abc4315bec30
SHA512 78616eeaa810a8873dde92b4b78c27fcbc9bf15e3ce0d10a0180e19fb1ea95a3773facd97773ccc9e86611c670026c4cdd202214d95b2463ebe3920a7bbcad63

/Applications/Advanced Mac Cleaner.app/Contents/MacOS/Advanced Mac Cleaner

MD5 a7ca1ad096729e89a618cbf7afac8bc0
SHA1 cef9676f56d16ee422dcde60ddcbd07ff8828420
SHA256 0ed883d533f8356c2b1f9e1dfe98cd3212a75139daf1a2e679418780f58cc16e
SHA512 ec63ea4feebb6c2e8cd2c00796e42728960e4c356a7b7cd698bed40cd16fa298ca1cc84db445442f1c1efae315af80f3ea0c889c71e3e507681cd06f3b0b129c

/Users/run/Library/Keychains/metadata.keychain-db

MD5 14dd69c7307554854fa743d1cf32a003
SHA1 cad88195bd23f802d349fc246c9872ba4f71e8de
SHA256 80e6d7939f56a14255cefba14cd8fc679d3701b14c4aaecf0b052eb850ccadb0
SHA512 fe1ec6c7658285891c0229e76ce1158e4861d0c36343e8bb3fa1af3c3aae2239ac34f1b502bf315290495e028850ac7258de36d1fd3c5ef56ccdb8c0e78685bd

/Users/run/Library/Keychains/metadata.keychain-db

MD5 b6cf0252e5ba31860fa2d9e3120a3986
SHA1 5dc9ef33562801c9fe61888fc865d6c491de0e04
SHA256 a5ea9bc3b9aa63b0e6bba12efab3cce1927c385820c22ea4ed750e16f2b4ba13
SHA512 7fd6ed4221d0d0b51cf8be567f72314929fc17c235d74cfbc77cf724d3e73da88b97aa4e884181dd9965eb339e8c8dea4400480534a6480e25e1b98a117c631a

/Users/run/Library/Logs/DiagnosticReports/Advanced Mac Cleaner_2024-06-15-170930_tests-iMac.crash

MD5 80ea17096bb83cf1689276c3e29670b7
SHA1 5803460b41ca5a5d9b5aa4a72f9ee0b7257a3f82
SHA256 e55ca80e7e612372558ade15ba0a4d924e08d4c1bfda45b6faefaf063f074628
SHA512 d4b2af337196ece18b85bcf4becacaede0ffde3fe1dc652a9899e61dbc92dba97e21ef0603ad93309c5aa7d8583e5687714e3dc90e750b0ac2e3e7fc85178e93

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 50e07abef86d4a0776feb952d0800e34
SHA1 91d17a599f6e1af6c64993ab85afcf20d70344e1
SHA256 5d9aedaa776f07c835e19b00483f7b0e5e31ffb5b0b3ca95b2a4b120f06e487a
SHA512 1492d435dac4bc5ab3395c8453a56e240b9d33a73eaa8040bfa8b542ab94432c6b1f41f9858020c693b936173edd44474537640acff344ac38a660eef1a3b8d8

/Users/run/Library/Logs/DiagnosticReports/mdwrite_2024-06-15-171003_tests-iMac.crash

MD5 82ad9c1d1b5a24213ba08a1df877da54
SHA1 a9c0525c29602808d37419c992f6e1b8664a8ef3
SHA256 17269a7ef325d71130773790ff5bcf68d2feb44e45e96ee0a5666b76eb8b7bdd
SHA512 955a5414b1c0056ef1b681a7cddbb155c46e3dd17e0f0131588eee83e3669c1513c68134186b35801fc5f59a491cd9ece226f35fb0df3884b399eb0b7170aa5d

/Users/run/Library/Application Support/CrashReporter/mdwrite_79C87F0E-9227-5AAD-AA91-25F794E1F52E.plist

MD5 72c10804a8f96fcb26d7f91037bbd81e
SHA1 5438b8df4339d5b55673916254278fc773e6f895
SHA256 b181e5aa48aa032113ff75f54c52303982c3322b7631451afc80b8a9f84fb905
SHA512 b4f62af91b9d54c2f7f97128a81c431f01e6e93b146b9fb8c28c0400702dd041e865398d765e31858cc4520a66dbf58d3de497bcae30ae160bf1d89972b35016