Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 19.0.0 |
Analysis ID: | 36981 |
Start time: | 15:30:39 |
Joe Sandbox Product: | Cloud |
Start date: | 02.05.2017 |
Overall analysis duration: | 0h 12m 28s |
Report type: | full |
Sample file name: | 7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145.app |
Cookbook file name: | default.jbs |
Analysis system description: | Mac Mini, El Capitan 10.11.6 (MS Office 15.25, Java 1.8.0_25) |
Detection: | MAL |
Classification: | mal100.spyw.expl.evad.macAPP@0/24@2/0 |
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN |
Classification |
---|
Signature Overview |
---|
Click to jump to signature section
Cryptography: |
---|
Imports (root) certificates into the systems keychain usually to intercept SSL traffic or bypass code integrity protections | Show sources |
Source: /bin/bash (PID: 477) | Certificate import: |
Networking: |
---|
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Reads from file descriptors related to (network) sockets | Show sources |
Source: /usr/bin/curl (PID: 483) | Reads from socket in process: |
Uses HTTPS | Show sources |
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: |
Writes from file descriptors related to (network) sockets | Show sources |
Source: /usr/bin/curl (PID: 483) | Writes from socket in process: |
System Summary: |
---|
Classification label | Show sources |
Source: classification engine | Classification label: |
Submitted sample is a known malware sample | Show sources |
Source: MD5 e8bdde90574d5bf285d9abb0c8a113a8 | Submitted blacklisted sample: |
Persistence and Installation Behavior: |
---|
Executes the "awk" command used to scan for patterns (usually in standard output) | Show sources |
Source: /bin/sh (PID: 529) | Awk executable: |
Executes the "sed" command used to modify input streams (usually from files or pipes) | Show sources |
Source: /bin/sh (PID: 530) | Sed executable: |
Reads data from the local random generator | Show sources |
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Random device file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Random device file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Random device file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Random device file read: | ||
Source: /usr/bin/security (PID: 477) | Random device file read: | ||
Source: /usr/bin/curl (PID: 483) | Random device file read: | ||
Source: /usr/bin/curl (PID: 483) | Random device file read: | ||
Source: /usr/bin/ruby (PID: 485) | Random device file read: | ||
Source: /usr/libexec/diskmanagementd (PID: 535) | Random device file read: |
Submitted sample is a bundle that is signed | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | CodeSignature CodeResources file read: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | CodeSignature CodeResources file read: |
Uses AppleKeyboardLayouts bundle containing keyboard layouts | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | AppleKeyboardLayouts info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | AppleKeyboardLayouts info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | AppleKeyboardLayouts info plist opened: |
Writes property list (.plist) files to disk | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | XML plist file created: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | XML plist file created: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Binary plist file created: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | XML plist file created: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | XML plist file created: | ||
Source: /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues (PID: 533) | XML plist file created: |
Changes permissions of written Mach-O files | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Permissions modifiied for written 64-bit Mach-O /Users/Shared/AppStore.app/Contents/MacOS/AppStore: |
Creates hidden files, links and/or directories | Show sources |
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Hidden file created: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Hidden file created: | ||
Source: /usr/bin/touch (PID: 525) | Hidden file created: |
Executes Ruby scripts via command line evaluation | Show sources |
Source: /usr/bin/sudo (PID: 485) | Ruby script executed using -e: |
Executes commands using a shell command-line interpreter | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Shell command executed: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Shell command executed: | ||
Source: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/MacOS/uid (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Shell command executed: | ||
Source: /usr/bin/ruby (PID: 486) | Shell command executed: | ||
Source: /usr/bin/ruby (PID: 488) | Shell command executed: | ||
Source: /usr/bin/ruby (PID: 491) | Shell command executed: | ||
Source: /usr/bin/ruby (PID: 522) | Shell command executed: | ||
Source: /usr/bin/ruby (PID: 526) | Shell command executed: |
Executes the "chgrp" command used to modify group ownership | Show sources |
Source: /usr/bin/sudo (PID: 499) | Chgrp executable: | ||
Source: /usr/bin/sudo (PID: 509) | Chgrp executable: |
Executes the "chmod" command used to modify permissions | Show sources |
Source: /bin/bash (PID: 455) | Chmod executable: | ||
Source: /usr/bin/sudo (PID: 493) | Chmod executable: | ||
Source: /usr/bin/sudo (PID: 495) | Chmod executable: | ||
Source: /usr/bin/sudo (PID: 503) | Chmod executable: | ||
Source: /usr/bin/sudo (PID: 505) | Chmod executable: | ||
Source: /usr/bin/sudo (PID: 513) | Chmod executable: | ||
Source: /usr/bin/sudo (PID: 519) | Chmod executable: |
Executes the "curl" command used to transfer data via the network (usually using HTTP/S) | Show sources |
Source: /bin/bash (PID: 483) | Curl executable: |
Executes the "grep" command used to find patterns in files or piped streams | Show sources |
Source: /bin/sh (PID: 528) | Grep executable: |
Executes the "mkdir" command used to create folders | Show sources |
Source: /usr/bin/sudo (PID: 501) | Mkdir executable: | ||
Source: /usr/bin/sudo (PID: 511) | Mkdir executable: | ||
Source: /usr/bin/sudo (PID: 517) | Mkdir executable: |
Executes the "ruby" command used to interprete Ruby scripts | Show sources |
Source: /usr/bin/sudo (PID: 485) | Ruby executable: |
Executes the "touch" command used to create files or modify time stamps | Show sources |
Source: /usr/bin/sudo (PID: 525) | Touch executable: |
Reads launchservices plist files | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Launchservices plist file read: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Launchservices plist file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Launchservices plist file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Launchservices plist file read: |
Reads user launchservices plist file containing default apps for corresponding filetypes | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Preferences launchservices plist file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Preferences launchservices plist file read: |
Uses AppleScript framework/components containing Apple Script related functionalities | Show sources |
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | AppleScript framework/component info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | AppleScript framework/component info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | AppleScript framework/component info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | AppleScript framework/component info plist opened: |
Uses AppleScript scripting additions containing additional functionalities for Apple Scripts | Show sources |
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | AppleScript scripting addition info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | AppleScript scripting addition info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | AppleScript scripting addition info plist opened: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | AppleScript scripting addition info plist opened: |
Writes 64-bit Mach-O files to disk | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | File written: |
Writes certificate files to disk | Show sources |
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | DER file created: |
Writes icon files to disk | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | File written: |
Changes permissions of common UNIX (system) binary directories | Show sources |
Source: /usr/bin/sudo (PID: 493) | Chmod directory: | ||
Source: /usr/bin/sudo (PID: 495) | Chmod directory: | ||
Source: /usr/bin/sudo (PID: 503) | Chmod directory: | ||
Source: /usr/bin/sudo (PID: 505) | Chmod directory: | ||
Source: /usr/bin/sudo (PID: 513) | Chmod directory: | ||
Source: /usr/bin/sudo (PID: 519) | Chmod directory: |
Executes the "dsmemberutil" command used to retrieve user membership information | Show sources |
Source: /bin/sh (PID: 491) | Dsmemberutil executable: |
Executes the "rm" command used to delete files or directories | Show sources |
Source: /bin/bash (PID: 459) | Rm executable: |
Executes the "softwareupdate" command used to check for new Apple related software and updates | Show sources |
Source: /bin/sh (PID: 527) | Softwareupdate executable: | ||
Source: /usr/bin/sudo (PID: 545) | Softwareupdate executable: |
Executes the "sudo" command used to execute a command as another user | Show sources |
Source: /bin/bash (PID: 478) | Sudo executable: | ||
Source: /bin/bash (PID: 480) | Sudo executable: | ||
Source: /bin/bash (PID: 481) | Sudo executable: | ||
Source: /bin/sh (PID: 489) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 492) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 494) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 496) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 498) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 500) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 502) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 504) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 506) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 508) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 510) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 512) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 514) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 516) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 518) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 520) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 524) | Sudo executable: | ||
Source: /usr/bin/ruby (PID: 544) | Sudo executable: |
Executes the "xcode-select" command used to retrieve developer environment information | Show sources |
Source: /bin/sh (PID: 487) | Xcode-select executable: | ||
Source: /bin/sh (PID: 523) | Xcode-select executable: |
Explicitly checks for user admin membership | Show sources |
Source: /bin/sh (PID: 491) | Dsmemberutil checkmembership of admin: |
Explicitly terminates browser processes | Show sources |
Source: /bin/bash (PID: 474) | Kills 'Safari'browser processes: | ||
Source: /bin/bash (PID: 475) | Kills 'Firefox'browser processes: | ||
Source: /bin/bash (PID: 476) | Kills 'Chrome'browser processes: |
Installs Xcode Command Line Tools used for compiling software | Show sources |
Source: /usr/bin/ruby (PID: 544) | Installation of Xcode CLI tools: | ||
Source: /usr/bin/sudo (PID: 545) | Installation of Xcode CLI tools: |
Installs new Apple related software and updates | Show sources |
Source: /usr/bin/ruby (PID: 544) | Software installation: | ||
Source: /usr/bin/sudo (PID: 545) | Software installation: |
Many shell processes execute programs via execve syscall (may be indicative for malicious behaviour) | Show sources |
Source: /bin/sh (PID: 471) | Shell process: | ||
Source: /bin/sh (PID: 487) | Shell process: | ||
Source: /bin/sh (PID: 489) | Shell process: | ||
Source: /bin/sh (PID: 491) | Shell process: | ||
Source: /bin/sh (PID: 523) | Shell process: | ||
Source: /bin/sh (PID: 527) | Shell process: | ||
Source: /bin/sh (PID: 528) | Shell process: | ||
Source: /bin/sh (PID: 529) | Shell process: | ||
Source: /bin/sh (PID: 530) | Shell process: | ||
Source: /bin/sh (PID: 531) | Shell process: |
Terminates several processes with shell command 'killall' | Show sources |
Source: /bin/bash (PID: 474) | Killall command executed: | ||
Source: /bin/bash (PID: 475) | Killall command executed: | ||
Source: /bin/bash (PID: 476) | Killall command executed: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Reads the sysctl safe boot value (probably to check if the system is in safe boot mode) | Show sources |
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Sysctl read request: |
Bypasses sudo password prompts by disabling it in the sudoers file | Show sources |
Source: /bin/bash (PID: 473) | File written: |
Modifies the sudoers file used to configure command execution as another user | Show sources |
Source: /bin/bash (PID: 473) | File written: |
Language, Device and Operating System Detection: |
---|
Reads the system or server version plist file | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | System or server version plist file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | System or server version plist file read: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | System or server version plist file read: | ||
Source: /usr/bin/sw_vers (PID: 490) | System or server version plist file read: |
Queries OS software version with shell command 'sw_vers' | Show sources |
Source: /usr/bin/ruby (PID: 490) | sw_vers executed: |
Reads hardware related sysctl values | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Sysctl read request: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Sysctl read request: | ||
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Sysctl read request: |
Reads the kernel OS version value | Show sources |
Source: /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore (PID: 453) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 460) | Sysctl read request: | ||
Source: /Users/Shared/AppStore.app/Contents/MacOS/AppStore (PID: 471) | Sysctl read request: |
Reads the systems OS release and/or type | Show sources |
Source: /usr/bin/curl (PID: 483) | Sysctl requested: | ||
Source: /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues (PID: 533) | Sysctl requested: | ||
Source: /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues (PID: 533) | Sysctl requested: |
Reads the systems hostname | Show sources |
Source: /bin/bash (PID: 455) | Sysctl requested: | ||
Source: /bin/bash (PID: 456) | Sysctl requested: | ||
Source: /bin/sh (PID: 471) | Sysctl requested: | ||
Source: /bin/bash (PID: 473) | Sysctl requested: | ||
Source: /bin/bash (PID: 474) | Sysctl requested: | ||
Source: /bin/bash (PID: 475) | Sysctl requested: | ||
Source: /bin/bash (PID: 476) | Sysctl requested: | ||
Source: /bin/bash (PID: 477) | Sysctl requested: | ||
Source: /bin/bash (PID: 478) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 478) | Sysctl requested: | ||
Source: /bin/bash (PID: 479) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 480) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 481) | Sysctl requested: | ||
Source: /bin/sh (PID: 486) | Sysctl requested: | ||
Source: /bin/sh (PID: 488) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 489) | Sysctl requested: | ||
Source: /bin/sh (PID: 491) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 492) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 494) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 496) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 498) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 500) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 502) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 504) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 506) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 508) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 510) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 512) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 514) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 516) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 518) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 520) | Sysctl requested: | ||
Source: /bin/sh (PID: 522) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 524) | Sysctl requested: | ||
Source: /bin/sh (PID: 526) | Sysctl requested: | ||
Source: /usr/bin/sudo (PID: 544) | Sysctl requested: | ||
Source: /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues (PID: 533) | Sysctl requested: |
Stealing of Sensitive Information: |
---|
Executes the "security" command used to access the keychain | Show sources |
Source: /bin/bash (PID: 477) | Security executable: |
Imports (root) certificates into the systems keychain usually to intercept SSL traffic or bypass code integrity protections | Show sources |
Source: /bin/bash (PID: 477) | Certificate import: |
Runtime Messages |
---|
Command: | open |
Exitcode: | 0 |
Killed: | False |
Standard Output: | |
Standard Error: |
Yara Overview |
---|
No Yara matches |
---|
Screenshot |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes | Malicious |
---|---|---|
| false | |
| false | |
| false | |
| true | |
| false | |
| false | |
| false | |
| false | |
| false | |
| false | |
| false | |
| true | |
| true | |
| false | |
| false | |
| false | |
| false |
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious |
---|---|---|---|
raw.githubusercontent.com | 151.101.0.133 | true | false |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
17.253.34.125 | United States | 6185 | AppleInc | false | |
151.101.0.133 | United States | 137 | GARRItalianacademicandresearchnetwork | false | |
8.8.4.4 | United States | 15169 | GoogleInc | false | |
17.188.166.11 | United States | 714 | AppleInc | false | |
8.8.8.8 | United States | 15169 | GoogleInc | false | |
17.252.60.24 | United States | 714 | AppleInc | false | |
224.0.0.251 | Reserved | 2541 | JumpManagementSRL | false |
Static File Info |
---|
General | |
---|---|
File type: | |
TrID: |
|
File name: | 7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145.app |
File size: | 129000 |
MD5: | e8bdde90574d5bf285d9abb0c8a113a8 |
SHA1: | f5d3425482dc4f4f738277ff3ba315b496894899 |
SHA256: | 7819ae7d72fa045baa77e9c8e063a69df439146b27f9c3bb10aef52dcc77c145 |
SHA512: | 11cbb93092b2136ac0305a9e73b037d5495ff1c1d81244e3b7d8aa7921dba54bcbcc9efbd9964f7e8d8510d1364948421f33dffc03a873ae13ec8c2f11dae7f8 |
File Content Preview: | PK.........`.J................Dokument.app/PK.........`.J................Dokument.app/Contents/PK.........`.J............%...Dokument.app/Contents/_CodeSignature/PK.........`.J<.......N...2...Dokument.app/Contents/_CodeSignature/CodeResources.V.N.@.}...6> |
Static App Info |
---|
General Informations | |
---|---|
Package Info: | |
Property List File: |
Resources |
---|
Name | Type |
---|---|
Info.plist | XML document text |
PkgInfo | ASCII text, with no line terminators |
AppStore | Mach-O 64-bit executable |
AppIcon.icns | data |
appstore.tiff | TIFF image data, big-endian |
MainMenu.nib | Apple binary property list |
MainMenu.strings | UTF-8 Unicode C program text, with very long lines |
MainMenu.strings | UTF-8 Unicode C program text, with very long lines |
CodeResources | XML document text |
Info.plist | XML document text |
PkgInfo | ASCII text, with no line terminators |
AppStore | Mach-O 64-bit executable |
AppIcon.icns | data |
appstore.tiff | TIFF image data, big-endian |
MainMenu.nib | Apple binary property list |
MainMenu.strings | UTF-8 Unicode C program text, with very long lines |
MainMenu.strings | UTF-8 Unicode C program text, with very long lines |
CodeResources | XML document text |
Static Mach Info |
---|
General Informations for header0 | |
---|---|
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | 23 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __PAGEZERO | |
fileoff | 0 | |
maxprot | 0 | |
vmsize | 4294967296 | |
nsects | 0 | |
flags | 0 | |
filesize | 0 | |
vmaddr | 0 | |
initprot | 0 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __TEXT | |
fileoff | 0 | |
maxprot | 7 | |
vmsize | 24576 | |
nsects | 12 | |
flags | 0 | |
filesize | 24576 | |
vmaddr | 4294967296 | |
initprot | 5 | |
Datas | sectname | __text |
segname | __TEXT | |
reloff | 0 | |
addr | 4294971801 | |
align | 0 | |
nreloc | 0 | |
flags | 2147484672 | |
offset | 4505 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 9247 | |
sectname | __stubs | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294981048 | |
align | 1 | |
nreloc | 0 | |
flags | 2147484680 | |
offset | 13752 | |
reserved2 | 6 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 120 | |
sectname | __stub_helper | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294981168 | |
align | 2 | |
nreloc | 0 | |
flags | 2147484672 | |
offset | 13872 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 216 | |
sectname | __objc_methname | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294981384 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 14088 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 4856 | |
sectname | __cstring | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294986240 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 18944 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1778 | |
sectname | __objc_classname | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294988018 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 20722 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 122 | |
sectname | __objc_methtype | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294988140 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 20844 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 2257 | |
sectname | __const | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294990400 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 23104 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __gcc_except_tab | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294990408 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 23112 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 924 | |
sectname | __ustring | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294991332 | |
align | 1 | |
nreloc | 0 | |
flags | 0 | |
offset | 24036 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 212 | |
sectname | __unwind_info | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294991544 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 24248 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 200 | |
sectname | __eh_frame | |
segname | __TEXT | |
reloff | 0 | |
addr | 4294991744 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 24448 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 128 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __DATA | |
fileoff | 24576 | |
maxprot | 7 | |
vmsize | 12288 | |
nsects | 16 | |
flags | 0 | |
filesize | 12288 | |
vmaddr | 4294991872 | |
initprot | 3 | |
Datas | sectname | __nl_symbol_ptr |
segname | __DATA | |
reloff | 0 | |
addr | 4294991872 | |
align | 3 | |
nreloc | 0 | |
flags | 6 | |
offset | 24576 | |
reserved2 | 0 | |
reserved1 | 20 | |
reserved3 | 0 | |
size | 16 | |
sectname | __got | |
segname | __DATA | |
reloff | 0 | |
addr | 4294991888 | |
align | 3 | |
nreloc | 0 | |
flags | 6 | |
offset | 24592 | |
reserved2 | 0 | |
reserved1 | 22 | |
reserved3 | 0 | |
size | 48 | |
sectname | __la_symbol_ptr | |
segname | __DATA | |
reloff | 0 | |
addr | 4294991936 | |
align | 3 | |
nreloc | 0 | |
flags | 7 | |
offset | 24640 | |
reserved2 | 0 | |
reserved1 | 28 | |
reserved3 | 0 | |
size | 160 | |
sectname | __cfstring | |
segname | __DATA | |
reloff | 0 | |
addr | 4294992096 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 24800 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 2144 | |
sectname | __objc_classlist | |
segname | __DATA | |
reloff | 0 | |
addr | 4294994240 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 26944 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 16 | |
sectname | __objc_catlist | |
segname | __DATA | |
reloff | 0 | |
addr | 4294994256 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 26960 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_protolist | |
segname | __DATA | |
reloff | 0 | |
addr | 4294994264 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 26968 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 32 | |
sectname | __objc_imageinfo | |
segname | __DATA | |
reloff | 0 | |
addr | 4294994296 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 27000 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_const | |
segname | __DATA | |
reloff | 0 | |
addr | 4294994304 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 27008 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 5352 | |
sectname | __objc_selrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4294999656 | |
align | 3 | |
nreloc | 0 | |
flags | 268435461 | |
offset | 32360 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 648 | |
sectname | __objc_classrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295000304 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 33008 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 136 | |
sectname | __objc_superrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295000440 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 33144 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_ivar | |
segname | __DATA | |
reloff | 0 | |
addr | 4295000448 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 33152 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 88 | |
sectname | __objc_data | |
segname | __DATA | |
reloff | 0 | |
addr | 4295000536 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 33240 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 160 | |
sectname | __data | |
segname | __DATA | |
reloff | 0 | |
addr | 4295000704 | |
align | 4 | |
nreloc | 0 | |
flags | 0 | |
offset | 33408 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 3168 | |
sectname | __bss | |
segname | __DATA | |
reloff | 0 | |
addr | 4295003872 | |
align | 3 | |
nreloc | 0 | |
flags | 1 | |
offset | 0 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __LINKEDIT | |
fileoff | 36864 | |
maxprot | 7 | |
vmsize | 16384 | |
nsects | 0 | |
flags | 0 | |
filesize | 13808 | |
vmaddr | 4295004160 | |
initprot | 1 |
dyld_info_command |
---|
Name | Value | |
---|---|---|
lazy_bind_size | 528 | |
lazy_bind_off | 38096 | |
weak_bind_size | 0 | |
rebase_size | 344 | |
export_off | 38624 | |
export_size | 32 | |
bind_off | 37208 | |
rebase_off | 36864 | |
bind_size | 888 | |
weak_bind_off | 0 |
symtab_command |
---|
Name | Value | |
---|---|---|
strsize | 1064 | |
symoff | 38784 | |
stroff | 39760 | |
nsyms | 49 |
dysymtab_command |
---|
Name | Value | |
---|---|---|
extreloff | 0 | |
nlocrel | 0 | |
indirectsymoff | 39568 | |
modtaboff | 0 | |
nextrel | 0 | |
iundefsym | 2 | |
nmodtab | 0 | |
ilocalsym | 0 | |
nundefsym | 47 | |
nextrefsyms | 0 | |
locreloff | 0 | |
ntoc | 0 | |
nlocalsym | 1 | |
tocoff | 0 | |
extrefsymoff | 0 | |
nindirectsyms | 48 | |
iextdefsym | 1 | |
nextdefsym | 1 |
dylinker_command |
---|
Name | Value | |
---|---|---|
name | 12 | Data | /usr/lib/dyld |
uuid_command |
---|
Name | Value | |
---|---|---|
uuid | e872d32c087c300583856f4809a01584 |
version_min_command |
---|
Name | Value | |
---|---|---|
version | 657664 | |
reserved | 657920 |
source_version_command |
---|
Name | Value | |
---|---|---|
version | 0 |
entry_point_command |
---|
Name | Value | |
---|---|---|
stacksize | 0 | |
entryoff | 5961 |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.44.1 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 4096.127.4 | Data | /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.228.0 | Data | /usr/lib/libobjc.A.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.189.4 | Data | /usr/lib/libSystem.B.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.45.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 3584.63.5 | Data | /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.150.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 4096.127.4 | Data | /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.64.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.88.2 | Data | /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics |
rpath_command |
---|
Name | Value | |
---|---|---|
path | 12 | Data | @executable_path/../Frameworks |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 38656 | |
datassize | 48 |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 38704 | |
datassize | 0 |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 38704 | |
datassize | 80 |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 40832 | |
datassize | 9840 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mai 2, 2017 15:31:11.692693949 MESZ | 57735 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:12.629211903 MESZ | 53 | 57735 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:19.193578005 MESZ | 53219 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:19.193696022 MESZ | 53 | 53219 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:19.193934917 MESZ | 53219 | 53 | 192.168.0.50 | 8.8.4.4 |
Mai 2, 2017 15:31:19.194017887 MESZ | 53 | 53219 | 8.8.4.4 | 192.168.0.50 |
Mai 2, 2017 15:31:19.330516100 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:31:19.500202894 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:31:19.506320953 MESZ | 60406 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:19.506542921 MESZ | 65096 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:20.574440002 MESZ | 60406 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:20.574462891 MESZ | 65096 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:20.635322094 MESZ | 53 | 65096 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:20.635354996 MESZ | 53 | 60406 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:21.627639055 MESZ | 53 | 60406 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:21.627671957 MESZ | 53 | 65096 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:21.799474955 MESZ | 63562 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:21.799540043 MESZ | 61902 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:22.635335922 MESZ | 53 | 61902 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:22.635360956 MESZ | 53 | 63562 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:40.520466089 MESZ | 49155 | 5223 | 192.168.0.50 | 17.188.166.11 |
Mai 2, 2017 15:31:40.520488977 MESZ | 5223 | 49155 | 17.188.166.11 | 192.168.0.50 |
Mai 2, 2017 15:31:40.720473051 MESZ | 5223 | 49155 | 17.188.166.11 | 192.168.0.50 |
Mai 2, 2017 15:31:40.720737934 MESZ | 49155 | 5223 | 192.168.0.50 | 17.188.166.11 |
Mai 2, 2017 15:31:48.852389097 MESZ | 49173 | 5223 | 192.168.0.50 | 17.252.60.24 |
Mai 2, 2017 15:31:48.852420092 MESZ | 5223 | 49173 | 17.252.60.24 | 192.168.0.50 |
Mai 2, 2017 15:31:49.211980104 MESZ | 5223 | 49173 | 17.252.60.24 | 192.168.0.50 |
Mai 2, 2017 15:31:49.212301016 MESZ | 49173 | 5223 | 192.168.0.50 | 17.252.60.24 |
Mai 2, 2017 15:33:25.870512962 MESZ | 64200 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:25.870553017 MESZ | 52198 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:26.623991966 MESZ | 53 | 52198 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:26.624028921 MESZ | 53 | 64200 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:27.406713963 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.406766891 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.407027960 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.414486885 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.414513111 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.594789982 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.594810963 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.595396996 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.595417023 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.644638062 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.645080090 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.668196917 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.668219090 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.669955969 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.669967890 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.791852951 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:27.793092012 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.793864965 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:27.793889046 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.075337887 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.075356007 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.075903893 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.075923920 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.076303005 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.090754032 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.090766907 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.092307091 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.092320919 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.092703104 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.094799995 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.095911026 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.095928907 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.095952034 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.096343040 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.096350908 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.096612930 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.098069906 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.098476887 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.111012936 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.111026049 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.111598969 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.112237930 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.112258911 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.112891912 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:28.112966061 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 |
Mai 2, 2017 15:33:28.113193989 MESZ | 49205 | 443 | 192.168.0.50 | 151.101.0.133 |
Mai 2, 2017 15:33:29.236218929 MESZ | 56757 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:29.639600992 MESZ | 53 | 56757 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:30.471669912 MESZ | 123 | 123 | 192.168.0.50 | 17.253.34.125 |
Mai 2, 2017 15:33:30.812159061 MESZ | 57274 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:31.647546053 MESZ | 53 | 57274 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:34.932761908 MESZ | 54015 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:35.687437057 MESZ | 53 | 54015 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:34:00.519781113 MESZ | 64419 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:34:01.655128956 MESZ | 64419 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:34:01.854368925 MESZ | 53 | 64419 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:34:02.570903063 MESZ | 53 | 64419 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:34:04.084278107 MESZ | 55352 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:34:04.631232977 MESZ | 53 | 55352 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:35:33.304289103 MESZ | 59048 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:35:33.571640968 MESZ | 53 | 59048 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:09.353941917 MESZ | 55040 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:09.354016066 MESZ | 53 | 55040 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:09.354286909 MESZ | 55040 | 53 | 192.168.0.50 | 8.8.4.4 |
Mai 2, 2017 15:36:09.354353905 MESZ | 53 | 55040 | 8.8.4.4 | 192.168.0.50 |
Mai 2, 2017 15:36:09.599256992 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:36:09.831655025 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:36:09.865065098 MESZ | 55732 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:09.865142107 MESZ | 53 | 55732 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:09.869658947 MESZ | 63898 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:09.869697094 MESZ | 51056 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:10.639071941 MESZ | 53 | 51056 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:10.639091969 MESZ | 53 | 63898 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:10.663163900 MESZ | 54382 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:10.663192034 MESZ | 50350 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:11.630785942 MESZ | 53 | 50350 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:11.630805969 MESZ | 53 | 54382 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:50.153630972 MESZ | 61650 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:50.153717041 MESZ | 53 | 61650 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:50.183474064 MESZ | 56860 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:50.183537006 MESZ | 53 | 56860 | 8.8.8.8 | 192.168.0.50 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mai 2, 2017 15:31:11.692693949 MESZ | 57735 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:12.629211903 MESZ | 53 | 57735 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:19.193578005 MESZ | 53219 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:19.193696022 MESZ | 53 | 53219 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:19.193934917 MESZ | 53219 | 53 | 192.168.0.50 | 8.8.4.4 |
Mai 2, 2017 15:31:19.194017887 MESZ | 53 | 53219 | 8.8.4.4 | 192.168.0.50 |
Mai 2, 2017 15:31:19.330516100 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:31:19.500202894 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:31:19.506320953 MESZ | 60406 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:19.506542921 MESZ | 65096 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:20.574440002 MESZ | 60406 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:20.574462891 MESZ | 65096 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:20.635322094 MESZ | 53 | 65096 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:20.635354996 MESZ | 53 | 60406 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:21.627639055 MESZ | 53 | 60406 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:21.627671957 MESZ | 53 | 65096 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:21.799474955 MESZ | 63562 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:21.799540043 MESZ | 61902 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:31:22.635335922 MESZ | 53 | 61902 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:31:22.635360956 MESZ | 53 | 63562 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:25.870512962 MESZ | 64200 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:25.870553017 MESZ | 52198 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:26.623991966 MESZ | 53 | 52198 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:26.624028921 MESZ | 53 | 64200 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:29.236218929 MESZ | 56757 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:29.639600992 MESZ | 53 | 56757 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:30.471669912 MESZ | 123 | 123 | 192.168.0.50 | 17.253.34.125 |
Mai 2, 2017 15:33:30.812159061 MESZ | 57274 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:31.647546053 MESZ | 53 | 57274 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:33:34.932761908 MESZ | 54015 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:33:35.687437057 MESZ | 53 | 54015 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:34:00.519781113 MESZ | 64419 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:34:01.655128956 MESZ | 64419 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:34:01.854368925 MESZ | 53 | 64419 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:34:02.570903063 MESZ | 53 | 64419 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:34:04.084278107 MESZ | 55352 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:34:04.631232977 MESZ | 53 | 55352 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:35:33.304289103 MESZ | 59048 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:35:33.571640968 MESZ | 53 | 59048 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:09.353941917 MESZ | 55040 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:09.354016066 MESZ | 53 | 55040 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:09.354286909 MESZ | 55040 | 53 | 192.168.0.50 | 8.8.4.4 |
Mai 2, 2017 15:36:09.354353905 MESZ | 53 | 55040 | 8.8.4.4 | 192.168.0.50 |
Mai 2, 2017 15:36:09.599256992 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:36:09.831655025 MESZ | 5353 | 5353 | 192.168.0.50 | 224.0.0.251 |
Mai 2, 2017 15:36:09.865065098 MESZ | 55732 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:09.865142107 MESZ | 53 | 55732 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:09.869658947 MESZ | 63898 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:09.869697094 MESZ | 51056 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:10.639071941 MESZ | 53 | 51056 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:10.639091969 MESZ | 53 | 63898 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:10.663163900 MESZ | 54382 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:10.663192034 MESZ | 50350 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:11.630785942 MESZ | 53 | 50350 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:11.630805969 MESZ | 53 | 54382 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:50.153630972 MESZ | 61650 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:50.153717041 MESZ | 53 | 61650 | 8.8.8.8 | 192.168.0.50 |
Mai 2, 2017 15:36:50.183474064 MESZ | 56860 | 53 | 192.168.0.50 | 8.8.8.8 |
Mai 2, 2017 15:36:50.183537006 MESZ | 53 | 56860 | 8.8.8.8 | 192.168.0.50 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mai 2, 2017 15:31:21.628987074 MESZ | 192.168.0.50 | 8.8.8.8 | 10b5 | (Port unreachable) | Destination Unreachable |
Mai 2, 2017 15:31:21.629014015 MESZ | 192.168.0.50 | 8.8.8.8 | fe62 | (Port unreachable) | Destination Unreachable |
Mai 2, 2017 15:34:02.572354078 MESZ | 192.168.0.50 | 8.8.8.8 | e4 | (Port unreachable) | Destination Unreachable |
Mai 2, 2017 15:36:09.865355968 MESZ | 192.168.0.50 | 8.8.8.8 | 22f4 | (Port unreachable) | Destination Unreachable |
Mai 2, 2017 15:36:50.153925896 MESZ | 192.168.0.50 | 8.8.8.8 | bd6 | (Port unreachable) | Destination Unreachable |
Mai 2, 2017 15:36:50.183757067 MESZ | 192.168.0.50 | 8.8.8.8 | 1e8c | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mai 2, 2017 15:33:25.870512962 MESZ | 192.168.0.50 | 8.8.8.8 | 0xf8ff | Standard query (0) | raw.githubusercontent.com | A (IP address) | IN (0x0001) |
Mai 2, 2017 15:33:25.870553017 MESZ | 192.168.0.50 | 8.8.8.8 | 0xda32 | Standard query (0) | raw.githubusercontent.com | 28 | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mai 2, 2017 15:33:26.623991966 MESZ | 8.8.8.8 | 192.168.0.50 | 0xda32 | Name error (3) | raw.githubusercontent.com | none | none | 28 | IN (0x0001) |
Mai 2, 2017 15:33:26.624028921 MESZ | 8.8.8.8 | 192.168.0.50 | 0xf8ff | No error (0) | raw.githubusercontent.com | 151.101.0.133 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Subject | Issuer | Not Before | Not After | Raw |
---|---|---|---|---|---|---|---|---|---|
Mai 2, 2017 15:33:27.594810963 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 | CN=www.github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US | CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Thu Mar 23 01:00:00 CET 2017 | Wed May 13 14:00:00 CEST 2020 | [[ Version: V3 Subject: CN=www.github.com, O="GitHub, Inc.", L=San Francisco, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 25099697626048321606202818344071502550576411888331701071141161223694675869786745800889617243213642455258158495927201678345350021623733344893724275172963412722339878198389644829083964717190878070492781167669895599575788154081255061130305535549411705316507008410948527417224113219034434540514365587659572158721996877966754415715730209401768225239036749296683522925986561048065207836614684495060962115342387644979615572735292237094507662116283631106341692208293437519645282962451912142974140521707187040079470650176250023234488760804440782477843096472385145915778215630371344833626811599300515164458563730525132815920871 public exponent: 65537 Validity: [From: Thu Mar 23 01:00:00 CET 2017, To: Wed May 13 14:00:00 CEST 2020] Issuer: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US SerialNumber: [ 083a8459 2f77f2e7 951bf887 cedec966]Certificate Extensions: 10[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 82 01 E5 04 82 01 E1 01 DF 00 76 00 A4 B9 09 ...........v....0010: 90 B4 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 ...X......gp.<5.0020: 04 F9 1B DF B8 E3 77 CD 0E C8 0D DC 10 00 00 01 ......w.........0030: 5A FD 40 6A 04 00 00 04 03 00 47 30 45 02 20 45 Z.@j......G0E. E0040: 5E C5 9A 0B 56 EE A7 C4 34 26 0A D8 F4 48 08 C6 ^...V...4&...H..0050: 3A A2 D6 FD 9F 03 A6 60 E3 88 91 5D 24 32 CB 02 :......`...]$2..0060: 21 00 8C E1 CD 4D 73 96 C7 89 87 9F B2 5D CE 54 !....Ms......].T0070: D4 8F A9 82 A4 66 5D BD 57 70 F2 2C 18 BF 28 39 .....f].Wp.,..(90080: DC 23 00 75 00 56 14 06 9A 2F D7 C2 EC D3 F5 E1 .#.u.V.../......0090: BD 44 B2 3E C7 46 76 B9 BC 99 11 5C C0 EF 94 98 .D.>.Fv....\....00A0: 55 D6 89 D0 DD 00 00 01 5A FD 40 6A 65 00 00 04 U.......Z.@je...00B0: 03 00 46 30 44 02 20 4A 40 CB 32 4A 68 FA F6 82 ..F0D. J@.2Jh...00C0: 99 31 E0 BE 30 3A 24 2E BA D5 37 6B 4A F8 E3 25 .1..0:$...7kJ..%00D0: CD FD 53 E6 A8 07 B6 02 20 44 92 CD 1A F7 D6 0E ..S..... D......00E0: 63 29 08 AF E2 58 F4 A6 32 C6 0A DB 26 32 4E 5F c)...X..2...&2N_00F0: 4A 6E D1 C1 B4 FE 56 A6 47 00 76 00 EE 4B BD B7 Jn....V.G.v..K..0100: 75 CE 60 BA E1 42 69 1F AB E1 9E 66 A3 0F 7E 5F u.`..Bi....f..._0110: B0 72 D8 83 00 C4 7B 89 7A A8 FD CB 00 00 01 5A .r......z......Z0120: FD 40 6A 1F 00 00 04 03 00 47 30 45 02 20 0D A7 .@j......G0E. ..0130: D1 36 DE 01 AE 4A 6E E3 A9 9D 7A 49 6E 73 9B C1 .6...Jn...zIns..0140: C9 29 3A C1 EC 68 DF B6 AC 0E D9 03 5E 98 02 21 .):..h......^..!0150: 00 97 B2 53 9D 53 DD 98 57 1A BB 3C 0B 8E 03 44 ...S.S..W..<...D0160: 48 C4 45 B6 7E 01 AF 39 BD 5C 94 CF 25 B6 96 3D H.E....9.\..%..=0170: A7 00 76 00 BB D9 DF BC 1F 8A 71 B5 93 94 23 97 ..v.......q...#.0180: AA 92 7B 47 38 57 95 0A AB 52 E8 1A 90 96 64 36 ...G8W...R....d60190: 8E 1E D1 85 00 00 01 5A FD 40 6A 11 00 00 04 03 .......Z.@j.....01A0: 00 47 30 45 02 21 00 AA AE DB AA EF 52 7A 4C CE .G0E.!......RzL.01B0: F0 28 C5 9E 48 04 4E 75 36 BC 7F 7E 46 A0 B3 08 .(..H.Nu6...F...01C0: 98 95 CE 35 23 47 7D 02 20 38 DB D2 BB F5 47 E6 ...5#G.. 8....G.01D0: 39 59 D7 E3 C3 F9 BE 93 84 51 75 FA 95 7B C2 9E 9Y.......Qu.....01E0: F0 AB EF FC C6 21 D4 32 5B .....!.2[[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com, accessMethod: caIssuers accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..0010: B8 59 72 3B .Yr;]][4]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl3.digicert.com/sha2-ha-server-g5.crl], DistributionPoint: [URIName: http://crl4.digicert.com/sha2-ha-server-g5.crl]]][6]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114412.1.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][7]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][8]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][9]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: www.github.com DNSName: *.github.com DNSName: github.com DNSName: *.github.io DNSName: github.io DNSName: *.githubusercontent.com DNSName: githubusercontent.com][10]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 30 82 29 D8 6D 4C E0 D4 A2 C6 10 48 05 80 87 A8 0.).mL.....H....0010: BC AA E9 12 ....]]] Algorithm: [SHA256withRSA] Signature:0000: 99 7E D6 2F CE 1B A6 15 F5 15 B3 EF F1 30 C1 1F .../.........0..0010: 54 10 92 A4 8C 43 C0 BC BD A5 0D 00 53 E2 42 C1 T....C......S.B.0020: 85 6F E5 A7 A9 41 99 4B 46 11 5A DD FD E8 27 69 .o...A.KF.Z...'i0030: 97 B6 3C A6 0E 2A 30 DB 33 53 BE 83 B0 AA 08 89 ..<..*0.3S......0040: 04 7E 66 35 E5 5C B3 2C 28 7F A7 B1 E5 27 79 6D ..f5.\.,(....'ym0050: 81 26 89 EA A0 55 51 70 10 CB EB 43 59 6B AA 52 .&...UQp...CYk.R0060: B4 46 FD D2 FF 89 16 8A 45 DA 0E BF 87 0D 53 EF .F......E.....S.0070: 83 24 C5 17 AD 12 63 40 74 80 4D BD A4 C9 DD 74 .$....c@t.M....t0080: D9 DF 1C 61 02 0A 71 B0 93 24 2F 2D A9 20 7A 43 ...a..q..$/-. zC0090: 86 44 11 58 8A 45 9B D7 5C E2 66 EB A6 C6 F1 7C .D.X.E..\.f.....00A0: A7 DC DD AF 27 89 39 F7 C1 9A 99 C8 7F 34 7A D9 ....'.9......4z.00B0: 39 73 83 CB 73 75 BC 16 B0 4E A1 49 2D 09 12 8D 9s..su...N.I-...00C0: 4E 3E 63 FF F0 88 71 DF 50 46 2B A5 38 3D DB 38 N>c...q.PF+.8=.800D0: 08 97 29 64 DE CB C7 EB 88 70 59 DD 62 DC 16 76 ..)d.....pY.b..v00E0: 2D 30 6A E3 A3 2F 40 A5 36 0F CC 05 76 D5 E0 6E -0j../@.6...v..n00F0: 04 40 3D 6A 21 5F BF 4E A3 A8 6C D0 98 21 B9 BD .@=j!_.N..l..!..] |
Mai 2, 2017 15:33:27.594810963 MESZ | 443 | 49205 | 151.101.0.133 | 192.168.0.50 | CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US | CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Tue Oct 22 14:00:00 CEST 2013 | Sun Oct 22 14:00:00 CEST 2028 | [[ Version: V3 Subject: CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 23085922014910748503624791917480115148492919026914207610707020942093828159221184419960399297678177590153378092714640886296044490661625022319263060388275515964365478738040978664516396912933675650257207760237777280773935047177225664304566903694731631728916260237117586511459590661362255543750987738241463266555577715629664656907640120826399947323444556799362651693283202076722872218490347588587929811327918605576169523712767591239193274840826201053308722900104999956283622772648025895714833602740679819670062830777938157004975732087864164660384513848296643542134747514357423990884765641067184766081973460304136714018531 public exponent: 65537 Validity: [From: Tue Oct 22 14:00:00 CEST 2013, To: Sun Oct 22 14:00:00 CEST 2028] Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US SerialNumber: [ 04e1e7a4 dc5cf2f3 6dc02b42 b85d159f]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&....0010: 63 64 2B C3 cd+.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 51 68 FF 90 AF 02 07 75 3C CC D9 65 64 62 A2 12 Qh.....u<..edb..0010: B8 59 72 3B .Yr;]]] Algorithm: [SHA256withRSA] Signature:0000: 18 8A 95 89 03 E6 6D DF 5C FC 1D 68 EA 4A 8F 83 ......m.\..h.J..0010: D6 51 2F 8D 6B 44 16 9E AC 63 F5 D2 6E 6C 84 99 .Q/.kD...c..nl..0020: 8B AA 81 71 84 5B ED 34 4E B0 B7 79 92 29 CC 2D ...q.[.4N..y.).-0030: 80 6A F0 8E 20 E1 79 A4 FE 03 47 13 EA F5 86 CA .j.. .y...G.....0040: 59 71 7D F4 04 96 6B D3 59 58 3D FE D3 31 25 5C Yq....k.YX=..1%\0050: 18 38 84 A3 E6 9F 82 FD 8C 5B 98 31 4E CD 78 9E .8.......[.1N.x.0060: 1A FD 85 CB 49 AA F2 27 8B 99 72 FC 3E AA D5 41 ....I..'..r.>..A0070: 0B DA D5 36 A1 BF 1C 6E 47 49 7F 5E D9 48 7C 03 ...6...nGI.^.H..0080: D9 FD 8B 49 A0 98 26 42 40 EB D6 92 11 A4 64 0A ...I..&B@.....d.0090: 57 54 C4 F5 1D D6 02 5E 6B AC EE C4 80 9A 12 72 WT.....^k......r00A0: FA 56 93 D7 FF BF 30 85 06 30 BF 0B 7F 4E FF 57 .V....0..0...N.W00B0: 05 9D 24 ED 85 C3 2B FB A6 75 A8 AC 2D 16 EF 7D ..$...+..u..-...00C0: 79 27 B2 EB C2 9D 0B 07 EA AA 85 D3 01 A3 20 28 y'............ (00D0: 41 59 43 28 D2 81 E3 AA F6 EC 7B 3B 77 B6 40 62 AYC(.......;w.@b00E0: 80 05 41 45 01 EF 17 06 3E DE C0 33 9B 67 D3 61 ..AE....>..3.g.a00F0: 2E 72 87 E4 69 FC 12 00 57 40 1E 70 F5 1E C9 B4 .r..i...W@.p....] |
System Behavior |
---|
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /usr/libexec/xpcproxy |
File size: | 42656 bytes |
MD5 hash: | d68b4c6f2056c73e1d3bd228bcd6d4ff |
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /Users/vreni/Desktop/unpack/Dokument.app/Contents/MacOS/AppStore |
File size: | 50672 bytes |
MD5 hash: | 14c1cd9c5f263d5ba988838e0c3e3cf6 |
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:31:13 |
Start date: | 02/05/2017 |
Path: | /bin/sleep |
File size: | 17984 bytes |
MD5 hash: | a5566195e03cbb7d5df309767a4231ae |
General |
---|
Start time: | 15:31:18 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:31:18 |
Start date: | 02/05/2017 |
Path: | /bin/rm |
File size: | 23744 bytes |
MD5 hash: | e8926d2347850b76f57a1d5f0226de8b |
General |
---|
Start time: | 15:31:18 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:31:18 |
Start date: | 02/05/2017 |
Path: | /Users/Shared/AppStore.app/Contents/MacOS/AppStore |
File size: | 50672 bytes |
MD5 hash: | 14c1cd9c5f263d5ba988838e0c3e3cf6 |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /Users/Shared/AppStore.app/Contents/MacOS/AppStore |
File size: | 50672 bytes |
MD5 hash: | 14c1cd9c5f263d5ba988838e0c3e3cf6 |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /usr/libexec/security_authtrampoline |
File size: | 18848 bytes |
MD5 hash: | 34db24049f929d8372cbdf52d770b98d |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/MacOS/uid |
File size: | 17808 bytes |
MD5 hash: | 1276a2f702f871b34410af3858bd9cb0 |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/MacOS/uid |
File size: | 17808 bytes |
MD5 hash: | 1276a2f702f871b34410af3858bd9cb0 |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /Users/Shared/AppStore.app/Contents/MacOS/AppStore |
File size: | 50672 bytes |
MD5 hash: | 14c1cd9c5f263d5ba988838e0c3e3cf6 |
General |
---|
Start time: | 15:33:24 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/killall |
File size: | 23872 bytes |
MD5 hash: | e27cce82be3cba31a2486d00964d1c5e |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/killall |
File size: | 23872 bytes |
MD5 hash: | e27cce82be3cba31a2486d00964d1c5e |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/killall |
File size: | 23872 bytes |
MD5 hash: | e27cce82be3cba31a2486d00964d1c5e |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/security |
File size: | 234560 bytes |
MD5 hash: | 6323b6bd0865d2300eb65a512f8c560c |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/bash |
File size: | 628496 bytes |
MD5 hash: | 5d7583d80e5314ac844eedc6d68c6cd7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/curl |
File size: | 172016 bytes |
MD5 hash: | 313ae871e04221163541c8af134351dc |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:27 |
Start date: | 02/05/2017 |
Path: | /usr/bin/xcode-select |
File size: | 23856 bytes |
MD5 hash: | 76ba5af4fe69e97c43f99fed107a28c7 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sw_vers |
File size: | 18736 bytes |
MD5 hash: | b1668c2003c554a75688384652e92e2b |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/dsmemberutil |
File size: | 27648 bytes |
MD5 hash: | ee7f8596baee8869a0330e10d1d4682e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/chown |
File size: | 23184 bytes |
MD5 hash: | 47316ddabc9edbd8cc56ebc2efd31ecd |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/chgrp |
File size: | 23184 bytes |
MD5 hash: | ab6f212adbfd7640558e0d9e42464cf1 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/mkdir |
File size: | 18496 bytes |
MD5 hash: | 00efa095a9110a312bf9115afb361764 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/chown |
File size: | 23184 bytes |
MD5 hash: | 47316ddabc9edbd8cc56ebc2efd31ecd |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/chgrp |
File size: | 23184 bytes |
MD5 hash: | ab6f212adbfd7640558e0d9e42464cf1 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/mkdir |
File size: | 18496 bytes |
MD5 hash: | 00efa095a9110a312bf9115afb361764 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/chown |
File size: | 23184 bytes |
MD5 hash: | 47316ddabc9edbd8cc56ebc2efd31ecd |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/mkdir |
File size: | 18496 bytes |
MD5 hash: | 00efa095a9110a312bf9115afb361764 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/chmod |
File size: | 33904 bytes |
MD5 hash: | ecb64579c6dd0ebee31bf8e4d4cdcc6e |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/chown |
File size: | 23184 bytes |
MD5 hash: | 47316ddabc9edbd8cc56ebc2efd31ecd |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/xcode-select |
File size: | 23856 bytes |
MD5 hash: | 76ba5af4fe69e97c43f99fed107a28c7 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/touch |
File size: | 23248 bytes |
MD5 hash: | 6e95af6ebd7fd2dd9a0e26654024db31 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/softwareupdate |
File size: | 91584 bytes |
MD5 hash: | 147d9c83c6ae3255f29df22ef991e4b0 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/grep |
File size: | 33712 bytes |
MD5 hash: | f7fe9c4af9294f2949377a12244b3d60 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/awk |
File size: | 116176 bytes |
MD5 hash: | f3018baf92b308f79410d303b5186198 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sed |
File size: | 41984 bytes |
MD5 hash: | 824cf059686109372fe70bf8d9c320dd |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /bin/sh |
File size: | 632672 bytes |
MD5 hash: | 2cc3c26641112c1bd0173f396b7d7662 |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/tail |
File size: | 28416 bytes |
MD5 hash: | 7881a115760ba2573406cb73d2368971 |
General |
---|
Start time: | 15:33:59 |
Start date: | 02/05/2017 |
Path: | /usr/bin/ruby |
File size: | 42864 bytes |
MD5 hash: | 025474bbddd98fccd7ac0bb0ca2cedfb |
General |
---|
Start time: | 15:33:59 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:59 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:59 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/softwareupdate |
File size: | 91584 bytes |
MD5 hash: | 147d9c83c6ae3255f29df22ef991e4b0 |
General |
---|
Start time: | 15:31:18 |
Start date: | 02/05/2017 |
Path: | /System/Library/CoreServices/sharedfilelistd |
File size: | 123616 bytes |
MD5 hash: | f27d37ceb90584465739b7527f7c7b2d |
General |
---|
Start time: | 15:31:18 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sfltool |
File size: | 79456 bytes |
MD5 hash: | 0ced48308860d34b0e0b304d9033b6b7 |
General |
---|
Start time: | 15:31:21 |
Start date: | 02/05/2017 |
Path: | /System/Library/CoreServices/sharedfilelistd |
File size: | 123616 bytes |
MD5 hash: | f27d37ceb90584465739b7527f7c7b2d |
General |
---|
Start time: | 15:31:21 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sfltool |
File size: | 79456 bytes |
MD5 hash: | 0ced48308860d34b0e0b304d9033b6b7 |
General |
---|
Start time: | 15:31:28 |
Start date: | 02/05/2017 |
Path: | /System/Library/CoreServices/sharedfilelistd |
File size: | 123616 bytes |
MD5 hash: | f27d37ceb90584465739b7527f7c7b2d |
General |
---|
Start time: | 15:31:28 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sfltool |
File size: | 79456 bytes |
MD5 hash: | 0ced48308860d34b0e0b304d9033b6b7 |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /usr/bin/sudo |
File size: | 168448 bytes |
MD5 hash: | 7d986f7707c0f11264989cd7105ea80d |
General |
---|
Start time: | 15:33:25 |
Start date: | 02/05/2017 |
Path: | /bin/echo |
File size: | 18032 bytes |
MD5 hash: | 28aaba1826ce568b1eec9cf71ad0655c |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/libexec/xpcproxy |
File size: | 42656 bytes |
MD5 hash: | d68b4c6f2056c73e1d3bd228bcd6d4ff |
General |
---|
Start time: | 15:33:28 |
Start date: | 02/05/2017 |
Path: | /usr/libexec/nsurlstoraged |
File size: | 221296 bytes |
MD5 hash: | 6eeb0dc54f68a7a875397231838f2722 |
General |
---|
Start time: | 15:33:34 |
Start date: | 02/05/2017 |
Path: | /System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues |
File size: | 132464 bytes |
MD5 hash: | 52700eaa5f13fa131c164b6b13cedad1 |
General |
---|
Start time: | 15:33:42 |
Start date: | 02/05/2017 |
Path: | /usr/libexec/xpcproxy |
File size: | 42656 bytes |
MD5 hash: | d68b4c6f2056c73e1d3bd228bcd6d4ff |
General |
---|
Start time: | 15:33:42 |
Start date: | 02/05/2017 |
Path: | /usr/libexec/diskmanagementd |
File size: | 856208 bytes |
MD5 hash: | f6e81fe9e88497039d345998358093f9 |
General |
---|
Start time: | 15:33:43 |
Start date: | 02/05/2017 |
Path: | /usr/sbin/automount |
File size: | 62960 bytes |
MD5 hash: | e352828696a852f80b71a44c7e9aa012 |