Edit tour
macOS
Analysis Report
Homebrew-4.2.19.pkg
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Reads hardware related sysctl values
Reads the systems OS release and/or type
Reads the systems hostname
Uses CFNetwork bundle containing interfaces for network communication (HTTP, sockets, and Bonjour)
Uses Security framework containing interfaces for system-level user authentication and authorization
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431739 |
Start date and time: | 2024-04-25 17:25:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
macOS major version: | 10.14 |
CPU architecture: | x86_64 |
Analysis Mode: | default |
Sample name: | Homebrew-4.2.19.pkg |
Detection: | CLEAN |
Classification: | clean2.macPKG@0/3@2/0 |
- Excluded IPs from analysis (whitelisted): 17.171.98.2, 23.222.201.219, 17.253.119.201, 17.253.21.205, 17.36.200.79, 23.222.200.29
- Excluded domains from analysis (whitelisted): e11408.d.akamaiedge.net, mesu-cdn.apple.com.akadns.net, lcdn-locator-usuqo.apple.com.akadns.net, updates.cdn-apple.com.akadns.net, e673.dsce9.akamaiedge.net, help-ar.apple.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, mesu-cdn.origin-apple.com.akadns.net, lcdn-locator.apple.com.akadns.net, help.origin-apple.com.akadns.net, radarsubmissions.apple.com.akadns.net, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, radarsubmissions.apple.com, itunes.apple.com.edgekey.net, help.apple.com, mesu.apple.com, init.itunes.apple.com, init-cdn.itunes-apple.com.akadns.net
Command: | open "/Users/bernard/Desktop/Homebrew-4.2.19.pkg" |
PID: | 621 |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
- System is macvm-mojave
- mono-sgen32 New Fork (PID: 621, Parent: 537)
- xpcproxy New Fork (PID: 622, Parent: 1)
- xpcproxy New Fork (PID: 635, Parent: 1)
- xpcproxy New Fork (PID: 651, Parent: 1)
- cleanup
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | CFNetwork info plist opened: | Jump to behavior |
Source: | Security framework info plist opened: | Jump to behavior |
Source: | Random device file read: | Jump to behavior |
Source: | AppleKeyboardLayouts info plist opened: | Jump to behavior |
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 31 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
h3.apis.apple.map.fastly.net | 151.101.3.6 | true | false |
| unknown |
updates.cdn-apple.com | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
151.101.3.6 | h3.apis.apple.map.fastly.net | United States | 54113 | FASTLYUS | false | |
151.101.67.6 | unknown | United States | 54113 | FASTLYUS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
151.101.3.6 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
151.101.67.6 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AMOS Stealer | Browse | |||
Get hash | malicious | Unknown | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FASTLYUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
FASTLYUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5c118da645babe52f060d0754256a73c | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
Process: | /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 4.673533547037795 |
Encrypted: | false |
SSDEEP: | 3:tRJRsDfxAqDgX2XUU4KVJ1WOv:7sDfxxgXXU4OmA |
MD5: | 09CC13DB21D4EAAA9A61BFAEA125BC3D |
SHA1: | 1411FA7B53CE4665CF35EEB7346E66B9CAEC6D92 |
SHA-256: | 41C6D680A6D0C6AC194B542E39BF5681BABA89C7168C3FE8765C8147F487615B |
SHA-512: | 89C668DB18D2E5BF7A6CD6B38CC4486B4D9D908244B1F5662248CC4D7D17E79D0B471FC15EF44BCDF5A2EB0881A5F6632ED0D3FDACE4286B22F2B9903178C75B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer |
File Type: | |
Category: | dropped |
Size (bytes): | 48908 |
Entropy (8bit): | 3.533814637805397 |
Encrypted: | false |
SSDEEP: | 384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGB5pBfbouR6/chQOnGqwc2U+v+h/:8MdGleOhpBouRwchQOnGqwc2U+v+h/ |
MD5: | 0E4A0D1CEB2AF6F0F8D0167CE77BE2D3 |
SHA1: | 414BA4C1DC5FC8BF53D550E296FD6F5AD669918C |
SHA-256: | CCA093BCFC65E25DD77C849866E110DF72526DFFBE29D76E11E29C7D888A4030 |
SHA-512: | 1DC5282D27C49A4B6F921BA5DFC88B8C1D32289DF00DD866F9AC6669A5A8D99AFEDA614BFFC7CF61A44375AE73E09CD52606B443B63636977C9CD2EF4FA68A20 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer |
File Type: | |
Category: | dropped |
Size (bytes): | 4404 |
Entropy (8bit): | 3.5110922853353324 |
Encrypted: | false |
SSDEEP: | 24:mFkXs98w/mBr53CEb9ujBbCYoVeA7uBEUMy733Ka2VCneWHrUZRJkWnJI4FNMOQS:m6Xsh+CLjL3Pe3T5FFEfEn8xiYuuSsS |
MD5: | D3A1859E6EC593505CC882E6DEF48FC8 |
SHA1: | F8E6728E3E9DE477A75706FAA95CEAD9CE13CB32 |
SHA-256: | 3EBAFA97782204A4A1D75CFEC22E15FCDEAB45B65BAB3B3E65508707E034A16C |
SHA-512: | EA2A749B105759EA33408186B417359DEFFB4A3A5ED0533CB26B459C16BB3524D67EDE5C9CF0D5098921C0C0A9313FB9C2672F1E5BA48810EDA548FA3209E818 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 7.999720266278033 |
TrID: |
|
File name: | Homebrew-4.2.19.pkg |
File size: | 96'748'593 bytes |
MD5: | e16aa5f0a2e358934b2a87c1b685eaaf |
SHA1: | 75667161d1d00596bd035e693a28d525976ea994 |
SHA256: | 61a958ff4d3d911dcf2b5d32470d44509fa53b28c97c0b5e6ef5fe649d141c1c |
SHA512: | 8d6ed81beb8a679b1ebc0658c383bc1d249a660770fc3cba399cbb0374ce76fb41c62f9ea963387746d9ff60d50f09eeb117e0ecff68671a08d2364ba66bac85 |
SSDEEP: | 1572864:01Jy7TRF4XWEY2IQcfovf5MMQPBwj2l9pIR921it+Hnwh3PciiGyKo:uETn4GEY2KFTajY9pIK1it+HOPciZo |
TLSH: | 532833885FFB4F932A663631508163929472061263CFCABA7B5C6F317FCEAD0C95196C |
File Content Preview: | xar!..................A.....x..\Yo...~G.?..>...g...G.1...3.7...`0....B....Q.}t..)(v...r..}k.....E...lwIU.....|...^.'e....%}....G...l.t.<....}y...S.'..I..@.....7.....E...C.....8........<....v..../.U.....x.?^]Fw.......8...t\.vIT:.~..4.S..B..F.|V..a..J.V_.A. |
File Path | File Attributes | File Size |
Distribution | 1'864 bytes | |
Homebrew.pkg | D | bytes |
Homebrew.pkg/Bom | 675'017 bytes | |
Homebrew.pkg/PackageInfo | 629 bytes | |
Homebrew.pkg/Payload | 96'478'720 bytes | |
Homebrew.pkg/Scripts | D | bytes |
Homebrew.pkg/Scripts/postinstall | 3'249 bytes | |
Homebrew.pkg/Scripts/preinstall | 554 bytes | |
Resources | D | bytes |
Resources/CONCLUSION.rtf | 4'177 bytes | |
Resources/Homebrew.png | 66'714 bytes | |
Resources/LICENSE.rtf | 1'784 bytes | |
Resources/WELCOME.rtf | 1'128 bytes |
File path: | Distribution |
File size: | 1'864 bytes |
File type: | XML 1.0 document, ASCII text |
File path: | Homebrew.pkg/Bom |
File size: | 675'017 bytes |
File type: | Mac OS X bill of materials (BOM) file |
File path: | Homebrew.pkg/PackageInfo |
File size: | 629 bytes |
File type: | XML 1.0 document, ASCII text |
File path: | Homebrew.pkg/Payload |
File size: | 96'478'720 bytes |
File type: | gzip compressed data, from Unix, original size modulo 2^32 140955648 |
File path: | Homebrew.pkg/Scripts/postinstall |
File size: | 3'249 bytes |
File type: | Bourne-Again shell script, ASCII text executable |
File path: | Homebrew.pkg/Scripts/preinstall |
File size: | 554 bytes |
File type: | Bourne-Again shell script, ASCII text executable |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 17:26:37.831312895 CEST | 443 | 49349 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.831376076 CEST | 443 | 49349 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.833277941 CEST | 49349 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.854593039 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.855412006 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.856873989 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.956068993 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.963979006 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.964077950 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.964169979 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.964271069 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.964322090 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:37.964922905 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.964978933 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.965095997 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.965605021 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:37.981087923 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:38.080379963 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:38.080446005 CEST | 443 | 49350 | 151.101.67.6 | 192.168.11.12 |
Apr 25, 2024 17:26:38.081197023 CEST | 49350 | 443 | 192.168.11.12 | 151.101.67.6 |
Apr 25, 2024 17:26:38.295114994 CEST | 49346 | 443 | 192.168.11.12 | 17.248.228.70 |
Apr 25, 2024 17:26:38.395381927 CEST | 443 | 49346 | 17.248.228.70 | 192.168.11.12 |
Apr 25, 2024 17:26:39.096981049 CEST | 49327 | 443 | 192.168.11.12 | 17.248.228.65 |
Apr 25, 2024 17:26:39.172844887 CEST | 49327 | 443 | 192.168.11.12 | 17.248.228.65 |
Apr 25, 2024 17:26:39.197354078 CEST | 443 | 49327 | 17.248.228.65 | 192.168.11.12 |
Apr 25, 2024 17:26:39.197417974 CEST | 443 | 49327 | 17.248.228.65 | 192.168.11.12 |
Apr 25, 2024 17:26:39.198879004 CEST | 49327 | 443 | 192.168.11.12 | 17.248.228.65 |
Apr 25, 2024 17:26:39.273287058 CEST | 443 | 49327 | 17.248.228.65 | 192.168.11.12 |
Apr 25, 2024 17:26:39.548485994 CEST | 49346 | 443 | 192.168.11.12 | 17.248.228.70 |
Apr 25, 2024 17:26:39.552206993 CEST | 49346 | 443 | 192.168.11.12 | 17.248.228.70 |
Apr 25, 2024 17:26:39.648513079 CEST | 443 | 49346 | 17.248.228.70 | 192.168.11.12 |
Apr 25, 2024 17:26:39.650646925 CEST | 49346 | 443 | 192.168.11.12 | 17.248.228.70 |
Apr 25, 2024 17:26:39.652021885 CEST | 443 | 49346 | 17.248.228.70 | 192.168.11.12 |
Apr 25, 2024 17:27:12.012511015 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.012608051 CEST | 443 | 49366 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.014302015 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.015422106 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.015520096 CEST | 443 | 49366 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.238746881 CEST | 443 | 49366 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.239952087 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.239953041 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.249511957 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.249644995 CEST | 443 | 49366 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.249901056 CEST | 443 | 49366 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.250348091 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.250448942 CEST | 49366 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.263952971 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.264075994 CEST | 443 | 49368 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.264796972 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.265502930 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.265598059 CEST | 443 | 49368 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.502799034 CEST | 443 | 49368 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.503669024 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.503669024 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.510693073 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.510905981 CEST | 443 | 49368 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.511485100 CEST | 443 | 49368 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.511547089 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.512093067 CEST | 49368 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.641879082 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.641922951 CEST | 443 | 49371 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.642519951 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.668562889 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.668663025 CEST | 443 | 49371 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.882461071 CEST | 443 | 49371 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.883397102 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.883398056 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.890074968 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.890269995 CEST | 443 | 49371 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.890773058 CEST | 443 | 49371 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.890902042 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.891817093 CEST | 49371 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.905788898 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.905906916 CEST | 443 | 49373 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:12.906768084 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.907737017 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:12.907804012 CEST | 443 | 49373 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:13.138953924 CEST | 443 | 49373 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:13.139903069 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:13.139903069 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:13.204289913 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:13.204451084 CEST | 443 | 49373 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:13.205009937 CEST | 443 | 49373 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:13.205199003 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:13.207931042 CEST | 49373 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:18.701308966 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:18.701325893 CEST | 443 | 49396 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:18.701978922 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:18.717010975 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:18.717017889 CEST | 443 | 49396 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:18.928508043 CEST | 443 | 49396 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:18.929255009 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:18.929333925 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.059602976 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.059889078 CEST | 443 | 49396 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.060671091 CEST | 443 | 49396 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.061120033 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.061434984 CEST | 49396 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.297234058 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.297353029 CEST | 443 | 49398 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.297986031 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.300219059 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.300293922 CEST | 443 | 49398 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.511568069 CEST | 443 | 49398 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.512393951 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.512526989 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.533989906 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.534236908 CEST | 443 | 49398 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.534872055 CEST | 443 | 49398 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:19.534986019 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:19.535537004 CEST | 49398 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.338169098 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.338275909 CEST | 443 | 49401 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:20.339220047 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.340018988 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.340087891 CEST | 443 | 49401 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:20.555749893 CEST | 443 | 49401 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:20.556730032 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.556730032 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.599467039 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.599733114 CEST | 443 | 49401 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:20.600419044 CEST | 443 | 49401 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:20.600421906 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:20.601327896 CEST | 49401 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:36.543468952 CEST | 49343 | 80 | 192.168.11.12 | 17.253.21.201 |
Apr 25, 2024 17:27:36.648425102 CEST | 80 | 49343 | 17.253.21.201 | 192.168.11.12 |
Apr 25, 2024 17:27:36.650213003 CEST | 49343 | 80 | 192.168.11.12 | 17.253.21.201 |
Apr 25, 2024 17:27:49.791555882 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:49.791676044 CEST | 443 | 49402 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:49.792589903 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:49.793426037 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:49.793490887 CEST | 443 | 49402 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.012746096 CEST | 443 | 49402 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.013643980 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.013691902 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.019424915 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.019618988 CEST | 443 | 49402 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.020131111 CEST | 443 | 49402 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.020493031 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.020576954 CEST | 49402 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.038630962 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.038750887 CEST | 443 | 49403 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.039891958 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.041157961 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.041250944 CEST | 443 | 49403 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.255156040 CEST | 443 | 49403 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.256027937 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.256027937 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.264508009 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.264779091 CEST | 443 | 49403 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.265418053 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.265497923 CEST | 443 | 49403 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.266038895 CEST | 49403 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.285698891 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.285820961 CEST | 443 | 49404 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.286645889 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.287555933 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.287616968 CEST | 443 | 49404 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.498402119 CEST | 443 | 49404 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.499238014 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.499238014 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.511948109 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.512114048 CEST | 443 | 49404 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.512542963 CEST | 443 | 49404 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.512676954 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.513034105 CEST | 49404 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.553639889 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.553761005 CEST | 443 | 49405 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.554389000 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.555787086 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.555849075 CEST | 443 | 49405 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.769299030 CEST | 443 | 49405 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.770797968 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.770999908 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.799666882 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.799947977 CEST | 443 | 49405 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.800790071 CEST | 443 | 49405 | 151.101.3.6 | 192.168.11.12 |
Apr 25, 2024 17:27:50.801058054 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Apr 25, 2024 17:27:50.801500082 CEST | 49405 | 443 | 192.168.11.12 | 151.101.3.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 17:26:54.154557943 CEST | 137 | 137 | 192.168.11.12 | 192.168.11.255 |
Apr 25, 2024 17:26:54.154557943 CEST | 137 | 137 | 192.168.11.12 | 192.168.11.255 |
Apr 25, 2024 17:26:57.437613964 CEST | 53 | 52458 | 1.1.1.1 | 192.168.11.12 |
Apr 25, 2024 17:27:11.909065008 CEST | 49208 | 53 | 192.168.11.12 | 1.1.1.1 |
Apr 25, 2024 17:27:12.009825945 CEST | 53 | 49208 | 1.1.1.1 | 192.168.11.12 |
Apr 25, 2024 17:27:17.131253958 CEST | 53046 | 53 | 192.168.11.12 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 17:27:11.909065008 CEST | 192.168.11.12 | 1.1.1.1 | 0xf62f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 17:27:17.131253958 CEST | 192.168.11.12 | 1.1.1.1 | 0x5533 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 17:27:12.009825945 CEST | 1.1.1.1 | 192.168.11.12 | 0xf62f | No error (0) | 151.101.3.6 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:27:12.009825945 CEST | 1.1.1.1 | 192.168.11.12 | 0xf62f | No error (0) | 151.101.195.6 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:27:12.009825945 CEST | 1.1.1.1 | 192.168.11.12 | 0xf62f | No error (0) | 151.101.67.6 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:27:12.009825945 CEST | 1.1.1.1 | 192.168.11.12 | 0xf62f | No error (0) | 151.101.131.6 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 17:27:17.232580900 CEST | 1.1.1.1 | 192.168.11.12 | 0x5533 | No error (0) | updates.cdn-apple.com.akadns.net | CNAME (Canonical name) | IN (0x0001) | false |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 17:26:37.964169979 CEST | 151.101.67.6 | 443 | 192.168.11.12 | 49350 | CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US | CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Mon Nov 27 22:00:02 CET 2023 Wed Apr 29 14:54:50 CEST 2020 | Sat May 25 23:10:02 CEST 2024 Thu Apr 11 01:59:59 CEST 2030 | 771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0 | 5c118da645babe52f060d0754256a73c |
CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US | CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Apr 29 14:54:50 CEST 2020 | Thu Apr 11 01:59:59 CEST 2030 |
System Behavior
Start time (UTC): | 15:26:55 |
Start date (UTC): | 25/04/2024 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | - |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
Start time (UTC): | 15:26:55 |
Start date (UTC): | 25/04/2024 |
Path: | /usr/bin/open |
Arguments: | /usr/bin/open /Users/bernard/Desktop/Homebrew-4.2.19.pkg |
File size: | 105952 bytes |
MD5 hash: | 34bd93241fa5d2aee225941b1ca14fa4 |
Start time (UTC): | 15:26:55 |
Start date (UTC): | 25/04/2024 |
Path: | /usr/libexec/xpcproxy |
Arguments: | - |
File size: | 44048 bytes |
MD5 hash: | 4764d9eafe6b7dac23253a9f8b7f73d6 |
Start time (UTC): | 15:26:55 |
Start date (UTC): | 25/04/2024 |
Path: | /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer |
Arguments: | /System/Library/CoreServices/Installer.app/Contents/MacOS/Installer |
File size: | 294864 bytes |
MD5 hash: | 50c84168359b295c12427b3461315322 |
Start time (UTC): | 15:27:09 |
Start date (UTC): | 25/04/2024 |
Path: | /usr/libexec/xpcproxy |
Arguments: | - |
File size: | 44048 bytes |
MD5 hash: | 4764d9eafe6b7dac23253a9f8b7f73d6 |
Start time (UTC): | 15:27:09 |
Start date (UTC): | 25/04/2024 |
Path: | /usr/libexec/nsurlstoraged |
Arguments: | /usr/libexec/nsurlstoraged --privileged |
File size: | 246624 bytes |
MD5 hash: | 321b0a40e24b45f0af49ba42742b3f64 |
Start time (UTC): | 15:27:39 |
Start date (UTC): | 25/04/2024 |
Path: | /usr/libexec/xpcproxy |
Arguments: | - |
File size: | 44048 bytes |
MD5 hash: | 4764d9eafe6b7dac23253a9f8b7f73d6 |
Start time (UTC): | 15:27:39 |
Start date (UTC): | 25/04/2024 |
Path: | /usr/libexec/firmwarecheckers/eficheck/eficheck |
Arguments: | /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon |
File size: | 74048 bytes |
MD5 hash: | 328beb81a2263449258057506bb4987f |