Malware Analysis Report

2024-10-16 06:34

Sample ID 240609-hajgyseh5v
Target sample
SHA256 57e74a1e6d3ebd1b02327e964e42991c82a8a14baddffaa5fdd4113502f40f3d
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

57e74a1e6d3ebd1b02327e964e42991c82a8a14baddffaa5fdd4113502f40f3d

Threat Level: Likely benign

The file sample was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 06:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 06:31

Reported

2024-06-09 06:34

Platform

macos-20240410-en

Max time kernel

149s

Max time network

152s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/sample.html]

/bin/zsh

[/bin/zsh -c /Users/run/sample.html]

/Users/run/sample.html

[/Users/run/sample.html]

/bin/sh

[sh /Users/run/sample.html]

/bin/bash

[sh /Users/run/sample.html]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.179A19D9-38DB-4A8D-AD38-3C7036237471 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.akd]

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd

[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.1E604758-0F5E-4D52-9A26-17AC9DD94FC5 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.BrowserDataImportingService 677]

/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.BrowserDataImportingService.xpc/Contents/MacOS/com.apple.Safari.BrowserDataImportingService

[/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.BrowserDataImportingService.xpc/Contents/MacOS/com.apple.Safari.BrowserDataImportingService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SafeBrowsing.Service]

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service

[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.SearchHelper 677]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.CD8434F7-0753-48E6-AF5E-DC3BDAEB375D 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mediaremoted]

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.B4CFEB85-0951-470B-8467-B0E0582CA034 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.CB8F802B-A960-4ACB-A01E-C83D3B3DA0B3 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/knowledge-agent

[/usr/libexec/knowledge-agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.03E6F476-1864-40B9-B1D6-CD1E2454BD4B 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.C69C61DD-5CFA-470B-AC53-C5440989A2ED 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.107328FA-CFDE-4BCA-A814-3A29466B05F7 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.0E27812E-D59D-4B0D-8A2A-72D197BF6ACE 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.speech.speechsynthesisd]

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.EE02AE57-5B03-41A1-B04D-79E4700E7798 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.passd]

/System/Library/PrivateFrameworks/PassKitCore.framework/passd

[/System/Library/PrivateFrameworks/PassKitCore.framework/passd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar]

/usr/libexec/xpcproxy

[xpcproxy com.apple.icloud.findmydeviced]

/usr/libexec/findmydeviced

[/usr/libexec/findmydeviced]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.SandboxHelper 730]

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper

[/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.adid]

/System/Library/PrivateFrameworks/CoreADI.framework/adid

[/System/Library/PrivateFrameworks/CoreADI.framework/adid]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.FC6EE50F-2FD0-4C0E-8896-312DDDFF6484 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.0399FDEB-76E4-4DB8-8C8E-4905A1A08512 677]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.accessibility.mediaaccessibilityd]

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd

[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mobile.keybagd]

/usr/libexec/keybagd

[/usr/libexec/keybagd -t 15]

Network

Country Destination Domain Proto
AU 40.79.173.41:443 tcp
DE 17.253.79.202:80 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
IE 20.50.80.210:443 tcp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
GB 23.200.147.27:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 gspe35-ssl.ls-apple.com.akadns.net udp
NL 72.246.172.153:443 tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 api-glb-aeuw3b.smoot.apple.com udp
GB 23.200.147.27:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 www.weather.com udp
BE 104.68.79.85:443 www.weather.com tcp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
FR 172.217.20.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 weather.com udp
US 8.8.8.8:53 eum.instana.io udp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 s.w-x.co udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 websdk.appsflyer.com udp
US 104.16.204.22:443 eum.instana.io tcp
US 8.8.8.8:53 effulgenttempest.com udp
US 8.8.8.8:53 cdn.polyfill.io udp
US 151.101.2.133:443 s.w-x.co tcp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
GB 2.21.189.25:443 assets.adobedtm.com tcp
FR 52.222.201.82:443 cdn.privacy-mgmt.com tcp
US 2.17.251.6:443 websdk.appsflyer.com tcp
US 104.18.24.111:443 effulgenttempest.com tcp
US 104.18.53.44:443 cdn.polyfill.io tcp
US 8.8.8.8:53 static.adsafeprotected.com udp
FR 18.164.52.35:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
US 8.8.8.8:53 api.weather.com udp
GB 23.200.147.40:443 api.weather.com tcp
US 8.8.8.8:53 edge.adobedc.net udp
IE 66.235.152.221:443 edge.adobedc.net tcp
US 8.8.8.8:53 c.go-mpulse.net udp
BE 23.55.96.141:443 c.go-mpulse.net tcp
FR 52.222.201.82:443 cdn.privacy-mgmt.com tcp
US 104.18.24.111:443 effulgenttempest.com tcp
US 8.8.8.8:53 eum-orange-saas.instana.io udp
US 34.120.4.21:443 eum-orange-saas.instana.io tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 clients1.google.com udp
US 8.8.8.8:53 clients1.google.com udp
US 8.8.8.8:53 clients1.google.com udp
FR 216.58.213.78:443 clients1.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.75.238:443 www.youtube.com tcp
FR 216.58.213.78:443 clients1.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 216.58.213.86:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 itunes.apple.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
FR 216.58.213.78:443 clients1.google.com tcp
US 8.8.8.8:53 cdn2.smoot.apple.com udp
US 8.8.8.8:53 cdn.smoot.apple.com udp
GB 17.253.77.202:443 cdn2.smoot.apple.com tcp
GB 17.253.77.202:443 cdn2.smoot.apple.com tcp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.29.214:443 gsp-ssl.ls.apple.com tcp
FR 216.58.213.78:443 clients1.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 id.google.com udp
DE 216.58.206.35:443 id.google.com tcp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
US 8.8.8.8:53 cds.apple.com udp
GB 104.82.128.95:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 2.21.189.171:443 help.apple.com tcp
GB 2.21.189.171:443 help.apple.com tcp
US 8.8.8.8:53 five-nights-at-freddys.en.uptodown.com udp
US 151.101.3.52:443 five-nights-at-freddys.en.uptodown.com tcp
US 8.8.8.8:53 stc.utdstc.com udp
US 8.8.8.8:53 geo.cookie-script.com udp
US 8.8.8.8:53 scripts.ssm.codes udp
US 8.8.8.8:53 btloader.com udp
US 151.101.3.52:443 stc.utdstc.com tcp
US 151.101.3.52:443 stc.utdstc.com tcp
US 8.8.8.8:53 img.utdstc.com udp
NL 188.226.136.4:443 geo.cookie-script.com tcp
US 104.26.4.120:443 scripts.ssm.codes tcp
US 172.67.41.60:443 btloader.com tcp
US 151.101.3.52:443 img.utdstc.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ssm.codes udp
US 104.26.5.120:443 ssm.codes tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
FR 142.250.178.130:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 consent.cookie-script.com udp
US 8.8.8.8:53 cdn.cookie-script.com udp
DE 116.203.90.127:443 consent.cookie-script.com tcp
NL 146.185.171.19:443 cdn.cookie-script.com tcp
NL 146.185.171.19:443 cdn.cookie-script.com tcp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 18.155.129.34:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 a71e0c5233c14b93b48165cb2d4dbf8f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
FR 216.58.214.161:443 a71e0c5233c14b93b48165cb2d4dbf8f.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 c.ltmsphrcl.net udp
IE 52.213.38.247:443 c.ltmsphrcl.net tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
FR 216.58.213.65:443 cdn.ampproject.org tcp
FR 216.58.213.65:443 cdn.ampproject.org tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 an1.com udp
GB 151.236.221.139:443 an1.com tcp
GB 151.236.221.139:443 an1.com tcp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 151.236.221.139:443 an1.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
BG 172.217.17.131:443 csi.gstatic.com tcp
US 8.8.8.8:53 smp-device-content.apple.com udp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
US 8.8.8.8:53 rr1---sn-aigl6nsd.googlevideo.com udp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
GB 151.236.221.139:443 an1.com tcp
FR 142.250.179.78:443 fundingchoicesmessages.google.com tcp
GB 74.125.105.38:443 rr1---sn-aigl6nsd.googlevideo.com tcp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
DE 17.253.73.201:443 smp-device-content.apple.com tcp
RU 93.158.134.119:443 mc.yandex.ru tcp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml

MD5 9a43af57707d2fb460832049d1f217d1
SHA1 056d813f8cb5198ca82072f7e3484f38ea5267f8
SHA256 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c
SHA512 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

MD5 ae68d70ed4da88e10fecef045ebba025
SHA1 0ba35d4da4e3ab79d3111db9d9d9d32cd6a5926a
SHA256 620cb40a432307e65440a5626af14155b8f3fbc88ca2ab0a2d8c01829712aeaa
SHA512 ae54ddf2e5d7686e76a4ec206b69e62aefe7c5c8e459c90ce8e070f818d2bb6638898d82d8ad54b6ba611607fa6c55999c829788bc01e9ed20a444735ef54234

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

MD5 8a9a5ae6d9492faf8682e2449629f4ef
SHA1 8c02dfe121a583365d372031bfdac3d3c32abfd0
SHA256 c4da0149070e53945bc869ad895de789b9ec663bca8eb82c7fb0cce3cd6489f4
SHA512 ff3cebd602848f05f2175b7530bdff78495afbdd2ade2c17d5f4f838c0793b907800e9d8c42a2c5cf5a70e97a3083539327a9119bcf24ecd7a564a488c4d6014

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

MD5 47b428764bb661c3fca264da54224f8e
SHA1 2232372be2952dfdec15daad69bc4245bf8cb299
SHA256 3271d99bbae2a7b89aab3d7456336cd662d942cd947a9bc66e21e4ad1ce80a7b
SHA512 57cfacd7904b7b5aca8cf11dcd1e4b5f06772a8137c11b680fa2ac9313e92e412941a98900bb948b107db4f31ada12ced32147dae3bad2d3cf428dde677c3e6b

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 90d8ac6b9328f8e785b3f68dbffb86a6
SHA1 919a0ab0896a4078f90e1aed665851661aac9018
SHA256 37e1e9d0fd2756cbbd9c88881fc4772b2dc5c3c29569a76ff78aecc6abce13fc
SHA512 88189d7c591d02e0a5339e4ed52b90f3c46abc9249b726e0e840bc93631a8a1df6aeb49566e54553ab20e52a7a5e63582562342f45379f0ed38d9192d35f7a37

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 5419e383deaf9fc8f15539f4050ac2ee
SHA1 148d3d075f38bca7468fff7c7f7166d6b5e82141
SHA256 391ce0124439a9d42f0067ecb4f48cb1a2d6210259ec37faac71f7894fa7bbf4
SHA512 318977018bd74810ee8cebff7ac91950ff1156bcdc01b44568dc1dfab43127aa8e6571463c01d962b18e76341a55d72455ae96169c8f5d35fdc5a8500ef51121

/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 f8064febf9e82937a539ffd38687e034
SHA1 897196cce331c30ac601972fac808cbb44c98bdd
SHA256 5cd0e7cec68c4a8bd8e25ccbe764cb80e2fe4c107cf39239b5142863a4d38cf1
SHA512 fcad821f31bf56d8869c0a70e0b3979c27a4a224facb8ae1265f2119811b2eb52db4e8f1db357e3facb9848a1da43812660448525348b82d3bff7e6aabe5cce3

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 7f6c91b2ded54ea24c79f64329c1b3cb
SHA1 6f4cb244a3740418d219e57e0894c2b05c2ae625
SHA256 7f8e521de06303cd93b0c62306b08dccbdbb3e2526e9808954276f988618f8a1
SHA512 fc6197633b075af77af4f43344e4731cee5e3c438ad7b63e288b34b2d4ee5dc04541396f0115e07dcbf0168dd426de7a803fe57765bef3f8807c8b51d1abc66a

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 6cecdf218fcca9e10a31935dfa74b463
SHA1 d612ac8cf25972b8093ffa1bd8f2b0224f9e903d
SHA256 164904327ca98514fb4e2a89fd777d343b68d77634a729ceb051c3b86d05e259
SHA512 216081802432330012552214ee52e36e37b72a482f6525d7776720d5e4ce7981be0423c3c2d62f6a1f6c792a6dbdc8a56685c57aacd32ea078a78b6154a9f4c7

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 6b427dafb427954821424cfbd41c7dfa
SHA1 69ffc73306bafbd51c5585f581a34b95dc80ca92
SHA256 34ff89e61e5065bce6823b31052a471107aa444654ef88c219cc6c2100664826
SHA512 38b2d9b80833a748075b14c8974b56b9191dea050537f2833168984b2a91a377ca1effa2aeb7e997db9c32047fa3c251fa2b7a6aa10f099a4856bbdeb9497e18

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 0af0dae8766d22b0fbe150fde82b8936
SHA1 3552553bf28288d6edf6960318da725dca8a94e3
SHA256 c4260e6258a904df55a7e512d34a477ae72dcafe26d797872defb5099f21a25b
SHA512 9e248a0c0a85ed3b1edc336878ddc8fd5f8db5badabf1d25919fd3676e1c51cd8b4a4d609338136aff0c6be20756382ea163263daea8c546622bde12efb2c122

/Users/run/Library/Safari/Favicon Cache/favicons/CEA76C7EF20609530017BF6A9F8BF63D

MD5 da7a1df6ee52206a3081b47f7573a57b
SHA1 9e57ccce7c65223c8feedfd8aececcc370c55dc2
SHA256 d314b563e804ccb3dec12378aa8da7eb14e2abdf2b04f68afbc62e91e0a41a20
SHA512 c750ee35ba2fde010d7df39c65c3639eab3c73fe61e27381f71620c43d7af90b51bc1f046ec45d92089c604a96c369c68ee8e8b63673141e8266f9e2095bd86a

/Users/run/Library/Caches/PassKit/cache.plist

MD5 983afa02ac9bd03474cbd0754dfec41e
SHA1 696bf72962cb4a3f8872e4cca621f08657986dcb
SHA256 6d90fccdd6c7756e9bc28f85f4d38ae54481e32ed1748ff4ff2fbda5ba2097a8
SHA512 398b3b2d86db3e2f6f3d9cf22d12562c89b263629eadf3cc5863ad275b5ab2980a60308883df3992be0d64cca0260216ce36c0d16270e53c5d2b710f215a3116

/Users/run/Library/Passes/PaymentWebServiceContext.archive

MD5 05003dc983550d75c3b8f27ca6ce1bb0
SHA1 ebfab702dc47e11220d26255a5891b9a33dda763
SHA256 6c5e2d8a041b98af5d280475b2eb28b1b3a416f311cfe2ede32f3dd11306bfe7
SHA512 f12a605ce57a7b1abad25782e195db5d1b978244564e6c18b387ff5712f6e11e3495835de4625f516367cc0ec6c9c49f59e4d0bc89915986baa1124c6c28204c

/Users/run/Library/Passes/PeerPaymentWebServiceContext.archive

MD5 ab50775ad486c07ab82d4a4ab5025246
SHA1 5a4ab6e968e47b8195a8bd615bcb8943539bbb0c
SHA256 fab7f9fbd09f5e14cdbf5b0f6bd33dea99cd0fd9e51203c69875289ffce6e0e6
SHA512 f377b0292e44270975f6d91924f481170ee68cc39a405f697946b0dff2c8ac19883c338a51043064a4de6278ae779b0b9af06b1b791b546c3d338afb04193886

/Users/run/Library/Passes/ScheduledActivities.archive

MD5 000d11f0a896f9c0d559f8f8e273c229
SHA1 f0a8f34d20730160ab94c3439f1fe07169b94b5c
SHA256 a7c40bcdfd688a3c37705191aa7d9a21e9b860ead4d429f98835cd97796f74d6
SHA512 6185a4324a0746ed7b10b9f6ed0c8bcf062d528d30bfdc16435baaed75588392b17cb14aa1db5c87ffeb2999953c76232605f47eba73c598dcd76e795b7f724d

/Users/run/Library/Passes/WebServiceTasks_v6.archive

MD5 09dfdae412e2ce9c6666f52f76002c1a
SHA1 d175b94d9dbbc3980c77cbd1da8fa7b853cf0783
SHA256 c620ab626d4350382bd8d7c999e0f3f765e7414a02264987cc38aa428ea03260
SHA512 54bfe4cf51f958dcec06b6bf81df0000d8b4cf464d7c1eadb22450fd0f86d42558f68acfc5e6806557cb1c76b2cd9b1c310c7c1e6fcbef018579e5789e183969

/Users/run/Library/Passes/PaymentWebServiceContext.archive

MD5 4f188931c6dc6c46e1a9c610804a0a0a
SHA1 55e897b5c4d13e80d57a841b9dbebb68e819b836
SHA256 bfb3974673246eefef4cb1384dbde291a0cb43bdc2b24167c8bb96154153cd63
SHA512 cdbb8a0094e6bd8eb7a0e9f5d04eb06e9a780933c920c2ff2ca93277fb2b5d4405691dcdb29e26c9a730f477179a23f33f81e1b9578b04d5e19e9d0a1052a797

/Users/run/Library/Safari/Favicon Cache/favicons/A2F874884E1C9D0FEE70223647FFD4CF

MD5 bedbd00df1000efc830d8bcfaf351879
SHA1 16d4bc230e815a65e7737d7e93c2b343a910e7bd
SHA256 83d60a1723ac2897ac00910a764fb1c50c28e3cfd338229b5cf4e9affa56b04c
SHA512 e8ce944447d87c54ac41b96dda95734fc5cca2be53032e5f639d2d84c73bde71bae0e33c7244fa1b5db7de320e4865ba7ab01a152289c3d3b30e31b8f273203c

/Users/run/Library/Passes/ScheduledActivities.archive

MD5 ebc5525e880eb4f577b7b40005cf9ae8
SHA1 a647b9583b33da9ab26a6a10ad24cc997629253d
SHA256 3cf664687786ebdc7e489a611069d552fe039a8f482948225ef382b53f1f9c28
SHA512 6274d16b1371ad79f6f44a2f29839c117cc746983953500d33e82a28e030df43108b71600a275e4c31fb9fabe3d6c490b495e5a85eab360dd897f99afa201304