Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

macOS Analysis Report https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG

Overview

General Information

Sample URL:https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
Analysis ID:881
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Multi AV Scanner detection for submitted file
Opens the Safari browser app

Classification

General Information

Joe Sandbox Version:32.0.0 Black Diamond
Analysis ID:881
Start date:24.06.2021
Start time:13:17:40
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 13s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:browseurl.jbs
Sample URL:https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
Analysis system description:Virtual Machine, High Sierra (Office 2016 v16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:default
Detection:MAL
Classification:mal48.mac@0/7@15/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 18.156.205.85, 184.30.216.40, 93.184.220.29, 142.250.186.138, 23.51.123.27, 23.55.163.48, 23.55.163.58, 104.117.200.9, 172.217.18.106, 142.250.185.74, 142.250.186.168, 142.250.185.234, 151.101.1.182, 151.101.65.182, 151.101.129.182, 151.101.193.182, 104.22.46.168, 104.22.47.168, 172.67.38.83, 216.58.212.163, 172.217.18.99, 142.250.177.46, 142.250.181.226
  • TCP Packets have been reduced to 100
  • Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, cs9.wac.phicdn.net, smoot-searchv2-euc1a.v.aaplimg.com, e8652.dscx.akamaiedge.net, gateway.icloud.com, g.symcd.com, adservice.google.com, api-glb-euc1a.smoot.apple.com, maps.googleapis.com, ocsp.digicert.com, a1887.dscq.akamai.net, www.googletagmanager.com, safebrowsing.googleapis.com, crl.root-x1.letsencrypt.org.edgekey.net, www.google-analytics.com, fonts.googleapis.com, www-google-analytics.l.google.com, e673.dsce9.akamaiedge.net, ajax.googleapis.com, fonts.gstatic.com, www-googletagmanager.l.google.com, e8218.dscb1.akamaiedge.net, o.lencr.edgesuite.net, api.smoot.apple.com, bag-smoot.v.aaplimg.com, ocsp-ds.ws.symantec.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, configuration.apple.com, onboard.triptease.io.cdn.cloudflare.net, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, q.shared.global.fastly.net, maps.gstatic.com
  • Report size getting too big, too many PREAD calls found.
  • VT rate limit hit for: kubernetes-loadbalancer.triptease.io

Process Tree

  • System is macvm-highsierra
  • Safari (MD5: 8e18be737fe87f19fe7a97b4821e2005) Arguments: /Applications/Safari.app/Contents/MacOS/Safari
  • cleanup

Yara Overview

No yara matches

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACGVirustotal: Detection: 9%Perma Link
Source: unknownHTTPS traffic detected: 17.248.145.74:443 -> 192.168.11.11:49195 version: TLS 1.2
Source: unknownHTTPS traffic detected: 47.243.138.168:443 -> 192.168.11.11:49194 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49205 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49209 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.186.195.233:443 -> 192.168.11.11:49213 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.33.221.90:443 -> 192.168.11.11:49216 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.20.2:443 -> 192.168.11.11:49214 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.16.102:443 -> 192.168.11.11:49215 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.248.242.197:443 -> 192.168.11.11:49217 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49221 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.27.154:443 -> 192.168.11.11:49223 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknownTCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknownTCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknownTCP traffic detected without corresponding DNS query: 17.171.27.65
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.55.204
Source: unknownTCP traffic detected without corresponding DNS query: 104.76.200.212
Source: unknownTCP traffic detected without corresponding DNS query: 104.76.200.212
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.55.204
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: sparkasse.corona-umstellungsverfahren-de.com
Source: .dat.nosync0210.bKXvUw.235.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: .dat.nosync0210.8kfcUv.235.drString found in binary or memory: https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49223
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49221
Source: unknownNetwork traffic detected: HTTP traffic on port 49209 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49213
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49194
Source: unknownNetwork traffic detected: HTTP traffic on port 49205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49194 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49209
Source: unknownNetwork traffic detected: HTTP traffic on port 49217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49215 -> 443
Source: unknownHTTPS traffic detected: 17.248.145.74:443 -> 192.168.11.11:49195 version: TLS 1.2
Source: unknownHTTPS traffic detected: 47.243.138.168:443 -> 192.168.11.11:49194 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49205 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49209 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.186.195.233:443 -> 192.168.11.11:49213 version: TLS 1.2
Source: unknownHTTPS traffic detected: 85.13.148.189:443 -> 192.168.11.11:49212 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.33.221.90:443 -> 192.168.11.11:49216 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.20.2:443 -> 192.168.11.11:49214 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.217.16.102:443 -> 192.168.11.11:49215 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.248.242.197:443 -> 192.168.11.11:49217 version: TLS 1.2
Source: unknownHTTPS traffic detected: 107.178.244.119:443 -> 192.168.11.11:49221 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.27.154:443 -> 192.168.11.11:49223 version: TLS 1.2
Source: classification engineClassification label: mal48.mac@0/7@15/0
Source: /usr/libexec/xpcproxy (PID: 528)Safari app opened: /Applications/Safari.app/Contents/MacOS/Safari
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528)Random device file read: /dev/urandomJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528)XML plist file created: /Users/berri/Library/Safari/.dat.nosync0210.bKXvUwJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528)Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync0210.Is8mxgJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528)Binary plist file created: /Users/berri/Library/Safari/.dat.nosync0210.8kfcUvJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 528)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPlist Modification1Plist Modification1Direct Volume AccessOS Credential DumpingSystem Information Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

cam-macmac-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG9%VirustotalBrowse
https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
sparkasse.corona-umstellungsverfahren-de.com8%VirustotalBrowse
static.rheinturm.de0%VirustotalBrowse
gateway.fe.apple-dns.net0%VirustotalBrowse
a97adde81b00f2ca4.awsglobalaccelerator.com0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sparkasse.corona-umstellungsverfahren-de.com
47.243.138.168
truetrueunknown
dart.l.doubleclick.net
172.217.16.102
truefalse
    		high
    pagead46.l.doubleclick.net
    		142.250.181.226
    		truefalse
      		high
      static.rheinturm.de
      		85.13.148.189
      		truefalseunknown
      stats.l.doubleclick.net
      		142.250.27.154
      		truefalse
        		high
        gateway.fe.apple-dns.net
        		17.248.145.74
        		truefalseunknown
        a97adde81b00f2ca4.awsglobalaccelerator.com
        		13.248.242.197
        		truefalseunknown
        cm.g.doubleclick.net
        		172.217.20.2
        		truefalse
          		high
          pixelglobal.sojern.com
          		107.178.244.119
          		truefalse
            		high
            ib.anycast.adnxs.com
            		185.33.221.90
            		truefalse
              		high
              kubernetes-loadbalancer.triptease.io
              		35.186.195.233
              		truefalse
                		unknown
                static.triptease.io
                		unknown
                		unknownfalse
                  		unknown
                  pixel.sojern.com
                  		unknown
                  		unknownfalse
                    		high
                    ad.doubleclick.net
                    		unknown
                    		unknownfalse
                      		high
                      onboard.triptease.io
                      		unknown
                      		unknownfalse
                        		unknown
                        adservice.google.de
                        		unknown
                        		unknownfalse
                          		high
                          stats.g.doubleclick.net
                          		unknown
                          		unknownfalse
                            		high
                            beacon.sojern.com
                            		unknown
                            		unknownfalse
                              		high
                              x1.c.lencr.org
                              		unknown
                              		unknownfalse
                                		unknown
                                api.triptease.io
                                		unknown
                                		unknownfalse
                                  		unknown
                                  ib.adnxs.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    r3.o.lencr.org
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      match.adsrvr.org
                                      		unknown
                                      		unknownfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG.dat.nosync0210.8kfcUv.235.drtrue
                                          		unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          185.33.221.90
                                          		ib.anycast.adnxs.comNetherlands
                                          		29990ASN-APPNEXUSfalse
                                          107.178.244.119
                                          		pixelglobal.sojern.comUnited States
                                          		15169GOOGLEUSfalse
                                          13.248.242.197
                                          		a97adde81b00f2ca4.awsglobalaccelerator.comUnited States
                                          		16509AMAZON-02USfalse
                                          17.253.55.204
                                          		unknownUnited States
                                          		6185APPLE-AUSTINUSfalse
                                          17.248.145.74
                                          		gateway.fe.apple-dns.netUnited States
                                          		714APPLE-ENGINEERINGUSfalse
                                          104.76.200.212
                                          		unknownUnited States
                                          		3462HINETDataCommunicationBusinessGroupTWfalse
                                          85.13.148.189
                                          		static.rheinturm.deGermany
                                          		34788NMM-ASD-02742FriedersdorfHauptstrasse68DEfalse
                                          47.243.138.168
                                          		sparkasse.corona-umstellungsverfahren-de.comUnited States
                                          		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                          172.217.16.102
                                          		dart.l.doubleclick.netUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.27.154
                                          		stats.l.doubleclick.netUnited States
                                          		15169GOOGLEUSfalse
                                          17.171.27.65
                                          		unknownUnited States
                                          		714APPLE-ENGINEERINGUSfalse
                                          35.186.195.233
                                          		kubernetes-loadbalancer.triptease.ioUnited States
                                          		15169GOOGLEUSfalse
                                          172.217.20.2
                                          		cm.g.doubleclick.netUnited States
                                          		15169GOOGLEUSfalse

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASN

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          /Users/berri/Library/Safari/.dat.nosync0210.8kfcUv
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:Apple binary property list
                                          Category:dropped
                                          Size (bytes):1746
                                          Entropy (8bit):7.2504763805227075
                                          Encrypted:false
                                          SSDEEP:24:/MVp+dVGmEH3oFqBo4cT9DHoTAqg9f9SoQ78WqcS+9aNMMOjSQj/4zQLcT0BzVvb:E3NmrecoTlg9fYwi4TkH/xL5DcRJg
                                          MD5:F1B94C817755ACE420A7FB7631151174
                                          SHA1:FE9F7D72F241B92200297B8779D4841A6E377D3E
                                          SHA-256:E50786DBB43BBF91EDC23F3968BF172C32BC3B66C69CCBEF7C3B36197F40A768
                                          SHA-512:AE4452E25E8480E0357E3EBD5A5F409AB6532A4BC9338CD1E858947C6F7DD3DE7937412BCFB750310FF8B27181444AD578944EF9DED7C1DAEDB1A5959BFD40EE
                                          Malicious:false
                                          Reputation:low
                                          Preview: bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A.B^..E....S2.0_.$0CF9D3F8-C031-4694-8366-FC506FE1E754_..{{0, 52}, {1024, 693}}.... !."#.$%&'()*.,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O........}.9.$0....H..-.~NO.......:...._.c.....XS..@vPNTE.....{Z..K..A..Eb....zC..*.....""....34......s..W..C.N..j.r.O........:.....O..S.)..E....][..zgbt....H...?..J.X..M..}..4..|K.a-..z.%6.j.......Ll`.(oe^.mj."..H.k...q..y.G....Q%.f.-.*.x..:g.3Zd....F...^.6.iZ)....'.VN..N...!.X..E.......!..e....|p....P.:....E p..V.IPS.B.F..9M"%......P........\qcx...[.....a.V.m...GX~..kS........h.. ._...
                                          /Users/berri/Library/Safari/.dat.nosync0210.bKXvUw
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:XML 1.0 document, ASCII text
                                          Category:dropped
                                          Size (bytes):1012
                                          Entropy (8bit):5.286991847916908
                                          Encrypted:false
                                          SSDEEP:24:2dfyiwHuG5Ku3hu65juqVrTrmuGoTxR1F1xW:cfyP5Z/5PrUon1F1xW
                                          MD5:0C29425555C7FF0CA114B1FD0DC39C50
                                          SHA1:D7D808E8BE92462F4C3CEBA66734F0E9BB26ACDD
                                          SHA-256:52826AFEEC974BB7BACB85BDC01DC4F23BF917D65E04773D7CAD393F7866F3FD
                                          SHA-512:D9C8364A85F4B4A96CAAC1409F32F9D6B2F8AE19201E0ABD2D449A3EEDADD471E99E44BC92DEB5D8FB60287DA64A88E61B45F759E7B9A383A9BBE5F5FD242F95
                                          Malicious:false
                                          Reputation:low
                                          Preview: <?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>SingleDeviceSaveChangesThrottlingPolicy</key>..<string>1:1440</string>..<key>MultipleDeviceSaveChangesThrottlingPolicy</key>..<string>50:1 | 10:2 | 10:5 | 10:30 | 9:40 | 1:510</string>..<key>SingleDeviceFetchChangesThrottlingPolicy</key>..<string>11:15 | 1:1275</string>..<key>MultipleDeviceFetchChangesThrottlingPolicy</key>..<string>50:1 | 50:3 | 20:4 | 20:5 | 20:15 | 20:18 | 20:20</string>..<key>SyncCircleSizeRetrievalThrottlingPolicy</key>..<string>1:1440</string>..<key>MaximumRequestLimitCharacterCount</key>..<integer>100000</integer>..<key>SyncWindow</key>..<real>1209600</real>..<key>HistoryModificationIdleDelayBeforeSyncAttemptKey</key>..<integer>90</integer>..<key>HistoryRemovalIdleDelayBeforeSyncAttempt</key>..<integer>6</integer>..<key>SaveChangesBeforeTerminationTimeout</key>..<integer>1</integer>.</dic
                                          /Users/berri/Library/Safari/Favicon Cache/favicons/.dat.nosync0210.t7NkvP
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:MS Windows icon resource - 6 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGB, non-interlaced, 32 bits/pixel, 128x128, 32 bits/pixel
                                          Category:dropped
                                          Size (bytes):104432
                                          Entropy (8bit):4.144635779349267
                                          Encrypted:false
                                          SSDEEP:384:foO4vY8acUdOxNu1cG+87BPCi7uoO17Lhx13FKFK4TQ4lL7R30yr+DCCCCCCCCCw:fHb8/xY1cV1rAQ4lLxIrCgT7it
                                          MD5:C38CA5B1EF20C89B52E393D842861586
                                          SHA1:7071CDC3F0CADF38D598FC66FFFECDFB7617B8F5
                                          SHA-256:DCECA13D3E8348F4628F4151D05B31A83757F5ED550D5DB9997B5B3B4A38FD4B
                                          SHA-512:E4F866841A1DFB829DBBCF5F3AFDB090F0B23B2F59A58C56FE244D5F80E7C41D89130FEF9578BE0BE69FAA8DB1634B3A5F2AAEA0877F04F91EC6A7685879FF10
                                          Malicious:false
                                          Reputation:low
                                          Preview: ............ .....f......... .(.......@@.... .(B......00.... ..%..8].. .... ............... .h........PNG........IHDR...............?1...IIDATx...r#........<H"cDj..:.....7V/.wz...F8.o'..l.B..b...9.x...@..]{!.....n.....%..>....*.J..O..............h . ....&.....s..]..].., .;&..4.J.......h . .....ZKM..O...u......q..q..W.F...?.$..h`....D....@.@4........qp.V{...u.......p83.1l..T....h . ........A..RXL.............A..........h . ....&..R.&X6.......h . .....A.ra........`k..Qd.?.%.....h . ........A..\.si:_.0....]....!5O_.".^%..r...........*A..........h......1..3..........jm#..g.c..U.......D....@.@4..W....:.A..g."..... ...........h..W.KfN.$I.;..i..\...s.....j...P...b../...c.....x.1(.X*.9.....h . ...ea}t6............=ok...Mj........$.h4...]....@..`1.Rjs.I._...........c..C....w.~8_'..999.......B.e@..........h . ...ea1([.m8.^]]..z..h4.C.......i...hT..C.V.f..l..1q!...D....@.@4......d...G.|......aQ/.._......a..@I ..d...z...s.4.M6......A..4...-.t..h . .......b.=~.....>
                                          /dev/null
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):61
                                          Entropy (8bit):4.786894099680635
                                          Encrypted:false
                                          SSDEEP:3:tUI52wcLJLXd5HWOv:mO2p1jd52A
                                          MD5:DC10074F8C99C0D488FBBAF3B38C87D1
                                          SHA1:7B7090DCCC48BD1A30868B65865BF14997A5860B
                                          SHA-256:DF41FA20D04461218689127C1857BBE4213ABF48AA1862DB720591471E998278
                                          SHA-512:7CA53D9661C24695F044F775EAB29BA6DB08DF93214C7E62A19658CEFE1E766156BEE13AD25D94A45729D5213AE9084BE8B010CAEF27EC9564BDADAB3C465F35
                                          Malicious:false
                                          Reputation:low
                                          Preview: 2021-06-24 15:18:29.042 Safari[528:4417] ApplePersistence=NO.
                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync0210.Is8mxg
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:Apple binary property list
                                          Category:dropped
                                          Size (bytes):76
                                          Entropy (8bit):3.9370658315190226
                                          Encrypted:false
                                          SSDEEP:3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
                                          MD5:CDC65B5F112547EAFAE0F16F9C149426
                                          SHA1:AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
                                          SHA-256:1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
                                          SHA-512:E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
                                          Malicious:false
                                          Reputation:low
                                          Preview: bplist00..._..ExtensionArchivesExtracted...(...............................)
                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:Mac OS X Keychain File
                                          Category:dropped
                                          Size (bytes):48908
                                          Entropy (8bit):3.533948990143748
                                          Encrypted:false
                                          SSDEEP:384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/
                                          MD5:09070E01FA6ED1973D94FAD50C35E3ED
                                          SHA1:7546663E66F9889EE3365A7A0BE372300C6022CA
                                          SHA-256:2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F
                                          SHA-512:621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3
                                          Malicious:false
                                          Reputation:low
                                          Preview: kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R
                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_
                                          Process:/Applications/Safari.app/Contents/MacOS/Safari
                                          File Type:Mac OS X Keychain File
                                          Category:dropped
                                          Size (bytes):4404
                                          Entropy (8bit):3.5113078915037033
                                          Encrypted:false
                                          SSDEEP:48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX
                                          MD5:D487F899A14AE98519B46D51BC810F1B
                                          SHA1:64877ECFBE47ED66EED545B2449BBE8B22B775D0
                                          SHA-256:4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D
                                          SHA-512:EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40
                                          Malicious:false
                                          Reputation:low
                                          Preview: kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....

                                          Static File Info

                                          No static file info

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jun 24, 2021 13:18:31.978665113 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:31.993940115 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.002336979 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.002938032 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.003684044 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.011987925 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.012067080 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.012120962 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.012171984 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.012695074 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.012775898 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.012967110 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.013030052 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.013588905 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.091486931 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.099900961 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.099956036 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.100776911 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.100862026 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.117444992 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.117533922 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.117547035 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.117556095 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.117567062 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.125885963 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.125978947 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.126022100 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.126718998 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.126837969 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.126915932 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.126982927 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.127558947 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.127585888 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.127609015 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.127655029 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.127708912 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.128283024 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.128340006 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.128490925 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.128561020 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.128607035 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.129231930 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.129280090 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.129291058 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.191653013 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:32.199848890 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:32.223486900 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:32.224334002 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:32.224703074 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:32.469415903 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:32.995898008 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:32.995970011 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:32.996014118 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:32.996064901 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:32.996366024 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:32.996453047 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:32.996464014 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:32.996473074 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:33.003151894 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:33.003595114 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:33.144814968 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:33.389444113 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:33.398097038 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:33.398181915 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:33.398257017 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:33.406461954 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:33.406516075 CEST4434919517.248.145.74192.168.11.11
                                          Jun 24, 2021 13:18:33.406927109 CEST49195443192.168.11.1117.248.145.74
                                          Jun 24, 2021 13:18:33.652694941 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:33.653333902 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:33.654000998 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:33.898888111 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.000861883 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.000952005 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.000993967 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.001077890 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.001125097 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.001157999 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.001286030 CEST4434919447.243.138.168192.168.11.11
                                          Jun 24, 2021 13:18:35.001336098 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:35.001380920 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:35.001447916 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:35.001590014 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:35.001770020 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:35.001821995 CEST49194443192.168.11.1147.243.138.168
                                          Jun 24, 2021 13:18:35.100452900 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.121233940 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.121663094 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.127043009 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.147692919 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.148310900 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.148391962 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.148439884 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.148473978 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.148787022 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.148838997 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.148849010 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.150533915 CEST4434920585.13.148.189192.168.11.11
                                          Jun 24, 2021 13:18:35.150880098 CEST49205443192.168.11.1185.13.148.189
                                          Jun 24, 2021 13:18:35.287226915 CEST49205443192.168.11.1185.13.148.189

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jun 24, 2021 13:18:30.017852068 CEST5844553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:30.029122114 CEST53584451.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:30.435203075 CEST6080953192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:30.444844961 CEST53608091.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:30.537700891 CEST6034053192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:30.546247959 CEST53603401.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:31.159729958 CEST5480153192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:31.167880058 CEST53548011.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:31.547223091 CEST5168053192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:31.976254940 CEST53516801.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:31.983257055 CEST5002553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:31.991909027 CEST53500251.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:32.005912066 CEST6346653192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:32.015360117 CEST53634661.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:32.052329063 CEST6467353192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:32.060833931 CEST53646731.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:33.031886101 CEST5979153192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:33.034948111 CEST4969853192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:33.040370941 CEST53597911.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:33.043989897 CEST53496981.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.066593885 CEST5298553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.066656113 CEST6456753192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.067369938 CEST5284753192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.068094969 CEST5076053192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.068680048 CEST6273453192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.069400072 CEST6343653192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.074811935 CEST53529851.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.075849056 CEST53528471.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.076407909 CEST53507601.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.077779055 CEST53634361.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.098663092 CEST53645671.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.114051104 CEST53627341.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.447813034 CEST6384953192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.452259064 CEST5897453192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.458962917 CEST53638491.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.461179972 CEST53589741.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.601905107 CEST6013353192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.610069990 CEST53601331.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:35.786597013 CEST5004453192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:35.797981977 CEST53500441.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.000657082 CEST5449753192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.002609015 CEST5804953192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.002768993 CEST5122853192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.004607916 CEST5509653192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.004738092 CEST5121753192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.005949020 CEST6358553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.009327888 CEST53544971.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.010739088 CEST53580491.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.011209011 CEST53512281.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.012895107 CEST53550961.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.012984991 CEST53512171.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.014301062 CEST53635851.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.233606100 CEST5370553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.242197990 CEST53537051.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.432132959 CEST5065553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.441044092 CEST53506551.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:36.609052896 CEST6352553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:36.617521048 CEST53635251.1.1.1192.168.11.11
                                          Jun 24, 2021 13:18:37.584100008 CEST5782553192.168.11.111.1.1.1
                                          Jun 24, 2021 13:18:37.592453957 CEST53578251.1.1.1192.168.11.11
                                          Jun 24, 2021 13:19:01.942146063 CEST5783453192.168.11.111.1.1.1
                                          Jun 24, 2021 13:19:01.951673985 CEST53578341.1.1.1192.168.11.11

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Jun 24, 2021 13:18:31.547223091 CEST192.168.11.111.1.1.10xc40aStandard query (0)sparkasse.corona-umstellungsverfahren-de.comA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:33.031886101 CEST192.168.11.111.1.1.10x9e1dStandard query (0)r3.o.lencr.orgA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:33.034948111 CEST192.168.11.111.1.1.10xad2dStandard query (0)x1.c.lencr.orgA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.066656113 CEST192.168.11.111.1.1.10x66fcStandard query (0)static.rheinturm.deA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.068680048 CEST192.168.11.111.1.1.10xbe25Standard query (0)static.triptease.ioA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.447813034 CEST192.168.11.111.1.1.10x5025Standard query (0)beacon.sojern.comA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.452259064 CEST192.168.11.111.1.1.10xc5b0Standard query (0)onboard.triptease.ioA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.786597013 CEST192.168.11.111.1.1.10x9855Standard query (0)api.triptease.ioA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.000657082 CEST192.168.11.111.1.1.10xeda6Standard query (0)cm.g.doubleclick.netA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.002609015 CEST192.168.11.111.1.1.10x5e8cStandard query (0)ad.doubleclick.netA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.002768993 CEST192.168.11.111.1.1.10xf8feStandard query (0)ib.adnxs.comA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.004607916 CEST192.168.11.111.1.1.10xc85bStandard query (0)match.adsrvr.orgA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.432132959 CEST192.168.11.111.1.1.10xdd8bStandard query (0)pixel.sojern.comA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.609052896 CEST192.168.11.111.1.1.10x7a73Standard query (0)adservice.google.deA (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:37.584100008 CEST192.168.11.111.1.1.10x6d4Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Jun 24, 2021 13:18:31.976254940 CEST1.1.1.1192.168.11.110xc40aNo error (0)sparkasse.corona-umstellungsverfahren-de.com47.243.138.168A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.74A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.147A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.139A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.143A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.144A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.202A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.146A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:31.991909027 CEST1.1.1.1192.168.11.110x30a1No error (0)gateway.fe.apple-dns.net17.248.145.164A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:33.040370941 CEST1.1.1.1192.168.11.110x9e1dNo error (0)r3.o.lencr.orgo.lencr.edgesuite.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:33.043989897 CEST1.1.1.1192.168.11.110xad2dNo error (0)x1.c.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:35.098663092 CEST1.1.1.1192.168.11.110x66fcNo error (0)static.rheinturm.de85.13.148.189A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.114051104 CEST1.1.1.1192.168.11.110xbe25No error (0)static.triptease.ioq.shared.global.fastly.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:35.458962917 CEST1.1.1.1192.168.11.110x5025No error (0)beacon.sojern.compixelglobal.sojern.comCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:35.458962917 CEST1.1.1.1192.168.11.110x5025No error (0)pixelglobal.sojern.com107.178.244.119A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:35.461179972 CEST1.1.1.1192.168.11.110xc5b0No error (0)onboard.triptease.ioonboard.triptease.io.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:35.797981977 CEST1.1.1.1192.168.11.110x9855No error (0)api.triptease.iokubernetes-loadbalancer.triptease.ioCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:35.797981977 CEST1.1.1.1192.168.11.110x9855No error (0)kubernetes-loadbalancer.triptease.io35.186.195.233A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.009327888 CEST1.1.1.1192.168.11.110xeda6No error (0)cm.g.doubleclick.net172.217.20.2A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.010739088 CEST1.1.1.1192.168.11.110x5e8cNo error (0)ad.doubleclick.netdart.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.010739088 CEST1.1.1.1192.168.11.110x5e8cNo error (0)dart.l.doubleclick.net172.217.16.102A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.adnxs.comg.geogslb.comCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)g.geogslb.comib.anycast.adnxs.comCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.221.90A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.220.244A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.221.14A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.221.53A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.223.178A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.221.88A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.221.13A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.011209011 CEST1.1.1.1192.168.11.110xf8feNo error (0)ib.anycast.adnxs.com185.33.221.15A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.012895107 CEST1.1.1.1192.168.11.110xc85bNo error (0)match.adsrvr.orgmatch-aga.adsrvr.orgCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.012895107 CEST1.1.1.1192.168.11.110xc85bNo error (0)match-aga.adsrvr.orga97adde81b00f2ca4.awsglobalaccelerator.comCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.012895107 CEST1.1.1.1192.168.11.110xc85bNo error (0)a97adde81b00f2ca4.awsglobalaccelerator.com13.248.242.197A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.012895107 CEST1.1.1.1192.168.11.110xc85bNo error (0)a97adde81b00f2ca4.awsglobalaccelerator.com76.223.111.131A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.441044092 CEST1.1.1.1192.168.11.110xdd8bNo error (0)pixel.sojern.compixelglobal.sojern.comCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.441044092 CEST1.1.1.1192.168.11.110xdd8bNo error (0)pixelglobal.sojern.com107.178.244.119A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:36.617521048 CEST1.1.1.1192.168.11.110x7a73No error (0)adservice.google.depagead46.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:36.617521048 CEST1.1.1.1192.168.11.110x7a73No error (0)pagead46.l.doubleclick.net142.250.181.226A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:37.592453957 CEST1.1.1.1192.168.11.110x6d4No error (0)stats.g.doubleclick.netstats.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                          Jun 24, 2021 13:18:37.592453957 CEST1.1.1.1192.168.11.110x6d4No error (0)stats.l.doubleclick.net142.250.27.154A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:37.592453957 CEST1.1.1.1192.168.11.110x6d4No error (0)stats.l.doubleclick.net142.250.27.157A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:37.592453957 CEST1.1.1.1192.168.11.110x6d4No error (0)stats.l.doubleclick.net142.250.27.156A (IP address)IN (0x0001)
                                          Jun 24, 2021 13:18:37.592453957 CEST1.1.1.1192.168.11.110x6d4No error (0)stats.l.doubleclick.net142.250.27.155A (IP address)IN (0x0001)

                                          HTTPS Packets

                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                          Jun 24, 2021 13:18:32.012967110 CEST17.248.145.74443192.168.11.1149195C=US, ST=California, O=Apple Inc., CN=gateway.icloud.com C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=GeoTrust Global CA, O=GeoTrust Inc., C=USMon Jul 20 19:41:36 CEST 2020 Wed Dec 12 13:00:00 CET 2018 Mon Jun 16 17:42:02 CEST 2014Thu Aug 19 19:51:00 CEST 2021 Wed May 07 14:00:00 CEST 2025 Fri May 20 17:42:02 CEST 2022771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Dec 12 13:00:00 CET 2018Wed May 07 14:00:00 CEST 2025
                                          C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1CN=GeoTrust Global CA, O=GeoTrust Inc., C=USMon Jun 16 17:42:02 CEST 2014Fri May 20 17:42:02 CEST 2022
                                          Jun 24, 2021 13:18:33.003151894 CEST47.243.138.168443192.168.11.1149194CN=sparkasse.corona-umstellungsverfahren-de.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Jun 08 12:01:51 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Mon Sep 06 12:01:51 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10-21,29-23-24,092306a1faec06f00b17da7dd2a607d69
                                          CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                                          CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
                                          Jun 24, 2021 13:18:35.150533915 CEST85.13.148.189443192.168.11.1149205CN=static.rheinturm.de CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sat May 22 03:11:36 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Fri Aug 20 03:11:36 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                                          CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
                                          Jun 24, 2021 13:18:35.497191906 CEST107.178.244.119443192.168.11.1149209CN=*.sojern.com, O="Sojern, Inc.", L=Omaha, ST=Nebraska, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Dec 07 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Tue Dec 21 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                          Jun 24, 2021 13:18:35.802954912 CEST85.13.148.189443192.168.11.1149212CN=static.rheinturm.de CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Sat May 22 03:11:36 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Fri Aug 20 03:11:36 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                                          CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
                                          Jun 24, 2021 13:18:35.820970058 CEST35.186.195.233443192.168.11.1149213CN=*.triptease.io, OU=Triptease Ltd, O=Triptease Ltd, STREET="Devonshire House, 60 Goswell Road", L=London, ST=London, OID.2.5.4.17=EC1M 7AD, C=GB CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USThu Apr 16 02:00:00 CEST 2020 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010Sun May 08 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GBCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USFri Nov 02 01:00:00 CET 2018Wed Jan 01 00:59:59 CET 2031
                                          CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USCN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=USMon Feb 01 01:00:00 CET 2010Tue Jan 19 00:59:59 CET 2038
                                          Jun 24, 2021 13:18:36.067429066 CEST185.33.221.90443192.168.11.1149216CN=*.adnxs.com, O=Xandr Inc., L=New York, ST=New York, C=US CN=GeoTrust ECC CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=USCN=GeoTrust ECC CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USFri Mar 05 01:00:00 CET 2021 Mon Nov 06 13:24:09 CET 2017Sun Feb 20 00:59:59 CET 2022 Sat Nov 06 13:24:09 CET 2027771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=GeoTrust ECC CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Nov 06 13:24:09 CET 2017Sat Nov 06 13:24:09 CET 2027
                                          Jun 24, 2021 13:18:36.088251114 CEST172.217.20.2443192.168.11.1149214CN=*.g.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEMon May 24 03:34:17 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020Mon Aug 16 03:34:16 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=GTS CA 1C3, O=Google Trust Services LLC, C=USCN=GTS Root R1, O=Google Trust Services LLC, C=USThu Aug 13 02:00:42 CEST 2020Thu Sep 30 02:00:42 CEST 2027
                                          CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEFri Jun 19 02:00:42 CEST 2020Fri Jan 28 01:00:42 CET 2028
                                          Jun 24, 2021 13:18:36.090882063 CEST172.217.16.102443192.168.11.1149215CN=*.doubleclick.net CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEMon May 24 03:32:07 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020Mon Aug 16 03:32:06 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=GTS CA 1C3, O=Google Trust Services LLC, C=USCN=GTS Root R1, O=Google Trust Services LLC, C=USThu Aug 13 02:00:42 CEST 2020Thu Sep 30 02:00:42 CEST 2027
                                          CN=GTS Root R1, O=Google Trust Services LLC, C=USCN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BEFri Jun 19 02:00:42 CEST 2020Fri Jan 28 01:00:42 CET 2028
                                          Jun 24, 2021 13:18:36.094093084 CEST13.248.242.197443192.168.11.1149217CN=*.adsrvr.org CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Thu Mar 18 23:45:32 CET 2021 Tue Jul 28 02:00:00 CEST 2020 Wed Mar 18 11:00:00 CET 2009Wed Apr 20 00:45:32 CEST 2022 Sun Mar 18 01:00:00 CET 2029 Sun Mar 18 11:00:00 CET 2029771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=GlobalSign GCC R3 DV TLS CA 2020, O=GlobalSign nv-sa, C=BECN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Tue Jul 28 02:00:00 CEST 2020Sun Mar 18 01:00:00 CET 2029
                                          CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Wed Mar 18 11:00:00 CET 2009Sun Mar 18 11:00:00 CET 2029
                                          Jun 24, 2021 13:18:36.478436947 CEST107.178.244.119443192.168.11.1149221CN=*.sojern.com, O="Sojern, Inc.", L=Omaha, ST=Nebraska, C=US CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USMon Dec 07 01:00:00 CET 2020 Thu Sep 24 02:00:00 CEST 2020Tue Dec 21 00:59:59 CET 2021 Tue Sep 24 01:59:59 CEST 2030771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=USCN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=USThu Sep 24 02:00:00 CEST 2020Tue Sep 24 01:59:59 CEST 2030
                                          Jun 24, 2021 13:18:37.640086889 CEST142.250.27.154443192.168.11.1149223CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Mon May 24 03:34:09 CEST 2021 Thu Jun 15 02:00:42 CEST 2017Mon Aug 16 03:34:08 CEST 2021 Wed Dec 15 01:00:42 CET 2021771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
                                          CN=GTS CA 1O1, O=Google Trust Services, C=USCN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2Thu Jun 15 02:00:42 CEST 2017Wed Dec 15 01:00:42 CET 2021

                                          System Behavior

                                          Analysis Process: xpcproxy PID: 528 Parent PID: 1

                                          General

                                          Start time:13:18:28
                                          Start date:24/06/2021
                                          Path:/usr/libexec/xpcproxy
                                          Arguments:n/a
                                          File size:43488 bytes
                                          MD5 hash:d1bb9a4899f0af921e8188218b20d744

                                          Analysis Process: Safari PID: 528 Parent PID: 1

                                          General

                                          Start time:13:18:28
                                          Start date:24/06/2021
                                          Path:/Applications/Safari.app/Contents/MacOS/Safari
                                          Arguments:/Applications/Safari.app/Contents/MacOS/Safari
                                          File size:20896 bytes
                                          MD5 hash:8e18be737fe87f19fe7a97b4821e2005