macOS Analysis Report
Jacqueline_Dinsmore.pdf

Overview

General Information

Sample name: Jacqueline_Dinsmore.pdf
Analysis ID: 1525189
MD5: 02c546cf3968743d318fe66c4f9af5b2
SHA1: d2c564071d69de60469c61624c29acee8a8251df
SHA256: 29807f225357227915f9cd05d17def86b35f19ba81dd512c98a52ee82b891662
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false

Signatures

No high impact signatures.

Classification

Source: unknown HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net
Source: unknown Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown Network traffic detected: HTTP traffic on port 49393 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49383
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49381
Source: unknown Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown Network traffic detected: HTTP traffic on port 49394 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49394
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49393
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49383 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49381 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: classification engine Classification label: clean0.macPDF@0/1@1/0
Source: /Applications/Preview.app/Contents/MacOS/Preview (PID: 624) Random device file read: /dev/random Jump to behavior
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 646) Random device file read: /dev/random Jump to behavior
Source: /Applications/Preview.app/Contents/MacOS/Preview (PID: 624) AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist Jump to behavior
Source: /usr/bin/open (PID: 623) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
Source: /Applications/Preview.app/Contents/MacOS/Preview (PID: 624) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
cam-macmac-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.76.101.13
 unknown United States
16625 AKAMAI-ASUS false
151.101.3.6
 h3.apis.apple.map.fastly.net United States
54113 FASTLYUS false
151.101.195.6
 unknown United States
54113 FASTLYUS false

Contacted Domains

Name IP Active
h3.apis.apple.map.fastly.net 151.101.3.6 true