Analysis Overview
SHA256
57e74a1e6d3ebd1b02327e964e42991c82a8a14baddffaa5fdd4113502f40f3d
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 06:31
Reported
2024-06-09 06:34
Platform
macos-20240410-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/sample.html]
/bin/zsh
[/bin/zsh -c /Users/run/sample.html]
/Users/run/sample.html
[/Users/run/sample.html]
/bin/sh
[sh /Users/run/sample.html]
/bin/bash
[sh /Users/run/sample.html]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]
/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.179A19D9-38DB-4A8D-AD38-3C7036237471 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.1E604758-0F5E-4D52-9A26-17AC9DD94FC5 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.BrowserDataImportingService 677]
/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.BrowserDataImportingService.xpc/Contents/MacOS/com.apple.Safari.BrowserDataImportingService
[/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.BrowserDataImportingService.xpc/Contents/MacOS/com.apple.Safari.BrowserDataImportingService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SafeBrowsing.Service]
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SearchHelper 677]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.CD8434F7-0753-48E6-AF5E-DC3BDAEB375D 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mediaremoted]
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.B4CFEB85-0951-470B-8467-B0E0582CA034 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.CB8F802B-A960-4ACB-A01E-C83D3B3DA0B3 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.03E6F476-1864-40B9-B1D6-CD1E2454BD4B 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.C69C61DD-5CFA-470B-AC53-C5440989A2ED 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.107328FA-CFDE-4BCA-A814-3A29466B05F7 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.0E27812E-D59D-4B0D-8A2A-72D197BF6ACE 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.speech.speechsynthesisd]
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.EE02AE57-5B03-41A1-B04D-79E4700E7798 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.passd]
/System/Library/PrivateFrameworks/PassKitCore.framework/passd
[/System/Library/PrivateFrameworks/PassKitCore.framework/passd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]
/usr/libexec/nfcd
[/usr/libexec/nfcd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.SandboxHelper 730]
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
[/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.adid]
/System/Library/PrivateFrameworks/CoreADI.framework/adid
[/System/Library/PrivateFrameworks/CoreADI.framework/adid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.FC6EE50F-2FD0-4C0E-8896-312DDDFF6484 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.0399FDEB-76E4-4DB8-8C8E-4905A1A08512 677]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.accessibility.mediaaccessibilityd]
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mobile.keybagd]
/usr/libexec/keybagd
[/usr/libexec/keybagd -t 15]
Network
| Country | Destination | Domain | Proto |
| AU | 40.79.173.41:443 | tcp | |
| DE | 17.253.79.202:80 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| IE | 20.50.80.210:443 | tcp | |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 23.200.147.27:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| NL | 72.246.172.153:443 | tcp | |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | api-glb-aeuw3b.smoot.apple.com | udp |
| GB | 23.200.147.27:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | www.weather.com | udp |
| BE | 104.68.79.85:443 | www.weather.com | tcp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| FR | 172.217.20.202:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | weather.com | udp |
| US | 8.8.8.8:53 | eum.instana.io | udp |
| US | 8.8.8.8:53 | cdn.privacy-mgmt.com | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | s.w-x.co | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | websdk.appsflyer.com | udp |
| US | 104.16.204.22:443 | eum.instana.io | tcp |
| US | 8.8.8.8:53 | effulgenttempest.com | udp |
| US | 8.8.8.8:53 | cdn.polyfill.io | udp |
| US | 151.101.2.133:443 | s.w-x.co | tcp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| GB | 2.21.189.25:443 | assets.adobedtm.com | tcp |
| FR | 52.222.201.82:443 | cdn.privacy-mgmt.com | tcp |
| US | 2.17.251.6:443 | websdk.appsflyer.com | tcp |
| US | 104.18.24.111:443 | effulgenttempest.com | tcp |
| US | 104.18.53.44:443 | cdn.polyfill.io | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| FR | 18.164.52.35:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | api.weather.com | udp |
| GB | 23.200.147.40:443 | api.weather.com | tcp |
| US | 8.8.8.8:53 | edge.adobedc.net | udp |
| IE | 66.235.152.221:443 | edge.adobedc.net | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
| FR | 52.222.201.82:443 | cdn.privacy-mgmt.com | tcp |
| US | 104.18.24.111:443 | effulgenttempest.com | tcp |
| US | 8.8.8.8:53 | eum-orange-saas.instana.io | udp |
| US | 34.120.4.21:443 | eum-orange-saas.instana.io | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| FR | 216.58.213.78:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.75.238:443 | www.youtube.com | tcp |
| FR | 216.58.213.78:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.213.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | itunes.apple.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| FR | 216.58.213.78:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | cdn2.smoot.apple.com | udp |
| US | 8.8.8.8:53 | cdn.smoot.apple.com | udp |
| GB | 17.253.77.202:443 | cdn2.smoot.apple.com | tcp |
| GB | 17.253.77.202:443 | cdn2.smoot.apple.com | tcp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.29.214:443 | gsp-ssl.ls.apple.com | tcp |
| FR | 216.58.213.78:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| DE | 216.58.206.35:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| GB | 104.82.128.95:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | five-nights-at-freddys.en.uptodown.com | udp |
| US | 151.101.3.52:443 | five-nights-at-freddys.en.uptodown.com | tcp |
| US | 8.8.8.8:53 | stc.utdstc.com | udp |
| US | 8.8.8.8:53 | geo.cookie-script.com | udp |
| US | 8.8.8.8:53 | scripts.ssm.codes | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 151.101.3.52:443 | stc.utdstc.com | tcp |
| US | 151.101.3.52:443 | stc.utdstc.com | tcp |
| US | 8.8.8.8:53 | img.utdstc.com | udp |
| NL | 188.226.136.4:443 | geo.cookie-script.com | tcp |
| US | 104.26.4.120:443 | scripts.ssm.codes | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 151.101.3.52:443 | img.utdstc.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ssm.codes | udp |
| US | 104.26.5.120:443 | ssm.codes | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| FR | 142.250.178.130:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | consent.cookie-script.com | udp |
| US | 8.8.8.8:53 | cdn.cookie-script.com | udp |
| DE | 116.203.90.127:443 | consent.cookie-script.com | tcp |
| NL | 146.185.171.19:443 | cdn.cookie-script.com | tcp |
| NL | 146.185.171.19:443 | cdn.cookie-script.com | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| FR | 18.155.129.34:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | a71e0c5233c14b93b48165cb2d4dbf8f.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 216.58.214.161:443 | a71e0c5233c14b93b48165cb2d4dbf8f.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | c.ltmsphrcl.net | udp |
| IE | 52.213.38.247:443 | c.ltmsphrcl.net | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | an1.com | udp |
| GB | 151.236.221.139:443 | an1.com | tcp |
| GB | 151.236.221.139:443 | an1.com | tcp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 151.236.221.139:443 | an1.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| BG | 172.217.17.131:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | smp-device-content.apple.com | udp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 151.236.221.139:443 | an1.com | tcp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| GB | 74.125.105.38:443 | rr1---sn-aigl6nsd.googlevideo.com | tcp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| DE | 17.253.73.201:443 | smp-device-content.apple.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
| MD5 | ae68d70ed4da88e10fecef045ebba025 |
| SHA1 | 0ba35d4da4e3ab79d3111db9d9d9d32cd6a5926a |
| SHA256 | 620cb40a432307e65440a5626af14155b8f3fbc88ca2ab0a2d8c01829712aeaa |
| SHA512 | ae54ddf2e5d7686e76a4ec206b69e62aefe7c5c8e459c90ce8e070f818d2bb6638898d82d8ad54b6ba611607fa6c55999c829788bc01e9ed20a444735ef54234 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
| MD5 | 8a9a5ae6d9492faf8682e2449629f4ef |
| SHA1 | 8c02dfe121a583365d372031bfdac3d3c32abfd0 |
| SHA256 | c4da0149070e53945bc869ad895de789b9ec663bca8eb82c7fb0cce3cd6489f4 |
| SHA512 | ff3cebd602848f05f2175b7530bdff78495afbdd2ade2c17d5f4f838c0793b907800e9d8c42a2c5cf5a70e97a3083539327a9119bcf24ecd7a564a488c4d6014 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
| MD5 | 47b428764bb661c3fca264da54224f8e |
| SHA1 | 2232372be2952dfdec15daad69bc4245bf8cb299 |
| SHA256 | 3271d99bbae2a7b89aab3d7456336cd662d942cd947a9bc66e21e4ad1ce80a7b |
| SHA512 | 57cfacd7904b7b5aca8cf11dcd1e4b5f06772a8137c11b680fa2ac9313e92e412941a98900bb948b107db4f31ada12ced32147dae3bad2d3cf428dde677c3e6b |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 90d8ac6b9328f8e785b3f68dbffb86a6 |
| SHA1 | 919a0ab0896a4078f90e1aed665851661aac9018 |
| SHA256 | 37e1e9d0fd2756cbbd9c88881fc4772b2dc5c3c29569a76ff78aecc6abce13fc |
| SHA512 | 88189d7c591d02e0a5339e4ed52b90f3c46abc9249b726e0e840bc93631a8a1df6aeb49566e54553ab20e52a7a5e63582562342f45379f0ed38d9192d35f7a37 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 5419e383deaf9fc8f15539f4050ac2ee |
| SHA1 | 148d3d075f38bca7468fff7c7f7166d6b5e82141 |
| SHA256 | 391ce0124439a9d42f0067ecb4f48cb1a2d6210259ec37faac71f7894fa7bbf4 |
| SHA512 | 318977018bd74810ee8cebff7ac91950ff1156bcdc01b44568dc1dfab43127aa8e6571463c01d962b18e76341a55d72455ae96169c8f5d35fdc5a8500ef51121 |
/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | f8064febf9e82937a539ffd38687e034 |
| SHA1 | 897196cce331c30ac601972fac808cbb44c98bdd |
| SHA256 | 5cd0e7cec68c4a8bd8e25ccbe764cb80e2fe4c107cf39239b5142863a4d38cf1 |
| SHA512 | fcad821f31bf56d8869c0a70e0b3979c27a4a224facb8ae1265f2119811b2eb52db4e8f1db357e3facb9848a1da43812660448525348b82d3bff7e6aabe5cce3 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 7f6c91b2ded54ea24c79f64329c1b3cb |
| SHA1 | 6f4cb244a3740418d219e57e0894c2b05c2ae625 |
| SHA256 | 7f8e521de06303cd93b0c62306b08dccbdbb3e2526e9808954276f988618f8a1 |
| SHA512 | fc6197633b075af77af4f43344e4731cee5e3c438ad7b63e288b34b2d4ee5dc04541396f0115e07dcbf0168dd426de7a803fe57765bef3f8807c8b51d1abc66a |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 6cecdf218fcca9e10a31935dfa74b463 |
| SHA1 | d612ac8cf25972b8093ffa1bd8f2b0224f9e903d |
| SHA256 | 164904327ca98514fb4e2a89fd777d343b68d77634a729ceb051c3b86d05e259 |
| SHA512 | 216081802432330012552214ee52e36e37b72a482f6525d7776720d5e4ce7981be0423c3c2d62f6a1f6c792a6dbdc8a56685c57aacd32ea078a78b6154a9f4c7 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 6b427dafb427954821424cfbd41c7dfa |
| SHA1 | 69ffc73306bafbd51c5585f581a34b95dc80ca92 |
| SHA256 | 34ff89e61e5065bce6823b31052a471107aa444654ef88c219cc6c2100664826 |
| SHA512 | 38b2d9b80833a748075b14c8974b56b9191dea050537f2833168984b2a91a377ca1effa2aeb7e997db9c32047fa3c251fa2b7a6aa10f099a4856bbdeb9497e18 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 0af0dae8766d22b0fbe150fde82b8936 |
| SHA1 | 3552553bf28288d6edf6960318da725dca8a94e3 |
| SHA256 | c4260e6258a904df55a7e512d34a477ae72dcafe26d797872defb5099f21a25b |
| SHA512 | 9e248a0c0a85ed3b1edc336878ddc8fd5f8db5badabf1d25919fd3676e1c51cd8b4a4d609338136aff0c6be20756382ea163263daea8c546622bde12efb2c122 |
/Users/run/Library/Safari/Favicon Cache/favicons/CEA76C7EF20609530017BF6A9F8BF63D
| MD5 | da7a1df6ee52206a3081b47f7573a57b |
| SHA1 | 9e57ccce7c65223c8feedfd8aececcc370c55dc2 |
| SHA256 | d314b563e804ccb3dec12378aa8da7eb14e2abdf2b04f68afbc62e91e0a41a20 |
| SHA512 | c750ee35ba2fde010d7df39c65c3639eab3c73fe61e27381f71620c43d7af90b51bc1f046ec45d92089c604a96c369c68ee8e8b63673141e8266f9e2095bd86a |
/Users/run/Library/Caches/PassKit/cache.plist
| MD5 | 983afa02ac9bd03474cbd0754dfec41e |
| SHA1 | 696bf72962cb4a3f8872e4cca621f08657986dcb |
| SHA256 | 6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8 |
| SHA512 | 398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116 |
/Users/run/Library/Passes/PaymentWebServiceContext.archive
| MD5 | 05003dc983550d75c3b8f27ca6ce1bb0 |
| SHA1 | ebfab702dc47e11220d26255a5891b9a33dda763 |
| SHA256 | 6c5e2d8a041b98af5d280475b2eb28b1b3a416f311cfe2ede32f3dd11306bfe7 |
| SHA512 | f12a605ce57a7b1abad25782e195db5d1b978244564e6c18b387ff5712f6e11e3495835de4625f516367cc0ec6c9c49f59e4d0bc89915986baa1124c6c28204c |
/Users/run/Library/Passes/PeerPaymentWebServiceContext.archive
| MD5 | ab50775ad486c07ab82d4a4ab5025246 |
| SHA1 | 5a4ab6e968e47b8195a8bd615bcb8943539bbb0c |
| SHA256 | fab7f9fbd09f5e14cdbf5b0f6bd33dea99cd0fd9e51203c69875289ffce6e0e6 |
| SHA512 | f377b0292e44270975f6d91924f481170ee68cc39a405f697946b0dff2c8ac19883c338a51043064a4de6278ae779b0b9af06b1b791b546c3d338afb04193886 |
/Users/run/Library/Passes/ScheduledActivities.archive
| MD5 | 000d11f0a896f9c0d559f8f8e273c229 |
| SHA1 | f0a8f34d20730160ab94c3439f1fe07169b94b5c |
| SHA256 | a7c40bcdfd688a3c37705191aa7d9a21e9b860ead4d429f98835cd97796f74d6 |
| SHA512 | 6185a4324a0746ed7b10b9f6ed0c8bcf062d528d30bfdc16435baaed75588392b17cb14aa1db5c87ffeb2999953c76232605f47eba73c598dcd76e795b7f724d |
/Users/run/Library/Passes/WebServiceTasks_v6.archive
| MD5 | 09dfdae412e2ce9c6666f52f76002c1a |
| SHA1 | d175b94d9dbbc3980c77cbd1da8fa7b853cf0783 |
| SHA256 | c620ab626d4350382bd8d7c999e0f3f765e7414a02264987cc38aa428ea03260 |
| SHA512 | 54bfe4cf51f958dcec06b6bf81df0000d8b4cf464d7c1eadb22450fd0f86d42558f68acfc5e6806557cb1c76b2cd9b1c310c7c1e6fcbef018579e5789e183969 |
/Users/run/Library/Passes/PaymentWebServiceContext.archive
| MD5 | 4f188931c6dc6c46e1a9c610804a0a0a |
| SHA1 | 55e897b5c4d13e80d57a841b9dbebb68e819b836 |
| SHA256 | bfb3974673246eefef4cb1384dbde291a0cb43bdc2b24167c8bb96154153cd63 |
| SHA512 | cdbb8a0094e6bd8eb7a0e9f5d04eb06e9a780933c920c2ff2ca93277fb2b5d4405691dcdb29e26c9a730f477179a23f33f81e1b9578b04d5e19e9d0a1052a797 |
/Users/run/Library/Safari/Favicon Cache/favicons/A2F874884E1C9D0FEE70223647FFD4CF
| MD5 | bedbd00df1000efc830d8bcfaf351879 |
| SHA1 | 16d4bc230e815a65e7737d7e93c2b343a910e7bd |
| SHA256 | 83d60a1723ac2897ac00910a764fb1c50c28e3cfd338229b5cf4e9affa56b04c |
| SHA512 | e8ce944447d87c54ac41b96dda95734fc5cca2be53032e5f639d2d84c73bde71bae0e33c7244fa1b5db7de320e4865ba7ab01a152289c3d3b30e31b8f273203c |
/Users/run/Library/Passes/ScheduledActivities.archive
| MD5 | ebc5525e880eb4f577b7b40005cf9ae8 |
| SHA1 | a647b9583b33da9ab26a6a10ad24cc997629253d |
| SHA256 | 3cf664687786ebdc7e489a611069d552fe039a8f482948225ef382b53f1f9c28 |
| SHA512 | 6274d16b1371ad79f6f44a2f29839c117cc746983953500d33e82a28e030df43108b71600a275e4c31fb9fabe3d6c490b495e5a85eab360dd897f99afa201304 |