Analysis Report iWk7svKGhJ
Overview
General Information |
---|
Joe Sandbox Version: | 24.0.0 |
Analysis ID: | 61433 |
Start date: | 03.10.2018 |
Start time: | 14:11:09 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 5m 31s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | iWk7svKGhJ (renamed file extension from none to app) |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Mac Mini, High Sierra 10.13.2 (MS Office 16.9, Java 1.8.0_25) |
Detection: | MAL |
Classification: | mal72.adwa.spyw.evad.macAPP@0/8@2/0 |
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 72 | 0 - 100 | Report FP / FN |
Classification |
---|
Analysis Advice |
---|
Sample HTTP request are all non existing, likely the sample will exhibit less behavior |
Signature Overview |
---|
Click to jump to signature section
Networking: |
---|
Downloads compressed data via HTTP | Show sources |
Source: | HTTP traffic detected: |
Downloads files from webservers via HTTP | Show sources |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Performs DNS lookups | Show sources |
Source: | DNS traffic detected: |
Posts data to webserver | Show sources |
Source: | HTTP traffic detected: |
Tries to download non-existing http data (HTTP/1.1 404 Not Found) | Show sources |
Source: | HTTP traffic detected: |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Reads the preferences of Safari | Show sources |
Source: | Defaults executable reading com.apple.Safari Preferences: | Jump to behavior |
System Summary: |
---|
Classification label | Show sources |
Source: | Classification label: |
Data Obfuscation: |
---|
Imports the IOKit library (often used to register services) | Show sources |
Source: | Static MACH information: | ||
Source: | Static MACH information: |
Persistence and Installation Behavior: |
---|
Changes permissions of written Mach-O files | Show sources |
Source: | Permissions modified for written 64-bit Mach-O /private/tmp/Search.app/Contents/MacOS/Search: | Jump to dropped file |
Creates application bundles | Show sources |
Source: | Bundle Info.plist file created: | Jump to behavior |
Creates code signed application bundles | Show sources |
Source: | Bundle code signature resource file created: | Jump to behavior |
Creates hidden files, links and/or directories | Show sources |
Source: | Hidden file created: | Jump to behavior |
Executes commands using a shell command-line interpreter | Show sources |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Executes the "grep" command used to find patterns in files or piped streams | Show sources |
Source: | Grep executable: | Jump to behavior |
Opens applications that may be created ones | Show sources |
Source: | Application opened: | Jump to behavior |
Reads launchservices plist files | Show sources |
Source: | Launchservices plist file read: | Jump to behavior | ||
Source: | Launchservices plist file read: | Jump to behavior | ||
Source: | Launchservices plist file read: | Jump to behavior | ||
Source: | Launchservices plist file read: | Jump to behavior |
Reads user launchservices plist file containing default apps for corresponding file types | Show sources |
Source: | Preferences launchservices plist file read: | Jump to behavior |
Reads, modifies and/or removes extended attributes containing macOS specific file meta data | Show sources |
Source: | Xattr command executed: | Jump to behavior |
Uses CFNetwork bundle containing interfaces for network communication (HTTP, sockets, and Bonjour) | Show sources |
Source: | CFNetwork info plist opened: | Jump to behavior |
Writes 64-bit Mach-O files to disk | Show sources |
Source: | File written: | Jump to dropped file |
Writes Mach-O files to the tmp directory | Show sources |
Source: | 64-bit Mach-O written to tmp path: | Jump to dropped file |
Writes ZIP files to disk | Show sources |
Source: | ZIP file created: | Jump to dropped file |
App bundle is code signed | Show sources |
Source: | CodeResources XML file: | ||
Source: | CodeResources XML file: | ||
Source: | CodeResources XML file: | ||
Source: | CodeResources XML file: |
Reads data from the local random generator | Show sources |
Source: | Random device file read: | Jump to behavior | ||
Source: | Random device file read: | Jump to behavior | ||
Source: | Random device file read: | Jump to behavior | ||
Source: | Random device file read: | Jump to behavior |
Uses AppleKeyboardLayouts bundle containing keyboard layouts | Show sources |
Source: | AppleKeyboardLayouts info plist opened: | Jump to behavior |
Uses the Python framework | Show sources |
Source: | Python framework application: | Jump to behavior | ||
Source: | Python framework application: | Jump to behavior | ||
Source: | Python framework application: | Jump to behavior | ||
Source: | Python framework application: | Jump to behavior |
Writes property list (.plist) files to disk | Show sources |
Source: | XML plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file | ||
Source: | XML plist file created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Removes the kMDItemWhereFroms bit to disguise the files origin (typically to hide the source URL if downloaded) | Show sources |
Source: | Xattr command executed: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Searches for VM related strings in files or piped streams (probably for evasion) | Show sources |
Source: | Grep searching for VM related keyword(s): | Jump to behavior | ||
Source: | Grep searching for VM related keyword(s): | Jump to behavior | ||
Source: | Grep searching for VM related keyword(s): | Jump to behavior | ||
Source: | Grep searching for VM related keyword(s): | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Removes the quarantine attribute (used to protect from malware) from files | Show sources |
Source: | Xattr command executed: | Jump to behavior |
Reads the sysctl safe boot value (probably to check if the system is in safe boot mode) | Show sources |
Source: | Sysctl read request: | Jump to behavior |
Language, Device and Operating System Detection: |
---|
Executes the "ioreg" command used to gather hardware information (I/O kit registry) | Show sources |
Source: | IOreg executable: | Jump to behavior |
Reads hardware related sysctl values | Show sources |
Source: | Sysctl read request: | Jump to behavior |
Reads the systems OS release and/or type | Show sources |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Reads the systems hostname | Show sources |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Reads the system or server version plist file | Show sources |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Executes the "defaults" command used to read or modify user specific settings | Show sources |
Source: | Defaults executable: | Jump to behavior |
Runtime Messages |
---|
Command: | open |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
Behavior Graph |
---|
Yara Overview |
---|
Antivirus Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Screenshots |
---|
Startup |
---|
|
Created / dropped Files |
---|
Process: | /private/tmp/Search.app/Contents/MacOS/Search |
File Type: | |
Size (bytes): | 181 |
Entropy (8bit): | 5.116840263214813 |
Encrypted: | false |
MD5: | E67BFD571368561F246E4AB021FB48D0 |
SHA1: | 2CDC676735E83E04FA6C80DE4B971136AAFEE52E |
SHA-256: | 706CDDB4EDD286C429728A63A6C25455571BD49376BBAD64D19102014B3FCEDA |
SHA-512: | 769026A74344BD45BD06397247C6AD5FD00C30A06D2C1368601DCA8A71232AB6D91CDDE9C60880D6DD647C775FE21634015E78A829F008A6342EF356B4CA5DC8 |
Malicious: | false |
Reputation: | low |
Process: | /Users/henry/Desktop/unpack/SpellingChecker.app/Contents/MacOS/SpellingChecker |
File Type: | |
Size (bytes): | 53113 |
Entropy (8bit): | 7.982567069854612 |
Encrypted: | false |
MD5: | 571DC46877EE9B1EE1A169B479018897 |
SHA1: | 2C2ECFB454A555432F4E126C9048836ED3EA0CF0 |
SHA-256: | 641773F7DBF383798BD4A1E2CA9E4949A975CE71F8BCCDE023B3921CF6158231 |
SHA-512: | AF29F31CE1AC8900BC6D34803FBF4B2BDD726864EE3E91606CD53972137DABDC47E9E7283FD17D333FB6808F6162F2703037006800C9570BCAAFDBA75403C1C4 |
Malicious: | false |
Reputation: | low |
Process: | /usr/bin/unzip |
File Type: | |
Size (bytes): | 1545 |
Entropy (8bit): | 5.159619643004488 |
Encrypted: | false |
MD5: | EFAFFBB1150117157339CD7ED4B690BF |
SHA1: | 12781F8207EF88D2648AF32462D6CAD6E07CFEEE |
SHA-256: | F9565F92C0FDC883F2B9B1011F18CA7BC4ACC0DF8F380DA49749A604C7BD9714 |
SHA-512: | 7D55F375B2E0DFD88A251C8181B41A2B77F10BAD311282EFEE272D6CC5FE2E3B3C1FE9AB7DAA4E7B1ECA72D05FEDCF5B58CCD435730E668583932ED35F015290 |
Malicious: | false |
Reputation: | low |
Process: | /usr/bin/unzip |
File Type: | |
Size (bytes): | 70384 |
Entropy (8bit): | 5.2940628185687935 |
Encrypted: | false |
MD5: | 964BACF4C598811008B7B6379945EB8A |
SHA1: | 158F6997464FAC2D28D5E096B00A893B8EF75E37 |
SHA-256: | 43FF15F25E382016BCCE277D3DBC3C9726EE8DFDC590593E381C795BCFEBABD4 |
SHA-512: | F44D722A67F83B78E1F8EB74B2F37CDA3B80929BB74B27F769900ADD49BE50795C7FFBB09FF6C8344B5CFEF98B2E2DCF23A58394B029D869AF854D8ABA4BCBF1 |
Malicious: | false |
Reputation: | low |
Process: | /usr/bin/unzip |
File Type: | |
Size (bytes): | 8 |
Entropy (8bit): | 1.75 |
Encrypted: | false |
MD5: | 23B7D7D024ABB0F558420E098800BF27 |
SHA1: | 9F9EEA0CFE2D65F2C3D6B092E375B40782D08F31 |
SHA-256: | 82502191C9484B04D685374F9879A0066069C49B8ACAE7A04B01D38D07E8ECA0 |
SHA-512: | F77D501528DD0CED155C80406CFBEE38D5D3649B64D2A9324F3D6CEE39491EB8F54CDEBAE49C6E21A20D2309D8FAE1B01C41631224811E73483DB25A2695738C |
Malicious: | false |
Reputation: | low |
Process: | /usr/bin/unzip |
File Type: | |
Size (bytes): | 43264 |
Entropy (8bit): | 7.045244400186084 |
Encrypted: | false |
MD5: | 0AEAC8F960CB18C95837C527B5ADF442 |
SHA1: | 36F94D29CB8B9BE5A3628EF83B2B8EDB9D25F723 |
SHA-256: | 7056CF58EC39D1C0F4B5D011C273490F72C88AF940F19F0EF3665D60BE0D92DA |
SHA-512: | 28A9B19F29D05604FE3F586DFF116CA42BA230BAE27DA022522774EBB71F500543F25BE6A609AC0D699A3A265EC8EEBA5C4CCBB250DAF5D51A9FC002C312062A |
Malicious: | false |
Reputation: | low |
Process: | /usr/bin/unzip |
File Type: | |
Size (bytes): | 2468 |
Entropy (8bit): | 4.905198116363016 |
Encrypted: | false |
MD5: | 6FF270AB1711BE733D4183A3A37C2008 |
SHA1: | 8621991927CB675E5B99A9DAF79074E03E1C4948 |
SHA-256: | CD8F2C2B948010489BD50E6294A3B6D73B01CDB106499D103EA6CEEA82274179 |
SHA-512: | A94B8859EF4661366BC588E2982007FCC961140BBBF4E53F1F9120CA6E3EEDFDB842E1424B092A4631FCC70DA44ADBCB4F0616C630B765339948A21DDDE4FEEE |
Malicious: | false |
Reputation: | low |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
vision-set.download | 195.154.31.197 | true | false | unknown | |
rs64nrl.info | 163.172.60.125 | true | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown | ||
false | unknown | ||
false | unknown | ||
false | unknown | ||
false | unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
195.154.31.197 | France | 12876 | AS12876FR | false | |
163.172.60.125 | United Kingdom | 12876 | AS12876FR | false |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.991438112092073 |
TrID: |
|
File name: | iWk7svKGhJ.app |
File size: | 88882 |
MD5: | 784a95029a730ccbbf1efac72d7264d6 |
SHA1: | f63a8de8645bb9ea1f053711be0808fd639179bd |
SHA256: | 4eaa4caea4ac543516ffc9954a901e8b8e8c623fcce48304ea74d7a74218683b |
SHA512: | 93ee9acf67fdbdaadc1e14ba4d801660c2065bbf139b6328f84a6d2f6684aa9912a9ee0881ba1d724b88966057fc5817fab8d324dc5168b61b3626ec484fbe52 |
File Content Preview: | PK........L.[L................SpellingChecker.app/UX.....[...Z.>..PK........L.[L................SpellingChecker.app/Contents/UX.....[...Z.>..PK........L.[L............,...SpellingChecker.app/Contents/_CodeSignature/UX.....[...Z.>..PK........V.[L.......... |
Static App Info |
---|
General Informations | |
---|---|
Package Info: | |
Property List File: |
Resources |
---|
Name | Type |
---|---|
Info.plist | XML document text |
PkgInfo | ASCII text, with no line terminators |
SpellingChecker | Mach-O 64-bit executable |
MainMenu.nib | Apple binary property list |
CodeResources | XML document text |
Info.plist | XML document text |
PkgInfo | ASCII text, with no line terminators |
SpellingChecker | Mach-O 64-bit executable |
MainMenu.nib | Apple binary property list |
CodeResources | XML document text |
Static Mach Info |
---|
General Informations for header0 | |
---|---|
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __PAGEZERO | |
fileoff | 0 | |
maxprot | 0 | |
vmsize | 4294967296 | |
nsects | 0 | |
flags | 0 | |
filesize | 0 | |
vmaddr | 0 | |
initprot | 0 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __TEXT | |
fileoff | 0 | |
maxprot | 7 | |
vmsize | 110592 | |
nsects | 10 | |
flags | 0 | |
filesize | 110592 | |
vmaddr | 4294967296 | |
initprot | 5 | |
Datas | sectname | __text |
segname | __TEXT | |
reloff | 0 | |
addr | 4294973108 | |
align | 0 | |
nreloc | 0 | |
flags | 2147484672 | |
offset | 5812 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 85048 | |
sectname | __stubs | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295058156 | |
align | 1 | |
nreloc | 0 | |
flags | 2147484680 | |
offset | 90860 | |
reserved2 | 6 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 564 | |
sectname | __stub_helper | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295058720 | |
align | 2 | |
nreloc | 0 | |
flags | 2147484672 | |
offset | 91424 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 956 | |
sectname | __cstring | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295059676 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 92380 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 5889 | |
sectname | __objc_methname | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295065565 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 98269 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 5036 | |
sectname | __objc_classname | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295070601 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 103305 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 163 | |
sectname | __objc_methtype | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295070764 | |
align | 0 | |
nreloc | 0 | |
flags | 2 | |
offset | 103468 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1380 | |
sectname | __gcc_except_tab | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295072144 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 104848 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 5312 | |
sectname | __const | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295077456 | |
align | 4 | |
nreloc | 0 | |
flags | 0 | |
offset | 110160 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 24 | |
sectname | __unwind_info | |
segname | __TEXT | |
reloff | 0 | |
addr | 4295077480 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 110184 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 408 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __DATA | |
fileoff | 110592 | |
maxprot | 7 | |
vmsize | 20480 | |
nsects | 18 | |
flags | 0 | |
filesize | 20480 | |
vmaddr | 4295077888 | |
initprot | 3 | |
Datas | sectname | __nl_symbol_ptr |
segname | __DATA | |
reloff | 0 | |
addr | 4295077888 | |
align | 3 | |
nreloc | 0 | |
flags | 6 | |
offset | 110592 | |
reserved2 | 0 | |
reserved1 | 94 | |
reserved3 | 0 | |
size | 16 | |
sectname | __got | |
segname | __DATA | |
reloff | 0 | |
addr | 4295077904 | |
align | 3 | |
nreloc | 0 | |
flags | 6 | |
offset | 110608 | |
reserved2 | 0 | |
reserved1 | 96 | |
reserved3 | 0 | |
size | 240 | |
sectname | __la_symbol_ptr | |
segname | __DATA | |
reloff | 0 | |
addr | 4295078144 | |
align | 3 | |
nreloc | 0 | |
flags | 7 | |
offset | 110848 | |
reserved2 | 0 | |
reserved1 | 126 | |
reserved3 | 0 | |
size | 752 | |
sectname | __const | |
segname | __DATA | |
reloff | 0 | |
addr | 4295078896 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 111600 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 96 | |
sectname | __cfstring | |
segname | __DATA | |
reloff | 0 | |
addr | 4295078992 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 111696 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 6848 | |
sectname | __objc_classlist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295085840 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 118544 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 56 | |
sectname | __objc_nlclslist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295085896 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 118600 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_catlist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295085904 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 118608 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_protolist | |
segname | __DATA | |
reloff | 0 | |
addr | 4295085912 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 118616 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 32 | |
sectname | __objc_imageinfo | |
segname | __DATA | |
reloff | 0 | |
addr | 4295085944 | |
align | 2 | |
nreloc | 0 | |
flags | 0 | |
offset | 118648 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_const | |
segname | __DATA | |
reloff | 0 | |
addr | 4295085952 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 118656 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 5592 | |
sectname | __objc_selrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295091544 | |
align | 3 | |
nreloc | 0 | |
flags | 268435461 | |
offset | 124248 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 1504 | |
sectname | __objc_protorefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295093048 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 125752 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 16 | |
sectname | __objc_classrefs | |
segname | __DATA | |
reloff | 0 | |
addr | 4295093064 | |
align | 3 | |
nreloc | 0 | |
flags | 268435456 | |
offset | 125768 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 232 | |
sectname | __objc_ivar | |
segname | __DATA | |
reloff | 0 | |
addr | 4295093296 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 126000 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 8 | |
sectname | __objc_data | |
segname | __DATA | |
reloff | 0 | |
addr | 4295093304 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 126008 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 640 | |
sectname | __data | |
segname | __DATA | |
reloff | 0 | |
addr | 4295093944 | |
align | 3 | |
nreloc | 0 | |
flags | 0 | |
offset | 126648 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 480 | |
sectname | __bss | |
segname | __DATA | |
reloff | 0 | |
addr | 4295094432 | |
align | 4 | |
nreloc | 0 | |
flags | 1 | |
offset | 0 | |
reserved2 | 0 | |
reserved1 | 0 | |
reserved3 | 0 | |
size | 768 |
segment_command_64 |
---|
Name | Value | |
---|---|---|
segname | __LINKEDIT | |
fileoff | 131072 | |
maxprot | 7 | |
vmsize | 24576 | |
nsects | 0 | |
flags | 0 | |
filesize | 23152 | |
vmaddr | 4295098368 | |
initprot | 1 |
dyld_info_command |
---|
Name | Value | |
---|---|---|
lazy_bind_size | 2496 | |
lazy_bind_off | 133176 | |
weak_bind_size | 0 | |
rebase_size | 296 | |
export_off | 135672 | |
export_size | 32 | |
bind_off | 131368 | |
rebase_off | 131072 | |
bind_size | 1808 | |
weak_bind_off | 0 |
symtab_command |
---|
Name | Value | |
---|---|---|
strsize | 3200 | |
symoff | 135928 | |
stroff | 139208 | |
nsyms | 150 |
dysymtab_command |
---|
Name | Value | |
---|---|---|
extreloff | 0 | |
nlocrel | 0 | |
indirectsymoff | 138328 | |
modtaboff | 0 | |
nextrel | 0 | |
iundefsym | 2 | |
nmodtab | 0 | |
ilocalsym | 0 | |
nundefsym | 148 | |
nextrefsyms | 0 | |
locreloff | 0 | |
ntoc | 0 | |
nlocalsym | 1 | |
tocoff | 0 | |
extrefsymoff | 0 | |
nindirectsyms | 220 | |
iextdefsym | 1 | |
nextdefsym | 1 |
dylinker_command |
---|
Name | Value | |
---|---|---|
name | 12 | Data | /usr/lib/dyld |
uuid_command |
---|
Name | Value | |
---|---|---|
uuid | bf8a858cda863731950093ba2d5e4c5e |
version_min_command |
---|
Name | Value | |
---|---|---|
version | 657920 | |
reserved | 658688 |
source_version_command |
---|
Name | Value | |
---|---|---|
version | 0 |
entry_point_command |
---|
Name | Value | |
---|---|---|
stacksize | 0 | |
entryoff | 10551 |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.44.1 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 3840.170.5 | Data | /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.228.0 | Data | /usr/lib/libobjc.A.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.228.4 | Data | /usr/lib/libSystem.B.dylib |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.150.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 3840.170.5 | Data | /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 4864.54.3 | Data | /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 0.19.1 | Data | /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit |
dylib_command |
---|
Name | Value | |
---|---|---|
compatibility_version | 0.1.0 | |
timestamp | Thu Jan 01 01:00:02 1970 | |
name | 24 | |
current_version | 7681.195.3 | Data | /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration |
rpath_command |
---|
Name | Value | |
---|---|---|
path | 12 | Data | @executable_path/../Frameworks |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 135704 | |
datassize | 224 |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 135928 | |
datassize | 0 |
linkedit_data_command |
---|
Name | Value | |
---|---|---|
dataoff | 142416 | |
datassize | 11808 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Okt 3, 2018 14:12:20.368386984 MESZ | 58419 | 53 | 192.168.0.50 | 8.8.8.8 |
Okt 3, 2018 14:12:20.405252934 MESZ | 53 | 58419 | 8.8.8.8 | 192.168.0.50 |
Okt 3, 2018 14:12:20.407042027 MESZ | 49235 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.432302952 MESZ | 80 | 49235 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:20.432744026 MESZ | 49235 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.435791969 MESZ | 49235 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.461236000 MESZ | 80 | 49235 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:20.461371899 MESZ | 80 | 49235 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:20.461550951 MESZ | 49235 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.464737892 MESZ | 49236 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.487715006 MESZ | 80 | 49236 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:20.487932920 MESZ | 49236 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.488446951 MESZ | 49236 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.511671066 MESZ | 80 | 49236 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:20.511811018 MESZ | 80 | 49236 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:20.512022972 MESZ | 49236 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:20.528991938 MESZ | 49265 | 53 | 192.168.0.50 | 8.8.8.8 |
Okt 3, 2018 14:12:20.560709000 MESZ | 53 | 49265 | 8.8.8.8 | 192.168.0.50 |
Okt 3, 2018 14:12:20.561582088 MESZ | 49237 | 80 | 192.168.0.50 | 163.172.60.125 |
Okt 3, 2018 14:12:20.584357023 MESZ | 80 | 49237 | 163.172.60.125 | 192.168.0.50 |
Okt 3, 2018 14:12:20.584553003 MESZ | 49237 | 80 | 192.168.0.50 | 163.172.60.125 |
Okt 3, 2018 14:12:20.585050106 MESZ | 49237 | 80 | 192.168.0.50 | 163.172.60.125 |
Okt 3, 2018 14:12:20.607774973 MESZ | 80 | 49237 | 163.172.60.125 | 192.168.0.50 |
Okt 3, 2018 14:12:20.608927965 MESZ | 80 | 49237 | 163.172.60.125 | 192.168.0.50 |
Okt 3, 2018 14:12:20.609133959 MESZ | 49237 | 80 | 192.168.0.50 | 163.172.60.125 |
Okt 3, 2018 14:12:21.006465912 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.032002926 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.032253981 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.032751083 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.033561945 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.057768106 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.058928013 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.064258099 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.064476967 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.068537951 MESZ | 49239 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.094711065 MESZ | 80 | 49239 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.094913006 MESZ | 49239 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.095313072 MESZ | 49239 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.120892048 MESZ | 80 | 49239 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.121130943 MESZ | 80 | 49239 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.121359110 MESZ | 49239 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.124125957 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.149065971 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.149282932 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.149861097 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.175211906 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.175479889 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.175589085 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.175760031 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.175822020 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.175872087 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.175980091 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.176088095 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.176131010 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.176142931 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.176201105 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.176275015 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.176309109 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.176417112 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.176460981 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.176531076 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.176618099 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.176630020 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.201268911 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.201314926 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.201514006 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.201586008 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.201602936 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.201623917 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.201790094 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.201827049 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.201901913 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202009916 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.202008963 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202150106 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202205896 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.202229977 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202341080 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202406883 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.202450037 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202517986 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.202559948 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202667952 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202694893 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.202779055 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202869892 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.202888012 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.202997923 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.203037977 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.203104973 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.203191042 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.203216076 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.203289032 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.226723909 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.226769924 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.226977110 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227087975 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227144003 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227168083 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227202892 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227310896 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227334976 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227475882 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227507114 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227582932 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227694035 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227727890 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227799892 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.227896929 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227909088 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.227966070 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228066921 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228179932 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228229046 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.228297949 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228341103 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.228398085 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228509903 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228535891 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.228614092 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.228622913 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228729963 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228800058 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.228838921 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228893995 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:21.228971004 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:21.229055882 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.303474903 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.303718090 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.328821898 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.336076975 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.336282969 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.337944984 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.338150978 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.363127947 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.364283085 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.364473104 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.367214918 MESZ | 49237 | 80 | 192.168.0.50 | 163.172.60.125 |
Okt 3, 2018 14:12:24.367216110 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.367216110 MESZ | 49239 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.367217064 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.367218018 MESZ | 49236 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.367221117 MESZ | 49235 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.389642954 MESZ | 80 | 49237 | 163.172.60.125 | 192.168.0.50 |
Okt 3, 2018 14:12:24.389909029 MESZ | 49237 | 80 | 192.168.0.50 | 163.172.60.125 |
Okt 3, 2018 14:12:24.390078068 MESZ | 80 | 49236 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.390259981 MESZ | 49236 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.392165899 MESZ | 80 | 49238 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.392318010 MESZ | 80 | 49240 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.392337084 MESZ | 49238 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.392494917 MESZ | 80 | 49235 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.392519951 MESZ | 49240 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.392657042 MESZ | 49235 | 80 | 192.168.0.50 | 195.154.31.197 |
Okt 3, 2018 14:12:24.392959118 MESZ | 80 | 49239 | 195.154.31.197 | 192.168.0.50 |
Okt 3, 2018 14:12:24.393166065 MESZ | 49239 | 80 | 192.168.0.50 | 195.154.31.197 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Okt 3, 2018 14:12:20.368386984 MESZ | 58419 | 53 | 192.168.0.50 | 8.8.8.8 |
Okt 3, 2018 14:12:20.405252934 MESZ | 53 | 58419 | 8.8.8.8 | 192.168.0.50 |
Okt 3, 2018 14:12:20.528991938 MESZ | 49265 | 53 | 192.168.0.50 | 8.8.8.8 |
Okt 3, 2018 14:12:20.560709000 MESZ | 53 | 49265 | 8.8.8.8 | 192.168.0.50 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Okt 3, 2018 14:12:20.368386984 MESZ | 192.168.0.50 | 8.8.8.8 | 0xcb7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Okt 3, 2018 14:12:20.528991938 MESZ | 192.168.0.50 | 8.8.8.8 | 0x4d81 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Okt 3, 2018 14:12:20.405252934 MESZ | 8.8.8.8 | 192.168.0.50 | 0xcb7 | No error (0) | 195.154.31.197 | A (IP address) | IN (0x0001) | ||
Okt 3, 2018 14:12:20.560709000 MESZ | 8.8.8.8 | 192.168.0.50 | 0x4d81 | No error (0) | 163.172.60.125 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.0.50 | 49235 | 195.154.31.197 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Okt 3, 2018 14:12:20.435791969 MESZ | 0 | OUT | |
Okt 3, 2018 14:12:20.461371899 MESZ | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.0.50 | 49236 | 195.154.31.197 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Okt 3, 2018 14:12:20.488446951 MESZ | 1 | OUT | |
Okt 3, 2018 14:12:20.511811018 MESZ | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.0.50 | 49237 | 163.172.60.125 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Okt 3, 2018 14:12:20.585050106 MESZ | 2 | OUT | |
Okt 3, 2018 14:12:20.608927965 MESZ | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.0.50 | 49238 | 195.154.31.197 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Okt 3, 2018 14:12:21.032751083 MESZ | 3 | OUT | |
Okt 3, 2018 14:12:21.033561945 MESZ | 4 | OUT | |
Okt 3, 2018 14:12:21.064258099 MESZ | 5 | IN | |
Okt 3, 2018 14:12:24.303474903 MESZ | 65 | OUT | |
Okt 3, 2018 14:12:24.303718090 MESZ | 65 | OUT | |
Okt 3, 2018 14:12:24.336076975 MESZ | 66 | IN | |
Okt 3, 2018 14:12:24.337944984 MESZ | 66 | OUT | |
Okt 3, 2018 14:12:24.338150978 MESZ | 66 | OUT | |
Okt 3, 2018 14:12:24.364283085 MESZ | 67 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
4 | 192.168.0.50 | 49239 | 195.154.31.197 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Okt 3, 2018 14:12:21.095313072 MESZ | 5 | OUT | |
Okt 3, 2018 14:12:21.121130943 MESZ | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.0.50 | 49240 | 195.154.31.197 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Okt 3, 2018 14:12:21.149861097 MESZ | 7 | OUT | |
Okt 3, 2018 14:12:21.175479889 MESZ | 8 | IN |