| Source: 86972127.dmg | String found in binary or memory: http://www.apple.com/dtds/propertylist-1.0.dtd |
| Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OK Date: Tue, 16 Feb 2016 15:49:43 GMT Server: Apache Set-Cookie: gvc=921vr2031833836932451; expires=Sun, 14-Feb-2021 15:49:43 GMT; path=/; domain=service.srvmd6.com; httponly Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrfIMFkSaoTSqKmC+BrghK0CpDHc0MuVzmMHin8LIORhpXbped+iYhSnZurWnEO0zcKcVIrzp026LVc5pMB9bUCAwEAAQ==_D5+KSlAoBD5rZGgsqUkd//2WfkZ3GgaWRoRI2j6Oo2UiZ1DQm5Q1usSjnEpeQ7ikqrsx8IUTkk5QDY4CudSCLQ== Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 5907 Keep-Alive: timeout=5, max=104 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3b d7 72 e3 48 92 cf 33 11 fb 0f 18 76 b4 d8 3d 2d 8a 30 04 49 50 a2 26 e8 bd f7 bc d9 50 c0 14 01 10 96 70 34 5a fd fb 65 01 74 32 dd 3d 7b b1 77 0f 7b 2b 76 48 a8 ac ac cc aa 74 95 99 60 3f fc 56 ee 95 c6 8b 7e 85 50 3c 43 27 fa 93 62 bb 51 22 62 89 64 72 c6 94 92 c9 f2 b8 4c d4 c7 9d 36 91 b |
| Source: global traffic | HTTP traffic detected: GET /Mac/getInstallerSettings/?version=mac%7Cv49%7C535&r1=clickid%253D42729767117912796%2526software%253D83&r2=0&r3=0&r4=0&dp= HTTP/1.1 Host: service.srvmd6.com Accept: */* Accept-Language: en-us Connection: keep-alive Accept-Encoding: gzip, deflate User-Agent: mac-os-x-installer/1 CFNetwork/720.3.13 Darwin/14.3.0 (x86_64) |
| Source: global traffic | HTTP traffic detected: GET /MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFHQkFGcGn%2FXgmD9ePhproGUqVBV1BBQBWavn3ToLWaZkY9bPIAdX1ZHnagIQEyA4ubHXyrHK2FbDJD3q1A%3D%3D HTTP/1.1 Host: sr.symcd.com Accept-Encoding: gzip, deflate Accept: */* User-Agent: ocspd/1.0.3 Accept-Language: en-us Cache-Control: max-age=300 Connection: keep-alive |
| Source: unknown | DNS traffic detected: queries for: service.srvmd6.com |
| Source: unknown | HTTP traffic detected: HTTP/1.1 200 OK Date: Tue, 16 Feb 2016 15:49:43 GMT Server: Apache Set-Cookie: gvc=921vr2031833836932451; expires=Sun, 14-Feb-2021 15:49:43 GMT; path=/; domain=service.srvmd6.com; httponly Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrfIMFkSaoTSqKmC+BrghK0CpDHc0MuVzmMHin8LIORhpXbped+iYhSnZurWnEO0zcKcVIrzp026LVc5pMB9bUCAwEAAQ==_D5+KSlAoBD5rZGgsqUkd//2WfkZ3GgaWRoRI2j6Oo2UiZ1DQm5Q1usSjnEpeQ7ikqrsx8IUTkk5QDY4CudSCLQ== Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 5907 Keep-Alive: timeout=5, max=104 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 3b d7 72 e3 48 92 cf 33 11 fb 0f 18 76 b4 d8 3d 2d 8a 30 04 49 50 a2 26 e8 bd f7 bc d9 50 c0 14 01 10 96 70 34 5a fd fb 65 01 74 32 dd 3d 7b b1 77 0f 7b 2b 76 48 a8 ac ac cc aa 74 95 99 60 3f fc 56 ee 95 c6 8b 7e 85 50 3c 43 27 fa 93 62 bb 51 22 62 89 64 72 c6 94 92 c9 f2 b8 4c d4 c7 9d 36 91 b |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Reads from socket in process: |
| Source: unknown | Network traffic detected: HTTP traffic on port 49184 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 49182 -> 443 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49184 |
| Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49182 |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Writes from socket in process: |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | HTML file containing JavaScript created: /private/var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/T/__setup/.dat016d.000 |
| Source: /bin/sh (PID: 372) | Defaults executable reading com.apple.Safari HomePage: /usr/bin/defaults |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | HTML file created with suspicious ad-related keywords: /private/var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/T/__setup/.dat016d.000 |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Random device file read: /dev/random |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Random device file read: /dev/random |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Hidden file created: /var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/T/__setup/.dat016d.000 |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Shell command executed: sh -c hdiutil info |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Shell command executed: sh -c logname | head -n 1 |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Shell command executed: sh -c defaults read com.apple.Safari HomePage |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Shell command executed: sh -c mktemp -d /var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/T/__setup |
| Source: /bin/sh (PID: 376) | Mktemp executable: /usr/bin/mktemp -> mktemp -d /var/folders/rz/z4lzdb9n2yg9fdd643nf823w0000gn/T/__setup |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Preferences launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | CFNetwork info plist opened: /System/Library/Frameworks/CFNetwork.framework/Resources/Info.plist |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Security framework info plist opened: /System/Library/Frameworks/Security.framework/Resources/Info.plist |
| Source: /bin/sh (PID: 368) | Hdiutil command executed: hdiutil info |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist |
| Source: /bin/sh (PID: 370) | Logname executable: /usr/bin/logname -> logname |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Sysctl requested: kern.ostype (1.1) |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Sysctl requested: kern.osrelease (1.2) |
| Source: /Users/vreni/Desktop/unpack/installer/installer.app/Contents/MacOS/mac-os-x-installer (PID: 365) | Sysctl requested: kern.hostname (1.10) |
| Source: /bin/sh (PID: 368) | Sysctl requested: kern.hostname (1.10) |
| Source: /bin/sh (PID: 369) | Sysctl requested: kern.hostname (1.10) |
| Source: /bin/sh (PID: 372) | Sysctl requested: kern.hostname (1.10) |
| Source: /usr/bin/defaults (PID: 372) | Sysctl requested: kern.hostname (1.10) |
| Source: /bin/sh (PID: 376) | Sysctl requested: kern.hostname (1.10) |
| Source: /bin/sh (PID: 372) | Defaults executable: /usr/bin/defaults -> defaults read com.apple.Safari HomePage |
Search in progress...
