Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

macOS Analysis Report
V6QED2Q1WBYVOPE

Overview

General Information

Sample name:V6QED2Q1WBYVOPE
Analysis ID:1558654
MD5:6dee3bbd2bb0b9de6423700a8e1fe1e8
SHA1:88537c509c075956ba5d4e1d9fbdd18eaa357e53
SHA256:1001c1ed209abec59d96e0f27007561c3036c585dd0113ed3cc074bf6a11c105
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Mach-O contains sections with high entropy indicating compressed/encrypted content
Sample or dropped file has a small TEXT segment size indicating that the actual code is not in this segment hampering debugging

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1558654
Start date and time:2024-11-19 17:03:04 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 6s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultmacfilecookbook.jbs
Analysis system description:Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:10.14
CPU architecture:x86_64
Analysis Mode:default
Sample name:V6QED2Q1WBYVOPE
Detection:MAL
Classification:mal56.mac@0/0@1/0

Warnings

  • Excluded IPs from analysis (whitelisted): 17.253.97.205, 17.253.97.201, 17.36.200.79, 17.253.27.196, 17.253.27.204, 17.253.3.198, 23.58.90.40
  • Excluded domains from analysis (whitelisted): lcdn-locator-usuqo.apple.com.akadns.net, updates.cdn-apple.com.akadns.net, e673.dsce9.akamaiedge.net, crl.apple.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, lcdn-locator.apple.com.akadns.net, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, itunes.apple.com.edgekey.net, init.itunes.apple.com, updates.cdn-apple.com, init-cdn.itunes-apple.com.akadns.net
  • VT rate limit hit for: V6QED2Q1WBYVOPE

Runtime Messages

Command:/Users/bernard/Desktop/V6QED2Q1WBYVOPE
PID:620
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • System is macvm-mojave
  • V6QED2Q1WBYVOPE (MD5: 6dee3bbd2bb0b9de6423700a8e1fe1e8) Arguments: /Users/bernard/Desktop/V6QED2Q1WBYVOPE
  • eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: V6QED2Q1WBYVOPEAvira: detected
Multi AV Scanner detection for submitted file
Source: V6QED2Q1WBYVOPEReversingLabs: Detection: 50%
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49386 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.144.29
Source: unknownTCP traffic detected without corresponding DNS query: 23.48.144.29
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.93.152
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.93.152
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.93.152
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.93.152
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: h3.apis.apple.map.fastly.net
Source: V6QED2Q1WBYVOPE, 00000620.00000249.9.0000000115fcd000.0000000115ff6000.r--.sdmpString found in binary or memory: http://crl.apple.com/codesigning.crl0
Source: V6QED2Q1WBYVOPE, 00000620.00000249.9.0000000115fcd000.0000000115ff6000.r--.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: V6QED2Q1WBYVOPE, 00000620.00000249.9.0000000115fcd000.0000000115ff6000.r--.sdmpString found in binary or memory: http://www.apple.com/appleca/root.crl0
Source: V6QED2Q1WBYVOPE, 00000620.00000249.9.0000000115fcd000.0000000115ff6000.r--.sdmpString found in binary or memory: http://www.apple.com/certificateauthority0
Source: V6QED2Q1WBYVOPE, 00000620.00000249.9.0000000115fcd000.0000000115ff6000.r--.sdmpString found in binary or memory: https://www.apple.com/appleca/0
Source: unknownNetwork traffic detected: HTTP traffic on port 49397 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49386
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49385
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49384
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49383
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49382
Source: unknownNetwork traffic detected: HTTP traffic on port 49395 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49381
Source: unknownNetwork traffic detected: HTTP traffic on port 49353 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49382 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49353
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49397
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49396
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49395
Source: unknownNetwork traffic detected: HTTP traffic on port 49394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49394
Source: unknownNetwork traffic detected: HTTP traffic on port 49396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49390
Source: unknownNetwork traffic detected: HTTP traffic on port 49390 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49385 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49383 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49381 -> 443
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49386 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknownHTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: classification engineClassification label: mal56.mac@0/0@1/0
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 639)Random device file read: /dev/randomJump to behavior
Source: V6QED2Q1WBYVOPESubmission file: section __data with 7.99957854 entropy (max. 8.0)
Source: V6QED2Q1WBYVOPEMach-O __TEXT segment size: 0x1000 <= 16 KB

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Obfuscated Files or Information		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


cam-macmac-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
V6QED2Q1WBYVOPE100%AviraOSX/GM.Agent.MB
V6QED2Q1WBYVOPE50%ReversingLabsMacOS.Dropper.SAgnt

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
h3.apis.apple.map.fastly.net
151.101.131.6
truefalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    151.101.131.6
    		h3.apis.apple.map.fastly.netUnited States
    		54113FASTLYUSfalse
    23.48.144.29
    		unknownUnited States
    		20940AKAMAI-ASN1EUfalse
    23.195.93.152
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    151.101.67.6
    		unknownUnited States
    		54113FASTLYUSfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    151.101.131.6https://henrybodmerabeggco.wordpress.com/abegg-co-ag-proposal/Get hashmaliciousUnknownBrowse
      CalendlyAppGet hashmaliciousUnknownBrowse
        https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
          ConstateGet hashmaliciousUnknownBrowse
            https://topawardpicks.topGet hashmaliciousUnknownBrowse
              https://b3dc9.dynv6.net/en-tj/iphoneGet hashmaliciousUnknownBrowse
                https://b3dc9.dynv6.net/en-uz/macGet hashmaliciousUnknownBrowse
                  https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3DGet hashmaliciousUnknownBrowse
                    http://grifon.info/announce?info_hash=%08%95%AE%D1m%DD%1A%0B%CEo%C0%27%3Af%7B%14sf%3FC&peer_id=-AZ5770-SNhwkI5WcC8E&supportcrypto=1&port=51797&azudp=51797&uploaded=0&downloaded=0&left=243670495&corrupt=0&event=started&numwant=75&no_peer_id=1&compact=1&key=j9C8cT74&azver=3(87.236.16.208)Get hashmaliciousUnknownBrowse
                      23.48.144.29https://cdnperf-test.innertest.top/500b-bench.jpgGet hashmaliciousUnknownBrowse
                        http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505Get hashmaliciousUnknownBrowse
                          151.101.67.6CalendlyAppGet hashmaliciousUnknownBrowse
                            ConstateGet hashmaliciousUnknownBrowse
                              iB8UZgdjgkGet hashmaliciousCTHULHU STEALERBrowse
                                sakuraGet hashmaliciousUnknownBrowse
                                  GlobalProtect-6.3.1.pkgGet hashmaliciousUnknownBrowse
                                    https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==Get hashmaliciousUnknownBrowse
                                      https://topawardpicks.topGet hashmaliciousUnknownBrowse
                                        https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3DGet hashmaliciousUnknownBrowse

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          h3.apis.apple.map.fastly.nethttps://henrybodmerabeggco.wordpress.com/abegg-co-ag-proposal/Get hashmaliciousUnknownBrowse
                                          • 151.101.195.6
                                          https://my.toruftuiov.com/a43a39c3-796e-468c-aae4-b83c862e0918Get hashmaliciousUnknownBrowse
                                          • 151.101.3.6
                                          CalendlyAppGet hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          CalendlyAppGet hashmaliciousUnknownBrowse
                                          • 151.101.195.6
                                          ConstateGet hashmaliciousUnknownBrowse
                                          • 151.101.67.6
                                          iB8UZgdjgkGet hashmaliciousCTHULHU STEALERBrowse
                                          • 151.101.67.6
                                          sakuraGet hashmaliciousUnknownBrowse
                                          • 151.101.3.6
                                          GlobalProtect-6.3.1.pkgGet hashmaliciousUnknownBrowse
                                          • 151.101.195.6

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          AKAMAI-ASUSf5dc5302-022c-8bef-7a8e-e20ea821f59b.emlGet hashmaliciousHTMLPhisherBrowse
                                          • 2.19.126.160
                                          phish_alert_sp2_2.0.0.0 (7).emlGet hashmaliciousUnknownBrowse
                                          • 2.19.126.160
                                          https://fixedzip.oss-ap-southeast-5.aliyuncs.com/replace.txtGet hashmaliciousUnknownBrowse
                                          • 184.28.90.27
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 23.192.247.89
                                          file.exeGet hashmaliciousLummaCBrowse
                                          • 23.210.122.61
                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                          • 23.199.218.33
                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                          • 23.192.223.232
                                          Reminder_ Modifications to Employee Benefits Scheme & Salary Enhancement for Approval.pdf.emlGet hashmaliciousUnknownBrowse
                                          • 2.19.126.136
                                          Play audio message wav from Ann & Cory Ellis (Work).pdfGet hashmaliciousUnknownBrowse
                                          • 173.223.200.143
                                          owari.x86.elfGet hashmaliciousUnknownBrowse
                                          • 104.78.21.152
                                          FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.65.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.65.91
                                          f5dc5302-022c-8bef-7a8e-e20ea821f59b.emlGet hashmaliciousHTMLPhisherBrowse
                                          • 151.101.2.137
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.65.91
                                          dvwkja7.elfGet hashmaliciousMiraiBrowse
                                          • 151.101.66.49
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.193.91
                                          FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.65.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.65.91
                                          f5dc5302-022c-8bef-7a8e-e20ea821f59b.emlGet hashmaliciousHTMLPhisherBrowse
                                          • 151.101.2.137
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.1.91
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.65.91
                                          dvwkja7.elfGet hashmaliciousMiraiBrowse
                                          • 151.101.66.49
                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                          • 151.101.193.91
                                          AKAMAI-ASN1EUfile.exeGet hashmaliciousAmadey, Cryptbot, Stealc, VidarBrowse
                                          • 23.44.203.15
                                          jO7FHDAZ6f.pdfGet hashmaliciousUnknownBrowse
                                          • 172.232.4.213
                                          SP3IUr6MfJ.exeGet hashmaliciousAsyncRATBrowse
                                          • 172.233.187.199
                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                          • 23.206.195.168
                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                          • 23.221.22.214
                                          https://website-70396.convertflowpages.com/firstmarkinsuranceGet hashmaliciousHTMLPhisherBrowse
                                          • 172.233.61.221
                                          owari.sh4.elfGet hashmaliciousUnknownBrowse
                                          • 172.232.16.214
                                          owari.mpsl.elfGet hashmaliciousUnknownBrowse
                                          • 104.85.26.118
                                          owari.ppc.elfGet hashmaliciousUnknownBrowse
                                          • 172.237.240.232
                                          Portfolio Review _2024.htmlGet hashmaliciousUnknownBrowse
                                          • 2.19.97.184

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          5c118da645babe52f060d0754256a73cCalendlyAppGet hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          CalendlyAppGet hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          ConstateGet hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          iB8UZgdjgkGet hashmaliciousCTHULHU STEALERBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          sakuraGet hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          GlobalProtect-6.3.1.pkgGet hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6
                                          https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==Get hashmaliciousUnknownBrowse
                                          • 151.101.131.6
                                          • 151.101.67.6

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          No created / dropped files found

                                          Static File Info

                                          General

                                          File type:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>
                                          Entropy (8bit):7.999550458092694
                                          TrID:
                                          • Mac OS X Mach-O 64-bit Intel executable (4008/2) 50.02%
                                          • Mac OS X Mach-O 64-bit executable (little-endian) (4004/1) 49.98%
                                          File name:V6QED2Q1WBYVOPE
                                          File size:9'507'924 bytes
                                          MD5:6dee3bbd2bb0b9de6423700a8e1fe1e8
                                          SHA1:88537c509c075956ba5d4e1d9fbdd18eaa357e53
                                          SHA256:1001c1ed209abec59d96e0f27007561c3036c585dd0113ed3cc074bf6a11c105
                                          SHA512:0f6c7ebb1ae128eba6d1350058f00c026ad58f8d6a4c580fa73cf9eb9b8147581fca957894d4a1c4b1a6f5eb6c2d3264ad155f08551e895f405d5952839b8be7
                                          SSDEEP:196608:n5v0ZL3vCmgUTRDB397K0AHJuOML1SinMHc85tSygFHQy9VRnQI:nR09sUTb97plOMLTMHc4tPQFPRQI
                                          TLSH:18A6334DE6B32C36F6656274B07E789CB848671E65A1B2E9B0C4F7CD2C40D62C7782C6
                                          File Content Preview:.......................... .........H...__PAGEZERO..........................................................(...__TEXT..........................................................__text..........__TEXT..................*......................................

                                          Static Mach Info

                                          General Information for header 1
                                          Endian:little-endian
                                          Size:64-bit
                                          Architecture:x86_64
                                          Filetype:execute
                                          Nbr. of load commands:16
                                          Entry point:0x1000008E0
                                          segment_64  load command - aggregated: 4
                                          NameValue
                                          segname__PAGEZERO
                                          vmaddr0x0
                                          vmsize0x100000000
                                          fileoff0x0
                                          filesize0x0
                                          maxprot0x0
                                          initprot0x0
                                          nsects0
                                          flags0x0
                                          NameValue
                                          segname__TEXT
                                          vmaddr0x100000000
                                          vmsize0x1000
                                          fileoff0x0
                                          filesize0x1000
                                          maxprot0x7
                                          initprot0x5
                                          nsects6
                                          flags0x0
                                          Datas
                                          sectnamesegnameaddrsizeoffsetentropyalignreloffnrelocflags
                                          __text__TEXT0x1000008800x62A0x8805.0838377840x000x80000400
                                          __stubs__TEXT0x100000EAA0x4E0xEAA2.8683691210x000x80000400
                                          __stub_helper__TEXT0x100000EF80x920xEF83.3526879420x000x80000400
                                          __cstring__TEXT0x100000F8A0x120xF8A2.9749375000x000x0
                                          __unwind_info__TEXT0x100000F9C0x480xF9C1.6105680620x000x0
                                          __eh_frame__TEXT0x100000FE80x180xFE82.7841591330x000x0
                                          NameValue
                                          segname__DATA
                                          vmaddr0x100001000
                                          vmsize0x910000
                                          fileoff0x1000
                                          filesize0x910000
                                          maxprot0x7
                                          initprot0x3
                                          nsects4
                                          flags0x0
                                          Datas
                                          sectnamesegnameaddrsizeoffsetentropyalignreloffnrelocflags
                                          __nl_symbol_ptr__DATA0x1000010000x100x1000-0.0000000030x000x0
                                          __got__DATA0x1000010100x80x1010-0.0000000030x000x0
                                          __la_symbol_ptr__DATA0x1000010180x680x10182.0113499130x000x0
                                          __data__DATA0x1000010800x90F4840x10807.9995785440x000x0
                                          NameValue
                                          segname__LINKEDIT
                                          vmaddr0x100911000
                                          vmsize0x1000
                                          fileoff0x911000
                                          filesize0x454
                                          maxprot0x7
                                          initprot0x1
                                          nsects0
                                          flags0x0
                                          dyld_info_only  load command - aggregated: 1
                                          NameValue
                                          rebase_off9506816
                                          rebase_size8
                                          bind_off9506824
                                          bind_size56
                                          weak_bind_off0
                                          weak_bind_size0
                                          lazy_bind_off9506880
                                          lazy_bind_size224
                                          export_off9507104
                                          export_size80
                                          symtab  load command - aggregated: 1
                                          NameValue
                                          symoff9507256
                                          nsyms20
                                          stroff9507692
                                          strsize232
                                          dysymtab  load command - aggregated: 1
                                          NameValue
                                          ilocalsym0
                                          nlocalsym0
                                          iextdefsym0
                                          nextdefsym5
                                          iundefsym5
                                          nundefsym15
                                          tocoff0
                                          ntoc0
                                          modtaboff0
                                          nmodtab0
                                          extrefsymoff0
                                          nextrefsyms0
                                          indirectsymoff9507576
                                          nindirectsyms29
                                          extreloff0
                                          nextrel0
                                          locreloff0
                                          nlocrel0
                                          load_dylinker  load command - aggregated: 1
                                          NameValue
                                          uuid  load command - aggregated: 1
                                          NameValue
                                          uuid331b5ea8-e511-3977-b94a-1f7cc89c9c13
                                          version_min_macosx  load command - aggregated: 1
                                          NameValue
                                          version10.9.0
                                          sdk10.9.0
                                          source_version  load command - aggregated: 1
                                          NameValue
                                          path0.0.0.0.0
                                          main  load command - aggregated: 1
                                          NameValue
                                          load_dylib  load command - aggregated: 1
                                          NameValue
                                          compatibility_version1.0.0
                                          current_version1197.1.1
                                          timestamp1970-01-01
                                          Datas/usr/lib/libSystem.B.dylib
                                          function_starts  load command - aggregated: 1
                                          NameValue
                                          dataoff9507184
                                          datasize8
                                          data_in_code  load command - aggregated: 1
                                          NameValue
                                          dataoff9507192
                                          datasize0
                                          dylib_code_sign_drs  load command - aggregated: 1
                                          NameValue
                                          dataoff9507192
                                          datasize9507192
                                          Symbols
                                          NameCategoryOriginSegment NameBind AddressLibrary Name
                                          __mh_execute_headerEXTERNALLC_SYMTAB
                                          _bytesEXTERNALLC_SYMTAB
                                          _keyEXTERNALLC_SYMTAB
                                          _mainEXTERNALLC_SYMTAB
                                          _strposEXTERNALLC_SYMTAB
                                          __NSGetExecutablePathUNDEFINEDLC_SYMTAB__DATA0x100001018/usr/lib/libSystem.B.dylib
                                          ___memset_chkUNDEFINEDLC_SYMTAB__DATA0x100001020/usr/lib/libSystem.B.dylib
                                          ___sprintf_chkUNDEFINEDLC_SYMTAB__DATA0x100001028/usr/lib/libSystem.B.dylib
                                          ___stack_chk_failUNDEFINEDLC_SYMTAB__DATA0x100001030/usr/lib/libSystem.B.dylib
                                          ___stack_chk_guardUNDEFINEDLC_SYMTAB__DATA0x100001010/usr/lib/libSystem.B.dylib
                                          ___strcat_chkUNDEFINEDLC_SYMTAB__DATA0x100001038/usr/lib/libSystem.B.dylib
                                          _fcloseUNDEFINEDLC_SYMTAB__DATA0x100001040/usr/lib/libSystem.B.dylib
                                          _fopenUNDEFINEDLC_SYMTAB__DATA0x100001048/usr/lib/libSystem.B.dylib
                                          _fwriteUNDEFINEDLC_SYMTAB__DATA0x100001050/usr/lib/libSystem.B.dylib
                                          _mallocUNDEFINEDLC_SYMTAB__DATA0x100001058/usr/lib/libSystem.B.dylib
                                          _memsetUNDEFINEDLC_SYMTAB__DATA0x100001060/usr/lib/libSystem.B.dylib
                                          _strlenUNDEFINEDLC_SYMTAB__DATA0x100001068/usr/lib/libSystem.B.dylib
                                          _strstrUNDEFINEDLC_SYMTAB__DATA0x100001070/usr/lib/libSystem.B.dylib
                                          _systemUNDEFINEDLC_SYMTAB__DATA0x100001078/usr/lib/libSystem.B.dylib
                                          dyld_stub_binderUNDEFINEDLC_SYMTAB__DATA0x100001000/usr/lib/libSystem.B.dylib

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 19, 2024 17:04:39.983302116 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:39.983345985 CET44349381151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:39.983994007 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:39.984745026 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:39.984759092 CET44349381151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.181462049 CET44349381151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.182219028 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.182586908 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.207413912 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.207528114 CET44349381151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.207669020 CET44349381151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.208230972 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.208230972 CET49381443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.239852905 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.239900112 CET44349382151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.240586042 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.241601944 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.241616011 CET44349382151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.437441111 CET44349382151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.439269066 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.439269066 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.446038961 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.446100950 CET44349382151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.446192026 CET44349382151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.446794987 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.446794987 CET49382443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.463907003 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.463952065 CET44349383151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.464611053 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.465437889 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.465471983 CET44349383151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.659374952 CET44349383151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.661350965 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.661350965 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.667638063 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.667746067 CET44349383151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.667886019 CET44349383151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.668436050 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.668654919 CET49383443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.679480076 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.679523945 CET44349384151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.680120945 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.681075096 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.681109905 CET44349384151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.881270885 CET44349384151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.882145882 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.882145882 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.887540102 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.887768984 CET44349384151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.888248920 CET44349384151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:40.888402939 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:40.888695002 CET49384443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.526765108 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.526876926 CET44349385151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:41.527611971 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.528840065 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.528901100 CET44349385151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:41.731548071 CET44349385151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:41.732285976 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.732445955 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.764358997 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.764611959 CET44349385151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:41.765049934 CET44349385151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:41.765208006 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.765505075 CET49385443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.824763060 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.824879885 CET44349386151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:41.825484037 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.826282978 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:41.826343060 CET44349386151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:42.029242992 CET44349386151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:42.030265093 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.030325890 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.039565086 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.039820910 CET44349386151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:42.040277958 CET44349386151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:42.040381908 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.040849924 CET49386443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.894253016 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.894376040 CET44349390151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:42.895073891 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.895869017 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:42.895931005 CET44349390151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:43.090893030 CET44349390151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:43.091991901 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:43.092138052 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:43.133562088 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:43.133666992 CET44349390151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:43.133805037 CET44349390151.101.67.6192.168.11.12
                                          Nov 19, 2024 17:04:43.134464025 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:04:43.134485006 CET49390443192.168.11.12151.101.67.6
                                          Nov 19, 2024 17:05:04.818169117 CET4934780192.168.11.1223.48.144.29
                                          Nov 19, 2024 17:05:04.953430891 CET804934723.48.144.29192.168.11.12
                                          Nov 19, 2024 17:05:04.975131989 CET804934723.48.144.29192.168.11.12
                                          Nov 19, 2024 17:05:04.975723982 CET4934780192.168.11.1223.48.144.29
                                          Nov 19, 2024 17:05:09.134529114 CET49353443192.168.11.1223.195.93.152
                                          Nov 19, 2024 17:05:09.136161089 CET49353443192.168.11.1223.195.93.152
                                          Nov 19, 2024 17:05:09.250516891 CET4434935323.195.93.152192.168.11.12
                                          Nov 19, 2024 17:05:09.250530958 CET4434935323.195.93.152192.168.11.12
                                          Nov 19, 2024 17:05:09.252394915 CET49353443192.168.11.1223.195.93.152
                                          Nov 19, 2024 17:05:09.252394915 CET49353443192.168.11.1223.195.93.152
                                          Nov 19, 2024 17:06:10.590363979 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.590418100 CET44349394151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:10.591047049 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.591871977 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.591897964 CET44349394151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:10.786360979 CET44349394151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:10.787170887 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.787193060 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.794425011 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.794500113 CET44349394151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:10.794631004 CET44349394151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:10.795140982 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.795165062 CET49394443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.811619043 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.811674118 CET44349395151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:10.812325954 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.813126087 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:10.813146114 CET44349395151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.007011890 CET44349395151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.007785082 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.007931948 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.012516022 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.012590885 CET44349395151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.012723923 CET44349395151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.013242006 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.013326883 CET49395443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.040772915 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.040828943 CET44349396151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.041523933 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.042443037 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.042486906 CET44349396151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.237250090 CET44349396151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.237991095 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.238013983 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.243618965 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.243695021 CET44349396151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.243828058 CET44349396151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.244362116 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.244389057 CET49396443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.258131981 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.258192062 CET44349397151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.259218931 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.260046005 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.260071993 CET44349397151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.453663111 CET44349397151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.454425097 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.454514027 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.460832119 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.460903883 CET44349397151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.461041927 CET44349397151.101.131.6192.168.11.12
                                          Nov 19, 2024 17:06:11.461571932 CET49397443192.168.11.12151.101.131.6
                                          Nov 19, 2024 17:06:11.461663961 CET49397443192.168.11.12151.101.131.6

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 19, 2024 17:04:28.405605078 CET53524581.1.1.1192.168.11.12
                                          Nov 19, 2024 17:06:10.492904902 CET6390953192.168.11.121.1.1.1
                                          Nov 19, 2024 17:06:10.588174105 CET53639091.1.1.1192.168.11.12

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Nov 19, 2024 17:06:10.492904902 CET192.168.11.121.1.1.10x362eStandard query (0)h3.apis.apple.map.fastly.netA (IP address)IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Nov 19, 2024 17:06:10.588174105 CET1.1.1.1192.168.11.120x362eNo error (0)h3.apis.apple.map.fastly.net151.101.131.6A (IP address)IN (0x0001)false
                                          Nov 19, 2024 17:06:10.588174105 CET1.1.1.1192.168.11.120x362eNo error (0)h3.apis.apple.map.fastly.net151.101.67.6A (IP address)IN (0x0001)false
                                          Nov 19, 2024 17:06:10.588174105 CET1.1.1.1192.168.11.120x362eNo error (0)h3.apis.apple.map.fastly.net151.101.3.6A (IP address)IN (0x0001)false
                                          Nov 19, 2024 17:06:10.588174105 CET1.1.1.1192.168.11.120x362eNo error (0)h3.apis.apple.map.fastly.net151.101.195.6A (IP address)IN (0x0001)false

                                          System Behavior

                                          General

                                          Start time (UTC):16:04:17
                                          Start date (UTC):19/11/2024
                                          Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
                                          Arguments:-
                                          File size:3722408 bytes
                                          MD5 hash:8910349f44a940d8d79318367855b236

                                          Chronological Activities

                                          General

                                          Start time (UTC):16:04:17
                                          Start date (UTC):19/11/2024
                                          Path:/Users/bernard/Desktop/V6QED2Q1WBYVOPE
                                          Arguments:/Users/bernard/Desktop/V6QED2Q1WBYVOPE
                                          File size:9507924 bytes
                                          MD5 hash:6dee3bbd2bb0b9de6423700a8e1fe1e8

                                          Chronological Activities

                                          General

                                          Start time (UTC):16:04:48
                                          Start date (UTC):19/11/2024
                                          Path:/usr/libexec/xpcproxy
                                          Arguments:-
                                          File size:44048 bytes
                                          MD5 hash:4764d9eafe6b7dac23253a9f8b7f73d6

                                          Chronological Activities

                                          General

                                          Start time (UTC):16:04:48
                                          Start date (UTC):19/11/2024
                                          Path:/usr/libexec/firmwarecheckers/eficheck/eficheck
                                          Arguments:/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
                                          File size:74048 bytes
                                          MD5 hash:328beb81a2263449258057506bb4987f

                                          Chronological Activities