Malware Analysis Report

2024-10-23 20:26

Sample ID 240901-kp2m7awekm
Target Password a.rar
SHA256 fe334383fda5544da762cfdf0e63b67f8353697bd978954eab09c6edba951488
Tags
xenorat discovery rat trojan evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fe334383fda5544da762cfdf0e63b67f8353697bd978954eab09c6edba951488

Threat Level: Known bad

The file Password a.rar was found to be: Known bad.

Malicious Activity Summary

xenorat discovery rat trojan evasion

XenorRat

Xenorat family

Executes dropped EXE

Checks computer location settings

Resource Forking

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Scheduled Task/Job: Scheduled Task

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-01 08:47

Signatures

Xenorat family

xenorat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-01 08:47

Reported

2024-09-02 01:18

Platform

win10-20240404-en

Max time kernel

599s

Max time network

386s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe"

Signatures

XenorRat

trojan rat xenorat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe

"C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5D81.tmp" /F

Network

Country Destination Domain Proto
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp

Files

memory/1452-0-0x000000007407E000-0x000000007407F000-memory.dmp

memory/1452-1-0x00000000006D0000-0x00000000006E2000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe

MD5 5ef7344600895b2f13d5d8e44537d946
SHA1 bdf05e86b0c923a0c1edead40cc50819b185d4c0
SHA256 50866224673bc35d89ba701eaf3e794f452fecf308e9fab36be21fe8c486a9d0
SHA512 9563e4b2c98e3ccc8b47c9739a9a74680c9782f1bd18d67c80fb5f85e6bc667df72978b3d7858ddb30ba522d574215b720a2792b7e9e6d34759d0cdc2eb43c69

memory/1272-9-0x0000000074070000-0x000000007475E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp5D81.tmp

MD5 2ab093f77a33e7004e362f78c87763a8
SHA1 2a4dcef9285dd583a33c1c5195cac7a37daee193
SHA256 4691f336ef4ce21e9f11416ab10393a8d4760db2025cfc0bd59acc25e018e234
SHA512 343b32e2048b259717e04dd98ef8900f3951ca79169947f1ed642b76965d95d517bd5a7878897aee21bd4350ac96aa1240e9d7e86e0fb53b05e28da716e95d3f

memory/1272-11-0x0000000074070000-0x000000007475E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-01 08:47

Reported

2024-09-02 01:19

Platform

win10v2004-20240802-en

Max time kernel

594s

Max time network

424s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe"

Signatures

XenorRat

trojan rat xenorat

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe

"C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA633.tmp" /F

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp

Files

memory/3288-0-0x00000000752EE000-0x00000000752EF000-memory.dmp

memory/3288-1-0x0000000000A80000-0x0000000000A92000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe

MD5 5ef7344600895b2f13d5d8e44537d946
SHA1 bdf05e86b0c923a0c1edead40cc50819b185d4c0
SHA256 50866224673bc35d89ba701eaf3e794f452fecf308e9fab36be21fe8c486a9d0
SHA512 9563e4b2c98e3ccc8b47c9739a9a74680c9782f1bd18d67c80fb5f85e6bc667df72978b3d7858ddb30ba522d574215b720a2792b7e9e6d34759d0cdc2eb43c69

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fixer.exe.log

MD5 916851e072fbabc4796d8916c5131092
SHA1 d48a602229a690c512d5fdaf4c8d77547a88e7a2
SHA256 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d
SHA512 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

memory/2196-15-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/2196-17-0x00000000752E0000-0x0000000075A90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpA633.tmp

MD5 2ab093f77a33e7004e362f78c87763a8
SHA1 2a4dcef9285dd583a33c1c5195cac7a37daee193
SHA256 4691f336ef4ce21e9f11416ab10393a8d4760db2025cfc0bd59acc25e018e234
SHA512 343b32e2048b259717e04dd98ef8900f3951ca79169947f1ed642b76965d95d517bd5a7878897aee21bd4350ac96aa1240e9d7e86e0fb53b05e28da716e95d3f

memory/3288-19-0x00000000752EE000-0x00000000752EF000-memory.dmp

memory/2196-20-0x00000000752E0000-0x0000000075A90000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-01 08:47

Reported

2024-09-02 01:19

Platform

win11-20240802-en

Max time kernel

595s

Max time network

434s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe"

Signatures

XenorRat

trojan rat xenorat

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe

"C:\Users\Admin\AppData\Local\Temp\Fixer\Fixer.exe"

C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "System-33" /XML "C:\Users\Admin\AppData\Local\Temp\tmpB7B7.tmp" /F

Network

Country Destination Domain Proto
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp
N/A 127.0.0.1:69 tcp

Files

memory/5244-0-0x000000007428E000-0x000000007428F000-memory.dmp

memory/5244-1-0x00000000002B0000-0x00000000002C2000-memory.dmp

C:\Users\Admin\AppData\Roaming\XenoManager\Fixer.exe

MD5 5ef7344600895b2f13d5d8e44537d946
SHA1 bdf05e86b0c923a0c1edead40cc50819b185d4c0
SHA256 50866224673bc35d89ba701eaf3e794f452fecf308e9fab36be21fe8c486a9d0
SHA512 9563e4b2c98e3ccc8b47c9739a9a74680c9782f1bd18d67c80fb5f85e6bc667df72978b3d7858ddb30ba522d574215b720a2792b7e9e6d34759d0cdc2eb43c69

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fixer.exe.log

MD5 1294de804ea5400409324a82fdc7ec59
SHA1 9a39506bc6cadf99c1f2129265b610c69d1518f7
SHA256 494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0
SHA512 033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1

memory/5864-16-0x0000000074280000-0x0000000074A31000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpB7B7.tmp

MD5 2ab093f77a33e7004e362f78c87763a8
SHA1 2a4dcef9285dd583a33c1c5195cac7a37daee193
SHA256 4691f336ef4ce21e9f11416ab10393a8d4760db2025cfc0bd59acc25e018e234
SHA512 343b32e2048b259717e04dd98ef8900f3951ca79169947f1ed642b76965d95d517bd5a7878897aee21bd4350ac96aa1240e9d7e86e0fb53b05e28da716e95d3f

memory/5864-18-0x0000000074280000-0x0000000074A31000-memory.dmp

memory/5864-19-0x0000000074280000-0x0000000074A31000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-01 08:47

Reported

2024-09-02 01:27

Platform

macos-20240711.1-en

Max time kernel

349s

Max time network

393s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Fixer/Fixer.exe"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A
N/A /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Fixer/Fixer.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Fixer/Fixer.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Fixer/Fixer.exe]

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd

[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged

[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]

/usr/libexec/pkreporter

[/usr/libexec/pkreporter]

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer

[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]

/bin/zsh

[/bin/zsh -c /Users/run/Fixer/Fixer.exe]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/Users/run/Fixer/Fixer.exe

[/Users/run/Fixer/Fixer.exe]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 cds.apple.com udp
GB 104.127.16.171:443 cds.apple.com tcp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 help.apple.com udp
IT 92.123.45.166:443 help.apple.com tcp
IT 92.123.45.166:443 help.apple.com tcp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A