Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

macOS Analysis Report
http://www.liveupdt.com/ext/rd.php

Overview

General Information

Sample URL:http://www.liveupdt.com/ext/rd.php
Analysis ID:577098
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Writes 64-bit Mach-O files to disk
Opens the Safari browser app

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:577098
Start date:23.02.2022
Start time:11:20:44
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://www.liveupdt.com/ext/rd.php
Analysis system description:Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:default
Detection:MAL
Classification:mal56.mac@0/10@2/0
  • Excluded IPs from analysis (whitelisted): 18.156.205.85, 18.156.44.202, 104.92.88.65, 93.184.220.29, 23.37.43.27, 142.250.203.106, 104.92.88.33, 142.250.203.99, 17.253.55.204, 17.253.55.208, 2.22.33.179, 104.90.178.254
  • Excluded domains from analysis (whitelisted): e11408.d.akamaiedge.net, cs9.wac.phicdn.net, ocsp-a.g.aaplimg.com, e8652.dscx.akamaiedge.net, gateway.icloud.com, g.symcd.com, api-glb-euc1b.smoot.apple.com, ocsp.digicert.com, safebrowsing.googleapis.com, help.apple.com, smoot-searchv2-euc1b.v.aaplimg.com, crl.root-x1.letsencrypt.org.edgekey.net, cds-cdn.v.aaplimg.com, cds.apple.com.akadns.net, e673.dsce9.akamaiedge.net, e8218.dscb1.akamaiedge.net, cds.apple.com, ocsp.pki.goog, help-ar.apple.com.edgekey.net, api.smoot.apple.com, bag-smoot.v.aaplimg.com, ocsp-ds.ws.symantec.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, configuration.apple.com, cds.apple.com.edgekey.net, ocsp.apple.com, help.origin-apple.com.akadns.net, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, e14768.dscb.akamaiedge.net
  • Report size getting too big, too many PREAD calls found.
  • VT rate limit hit for: https://www.liveupdt.com/ext/rd.php

Process Tree

  • System is macvm-highsierra
  • Safari (MD5: 8e18be737fe87f19fe7a97b4821e2005) Arguments: /Applications/Safari.app/Contents/MacOS/Safari
  • cleanup

Yara Signatures

No yara matches

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://www.liveupdt.com/ext/rd.phpAvira URL Cloud: detection malicious, Label: phishing
Source: http://www.liveupdt.com/ext/rd.phpVirustotal: Detection: 7%Perma Link
Source: unknownHTTPS traffic detected: 17.248.145.104:443 -> 192.168.11.11:49293 version: TLS 1.2
Source: unknownHTTPS traffic detected: 67.205.63.212:443 -> 192.168.11.11:49297 version: TLS 1.2
Source: unknownHTTPS traffic detected: 67.205.63.212:443 -> 192.168.11.11:49310 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: www.liveupdt.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49293 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49310
Source: unknownNetwork traffic detected: HTTP traffic on port 49297 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49297
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49293
Source: unknownNetwork traffic detected: HTTP traffic on port 49310 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.17.205
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.17.205
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.5.115
Source: unknownTCP traffic detected without corresponding DNS query: 23.211.5.115
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ext/rd.php HTTP/1.1Host: www.liveupdt.comUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive
Source: .dat.nosync0345.lRGPMG.257.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: .dat.nosync0345.BgAhBy.257.drString found in binary or memory: https://www.liveupdt.com/ext/rd.php
Source: unknownHTTPS traffic detected: 17.248.145.104:443 -> 192.168.11.11:49293 version: TLS 1.2
Source: unknownHTTPS traffic detected: 67.205.63.212:443 -> 192.168.11.11:49297 version: TLS 1.2
Source: unknownHTTPS traffic detected: 67.205.63.212:443 -> 192.168.11.11:49310 version: TLS 1.2
Source: classification engineClassification label: mal56.mac@0/10@2/0
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-W7Mg4cJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-yUqOzIJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-1M1Fq6Jump to dropped file
Source: /usr/libexec/xpcproxy (PID: 837)Safari app opened: /Applications/Safari.app/Contents/MacOS/SafariJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plistJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)Random device file read: /dev/urandomJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)XML plist file created: /Users/berri/Library/Safari/.dat.nosync0345.lRGPMGJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync0345.2dbALVJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)Binary plist file created: /Users/berri/Library/Safari/.dat.nosync0345.BgAhByJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 837)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Plist Modification		1
Plist Modification		Direct Volume AccessOS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 577098 URL: http://www.liveupdt.com/ext... Startdate: 23/02/2022 Architecture: MAC Score: 56 8 www.liveupdt.com 67.205.63.212, 443, 49295, 49297 DREAMHOST-ASUS United States 2->8 10 23.211.5.115, 49287, 80 AKAMAI-ASUS United States 2->10 12 2 other IPs or domains 2->12 14 Antivirus / Scanner detection for submitted sample 2->14 16 Multi AV Scanner detection for submitted file 2->16 6 xpcproxy Safari 9 2->6         started        signatures3 process4

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


cam-macmac-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://www.liveupdt.com/ext/rd.php8%VirustotalBrowse
http://www.liveupdt.com/ext/rd.php100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
gateway.fe.apple-dns.net0%VirustotalBrowse
www.liveupdt.com6%VirustotalBrowse
x1.c.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://www.liveupdt.com/ext/rd.php100%Avira URL Cloudphishing

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gateway.fe.apple-dns.net
17.248.145.104
truefalseunknown
www.liveupdt.com
67.205.63.212
truetrueunknown
pki-goog.l.google.com
142.250.203.99
truefalse
    		high
    x1.c.lencr.org
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://www.liveupdt.com/ext/rd.phptrue
      		unknown
      NameSourceMaliciousAntivirus DetectionReputation
      https://www.liveupdt.com/ext/rd.php.dat.nosync0345.BgAhBy.257.drtrue
      • Avira URL Cloud: phishing
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      23.211.5.115
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      67.205.63.212
      		www.liveupdt.comUnited States
      		26347DREAMHOST-ASUStrue

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Apple binary property list
      Category:dropped
      Size (bytes):1513
      Entropy (8bit):7.251278254979247
      Encrypted:false
      SSDEEP:24:/MVp+dVGmEH3oFqBSIebHoTAqg97kwzxlXogfdOK67P3zteFRsSQFnCEt:E3NmrA8oTlg9wwXXf1OPrztADQFCg
      MD5:F19D87317A248BACB51E5AC6D55216CF
      SHA1:CEDD26DC5BCFADCD390B3208B91FAC265C368BDC
      SHA-256:73734077A324573A536527DC24999ABA0DE7D11462D37A5CBC873DE5C196DB1D
      SHA-512:44A3306990CE4E1D6E835BD51835AE7F82BCD26A7F65DFAC727DADED5F2D38FFDCDE5523C7E6085C1DA2C2183D56D8BA1217CF9FE59BCD04CA1D496E5B36A616
      Malicious:false
      Reputation:low
      Preview:bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A..((&......S2.0_.$9D0B6608-13FF-44C9-9CFF-140C8C1D9483_..{{0, 52}, {1024, 693}}.... !."#.$%&'()*.,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O..G...r.../O..=....u.;.....@./"..........#.Z..r..f.h<i%.?%{O...|.{&...b...*Xx........b.......-.!jQfc.W.#....Q.f`6.4.e......wVyE~9..2.c..o)S.....PCV.....Y.Q...(o/`.q.....Rx...a..rF.....<..).n...g.g.j.B@BU..Z.-..$.]...Z.;......o..c...k,......[.H=..b..kEMo`).0...%v.H.*.!.}.Eu.iW.....j......|..j..C..r...X.t.[.....e.-.(......I../Ze...Z....;.n..NeulN..9.0y.d.~.F..-7..j1G....F.4.){..b...8.M...D...
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:XML 1.0 document, ASCII text
      Category:dropped
      Size (bytes):1012
      Entropy (8bit):5.286991847916908
      Encrypted:false
      SSDEEP:24:2dfyiwHuG5Ku3hu65juqVrTrmuGoTxR1F1xW:cfyP5Z/5PrUon1F1xW
      MD5:0C29425555C7FF0CA114B1FD0DC39C50
      SHA1:D7D808E8BE92462F4C3CEBA66734F0E9BB26ACDD
      SHA-256:52826AFEEC974BB7BACB85BDC01DC4F23BF917D65E04773D7CAD393F7866F3FD
      SHA-512:D9C8364A85F4B4A96CAAC1409F32F9D6B2F8AE19201E0ABD2D449A3EEDADD471E99E44BC92DEB5D8FB60287DA64A88E61B45F759E7B9A383A9BBE5F5FD242F95
      Malicious:false
      Reputation:low
      Preview:<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>SingleDeviceSaveChangesThrottlingPolicy</key>..<string>1:1440</string>..<key>MultipleDeviceSaveChangesThrottlingPolicy</key>..<string>50:1 | 10:2 | 10:5 | 10:30 | 9:40 | 1:510</string>..<key>SingleDeviceFetchChangesThrottlingPolicy</key>..<string>11:15 | 1:1275</string>..<key>MultipleDeviceFetchChangesThrottlingPolicy</key>..<string>50:1 | 50:3 | 20:4 | 20:5 | 20:15 | 20:18 | 20:20</string>..<key>SyncCircleSizeRetrievalThrottlingPolicy</key>..<string>1:1440</string>..<key>MaximumRequestLimitCharacterCount</key>..<integer>100000</integer>..<key>SyncWindow</key>..<real>1209600</real>..<key>HistoryModificationIdleDelayBeforeSyncAttemptKey</key>..<integer>90</integer>..<key>HistoryRemovalIdleDelayBeforeSyncAttempt</key>..<integer>6</integer>..<key>SaveChangesBeforeTerminationTimeout</key>..<integer>1</integer>.</dic
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):803
      Entropy (8bit):7.6982156720665404
      Encrypted:false
      SSDEEP:12:6v/7KkBgFkdUZhfQ3VXRjK+fw3jIT4DAtmm80JJu1cMInH+1GbGFyM5SW8R4P7:7sUZtQlhmbPDSmdrYeYb0yvW8e
      MD5:01574C9C36BE716E31B885A2EC4D4EB9
      SHA1:4DBF323B0023ECBC9A7A6786A863C89ACFB4B26F
      SHA-256:40A8F24C22200FE18D0FE1910781B3489E51594C13958E93BCEEF0F54B8503C4
      SHA-512:1A65824CCE6C8CB2E2CD987AB754EAA410972CD5207ED79AC7D9927E1E3A0E5FF1154BF9B77BDF98282EB0AB7E6153F19497FD74902A90CCC96DFA4CDF0273D7
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR...0...1......^*"....IDATx..[k.Q...}.U[l..D..ED...A}..O BH.........."..>.Bs...>X..5m......q.g..M.4.M..;0.0.....s..|.x.'.8I.>?..../.!..mJ.cc..'...3.C....M...>.I..2...kR...E.z...\S1..f.._....j->.H>.lWO...$.Z.J(.=.f...1g....&?8y.$.+.v..[d.M.,.xa&.x.uX"....J...$.-..*..<..;....u.a.k........$x9.'.[..NT..k......../O./...........a.Y7.../....q..._....h..,0.F.F..\M.Q....V2.../.`.Y7....J.....t...>F...f..\...%..4`...c%..G.!0.;RB.oq....y.9m.Y...l.yp...>......#U)k...8...v.V....y.NlV...L'..vT?..J...A..'pg...R.A..'pw..-.....2.C.X.%@m.g.._i(c...x...5}.".l..7.@(.MVV?./......U..-.....8..`s*|..H..s./!:..@.....Uu#Gt!.~...1.`..5m4.h.....$.cs...4..+..b[....f.....@pbSE..\A.>............q..^...QB.W.U.I.1...{.&...O..d.,j.. ..x..@.4......X>O<...W.o.WY".[.$....IEND.B`.
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:ASCII text
      Category:dropped
      Size (bytes):61
      Entropy (8bit):4.668121763650529
      Encrypted:false
      SSDEEP:3:tXyuPXUfWPWdF2/lZGA1WOv:dM+PWmZiA
      MD5:C4B4F458F8C923434FC7BF3E885B8020
      SHA1:0BCDC4C51F385BD2400F0ECE4B8707C5B4D36389
      SHA-256:707C2C14219E2E3DE40BBC8FDF2F650138EC8C24B7562726ACF32E6303D0894E
      SHA-512:E43F238AEAE64E656D43BD8313BB45D17713319CB0E78ED53997B573A493215E1EF04A737EE69AC01C8242EEBC663D45F855E8685A34CF53B5E7705E1D967BDD
      Malicious:false
      Reputation:low
      Preview:2022-02-23 12:21:35.538 Safari[837:5720] ApplePersistence=NO.
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Apple binary property list
      Category:dropped
      Size (bytes):76
      Entropy (8bit):3.9370658315190226
      Encrypted:false
      SSDEEP:3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
      MD5:CDC65B5F112547EAFAE0F16F9C149426
      SHA1:AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
      SHA-256:1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
      SHA-512:E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
      Malicious:false
      Reputation:low
      Preview:bplist00..._..ExtensionArchivesExtracted...(...............................)
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mac OS X Keychain File
      Category:dropped
      Size (bytes):48908
      Entropy (8bit):3.533948990143748
      Encrypted:false
      SSDEEP:384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/
      MD5:09070E01FA6ED1973D94FAD50C35E3ED
      SHA1:7546663E66F9889EE3365A7A0BE372300C6022CA
      SHA-256:2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F
      SHA-512:621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3
      Malicious:false
      Reputation:low
      Preview:kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mac OS X Keychain File
      Category:dropped
      Size (bytes):4404
      Entropy (8bit):3.5113078915037033
      Encrypted:false
      SSDEEP:48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX
      MD5:D487F899A14AE98519B46D51BC810F1B
      SHA1:64877ECFBE47ED66EED545B2449BBE8B22B775D0
      SHA-256:4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D
      SHA-512:EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40
      Malicious:false
      Reputation:low
      Preview:kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
      Category:dropped
      Size (bytes):4752
      Entropy (8bit):5.761647040683616
      Encrypted:false
      SSDEEP:96:xKvjeoJ2eQIMA1EVQvOsD1cbY2vF/jllllllllKflNJz5w6w:0dJ2eQpMtxmvrllllllllKfly
      MD5:1D6F449D22D11E760495CE85C933ADF8
      SHA1:D77F5B05549E51310D0C96347482178EBD23C476
      SHA-256:BEF505FE1329E19B4AF2FFFD868C753A0824B96FB4531BD106C810D96EFB1D94
      SHA-512:4A9F4BD053BC5069625D60DDD3E1225E01FCE6B31824C35A12D7CAFAC2AD9BF79EE7785A6860E5549836970D8A4C7968355EC715C652EE1C771EDD9D9D1616A6
      Malicious:false
      Reputation:low
      Preview:.................... ...............(...__TEXT..........................................................__text..........__TEXT..................k.......................................__const.........__TEXT..................@.......................................__literal4......__TEXT..........................................................__compact_unwind__LD....................@.......................................__eh_frame......__TEXT..................h..........................h............__opencl........__TEXT..........p...............p...................................H...__LINKEDIT...............................................................{..T@_.d...a.C"...0.......................................X...........X...................P...................................................................................................................................................................................................................................................
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
      Category:dropped
      Size (bytes):4780
      Entropy (8bit):5.78784933687558
      Encrypted:false
      SSDEEP:96:xav2J2yfQoIeVyCxVaBHlZF/jllllllllKflPz5w65:keJ2OQYTTarllllllllKflT
      MD5:6903FFA70C6EF8F2493E3E49101C694D
      SHA1:B70A5F8C3F48BB2251B114500DFFF1CCCE72D966
      SHA-256:633CEE31BFBF56590F6B62891CD0CB55264FD0F01E183036D8E3556B9EFF72D5
      SHA-512:2A8A297AEE0F285EAA494BA5B731D023BF6438E207B83495FF490EB67BE3D9B4E887F91680761E759973D9FEC782B9E0CEC7E1957C4E794739A0DF90E2346D87
      Malicious:false
      Reputation:low
      Preview:.................... ...............(...__TEXT..........................................................__text..........__TEXT..................[.......................................__const.........__TEXT..........`.......@.......`...............................__literal4......__TEXT..........................................................__compact_unwind__LD....................@.......................................__eh_frame......__TEXT..................h..........................h............__opencl........__TEXT..........P...............P...................................H...__LINKEDIT................................................................P/^(G....@.`.."...0.......................................h...........h...................P...................................................................................................................................................................................................................................................
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
      Category:dropped
      Size (bytes):17444
      Entropy (8bit):4.344757944263916
      Encrypted:false
      SSDEEP:384:wwjJcXgiRVP7J3AMqLllllllKfllJlROW:wga13AMqAOW
      MD5:737239EDB5D8B7977A5A8D928A1A8A26
      SHA1:0175F7B768051D8EEC31BEF07EA3C41E2A59290B
      SHA-256:545E972B5FD592C3607C71402888F87C07E18F1B8394001AE7352BCE6B362918
      SHA-512:E164F22FAA86FDD62FB075E8B22917A78C5B9CD9731D7C04C45A8A5CF6EDC1647EF7985F0360D60F299D6CE8B947DD04BA0366B7C6C2FFCDC9F2AC9309FC82F1
      Malicious:false
      Reputation:low
      Preview:........................................__TEXT...................0...............0......................__text..........__TEXT..........P...............P...............................__const.........__TEXT...........(......P........(..............................__literal4......__TEXT..........0+..............0+..............................__compact_unwind__LD............H+......@.......H+..............................__eh_frame......__TEXT...........+......h........+.................h............__symbol_stub1..__TEXT...........+...............+..............................__stub_helper...__TEXT...........+...............+..............................__opencl........__TEXT...........,...............,......................................__DATA...........0...............0..............................__nl_symbol_ptr.__DATA...........0...............0..............................__la_symbol_ptr.__DATA...........0...............0..................................H...__LINKEDIT......

      Static File Info

      No static file info

      Network Behavior

      Download Network PCAP: filteredfull

      Network Port Distribution

      • Total Packets: 89
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Feb 23, 2022 11:21:38.127042055 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.135236979 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.135869980 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.136168003 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.144287109 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.144404888 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.144474030 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.144536018 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.144581079 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.144643068 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.144694090 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.145108938 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.145210981 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.145226955 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.145239115 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.145251036 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.253391027 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.261603117 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.261672974 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.261718035 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.262345076 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.262445927 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.315386057 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.315457106 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.315833092 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.315911055 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.316677094 CET4929580192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:38.316951990 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.323538065 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.323628902 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.323669910 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.323709965 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.323764086 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.324018002 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.324980974 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326001883 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326107979 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326199055 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326256037 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326309919 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326364040 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.326458931 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.326519966 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.326775074 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.326813936 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.326932907 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.326952934 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.327095985 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.327172041 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.327224970 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.327708006 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.327800989 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.327815056 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.392680883 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:38.400644064 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:38.415904045 CET804929567.205.63.212192.168.11.11
      Feb 23, 2022 11:21:38.416388035 CET4929580192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:38.417150021 CET4929580192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:38.516392946 CET804929567.205.63.212192.168.11.11
      Feb 23, 2022 11:21:38.777218103 CET804929567.205.63.212192.168.11.11
      Feb 23, 2022 11:21:38.777622938 CET4929580192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:38.789688110 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:39.353552103 CET804929567.205.63.212192.168.11.11
      Feb 23, 2022 11:21:39.354655981 CET4929580192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:39.354839087 CET4929580192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:39.454129934 CET804929567.205.63.212192.168.11.11
      Feb 23, 2022 11:21:39.623286963 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:39.623388052 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:39.623656034 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:39.631757021 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:39.631825924 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:39.631870031 CET4434929317.248.145.104192.168.11.11
      Feb 23, 2022 11:21:39.632363081 CET49293443192.168.11.1117.248.145.104
      Feb 23, 2022 11:21:39.805162907 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:39.905467987 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:39.906178951 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:39.906419039 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:40.006531000 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:41.978424072 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:41.978511095 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:41.978559017 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:41.978593111 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:41.979070902 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:41.979105949 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:41.979185104 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:41.979428053 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:41.979892015 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.120003939 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.219810009 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.220156908 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.220190048 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.220551968 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.220632076 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.223906994 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.223984957 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.224131107 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.224164009 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.224229097 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.323878050 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.323925018 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.324273109 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.324385881 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.325944901 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.326451063 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.367310047 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.466187000 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:42.466600895 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.466999054 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:42.566158056 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.548182964 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.548295975 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.548306942 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.548315048 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.548727036 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.548819065 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.548969984 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.549253941 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.549635887 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.557528019 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.636044025 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.636101961 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.636142969 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.636497021 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.636534929 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.636550903 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.637851000 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.637896061 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.638477087 CET49297443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.656672001 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.656703949 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.656800985 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.657149076 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.657208920 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.658016920 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.658080101 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.658103943 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.658118963 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.658133030 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.737781048 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.738301039 CET4434929767.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.757344007 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.757421970 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.757749081 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:43.758619070 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:43.758955956 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:45.516078949 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:45.516163111 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:45.516875982 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:45.516985893 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:45.517004967 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:45.517103910 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:45.517330885 CET49310443192.168.11.1167.205.63.212
      Feb 23, 2022 11:21:45.616678953 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:21:45.616744995 CET4434931067.205.63.212192.168.11.11
      Feb 23, 2022 11:22:03.861161947 CET4928580192.168.11.1117.253.17.205
      Feb 23, 2022 11:22:04.016201973 CET804928517.253.17.205192.168.11.11
      Feb 23, 2022 11:22:04.016796112 CET4928580192.168.11.1117.253.17.205
      Feb 23, 2022 11:22:34.242413998 CET4928780192.168.11.1123.211.5.115
      Feb 23, 2022 11:22:34.251344919 CET804928723.211.5.115192.168.11.11
      Feb 23, 2022 11:22:34.252055883 CET4928780192.168.11.1123.211.5.115
      TimestampSource PortDest PortSource IPDest IP
      Feb 23, 2022 11:21:38.304719925 CET5096553192.168.11.111.1.1.1
      Feb 23, 2022 11:21:38.315015078 CET53509651.1.1.1192.168.11.11
      Feb 23, 2022 11:21:42.019087076 CET5158553192.168.11.111.1.1.1
      Feb 23, 2022 11:22:05.614177942 CET53513991.1.1.1192.168.11.11

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Feb 23, 2022 11:21:38.304719925 CET192.168.11.111.1.1.10xf07cStandard query (0)www.liveupdt.comA (IP address)IN (0x0001)
      Feb 23, 2022 11:21:42.019087076 CET192.168.11.111.1.1.10xb843Standard query (0)x1.c.lencr.orgA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.145.104A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.145.83A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.145.145A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.248.74A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.145.239A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.145.78A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.145.167A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.124434948 CET1.1.1.1192.168.11.110xf89eNo error (0)gateway.fe.apple-dns.net17.248.248.42A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:38.315015078 CET1.1.1.1192.168.11.110xf07cNo error (0)www.liveupdt.com67.205.63.212A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:40.146079063 CET1.1.1.1192.168.11.110x292bNo error (0)pki-goog.l.google.com142.250.203.99A (IP address)IN (0x0001)
      Feb 23, 2022 11:21:42.027430058 CET1.1.1.1192.168.11.110xb843No error (0)x1.c.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)

      HTTP Request Dependency Graph

      • www.liveupdt.com

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination Port
      0192.168.11.114929567.205.63.21280
      TimestampkBytes transferredDirectionData
      Feb 23, 2022 11:21:38.417150021 CET89OUTGET /ext/rd.php HTTP/1.1
      Host: www.liveupdt.com
      Upgrade-Insecure-Requests: 1
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      Connection: keep-alive
      Feb 23, 2022 11:21:38.777218103 CET89INHTTP/1.1 301 Moved Permanently
      Date: Wed, 23 Feb 2022 10:21:38 GMT
      Server: Apache
      Location: https://www.liveupdt.com/ext/rd.php
      Content-Length: 243
      Keep-Alive: timeout=2, max=100
      Connection: Keep-Alive
      Content-Type: text/html; charset=iso-8859-1
      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 69 76 65 75 70 64 74 2e 63 6f 6d 2f 65 78 74 2f 72 64 2e 70 68 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.liveupdt.com/ext/rd.php">here</a>.</p></body></html>


      HTTPS Packets

      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
      Feb 23, 2022 11:21:38.144643068 CET17.248.145.104443192.168.11.1149293C=US, ST=California, O=Apple Inc., CN=gateway.icloud.com C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=GeoTrust Global CA, O=GeoTrust Inc., C=USTue Jun 22 13:54:06 CEST 2021 Wed Dec 12 13:00:00 CET 2018 Mon Jun 16 17:42:02 CEST 2014Fri Jul 22 13:54:05 CEST 2022 Wed May 07 14:00:00 CEST 2025 Fri May 20 17:42:02 CEST 2022771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
      C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Dec 12 13:00:00 CET 2018Wed May 07 14:00:00 CEST 2025
      C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1CN=GeoTrust Global CA, O=GeoTrust Inc., C=USMon Jun 16 17:42:02 CEST 2014Fri May 20 17:42:02 CEST 2022
      Feb 23, 2022 11:21:41.979428053 CET67.205.63.212443192.168.11.1149297CN=www.liveupdt.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Mon Jan 24 07:33:10 CET 2022 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Sun Apr 24 08:33:09 CEST 2022 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
      CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
      CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
      Feb 23, 2022 11:21:43.549253941 CET67.205.63.212443192.168.11.1149310CN=www.liveupdt.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Mon Jan 24 07:33:10 CET 2022 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Sun Apr 24 08:33:09 CEST 2022 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
      CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
      CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024

      System Behavior

      General

      Start time:11:21:35
      Start date:23/02/2022
      Path:/usr/libexec/xpcproxy
      Arguments:n/a
      File size:43488 bytes
      MD5 hash:d1bb9a4899f0af921e8188218b20d744

      File Activities

      Process Activities

      System Activities

      General

      Start time:11:21:35
      Start date:23/02/2022
      Path:/Applications/Safari.app/Contents/MacOS/Safari
      Arguments:/Applications/Safari.app/Contents/MacOS/Safari
      File size:20896 bytes
      MD5 hash:8e18be737fe87f19fe7a97b4821e2005

      File Activities

      System Activities