Play interactive tourEdit tour

macOS Analysis Report PT.updd

Overview

General Information

Sample Name:PT.updd
Analysis ID:1691
MD5:e344d16054bf7571d7ecb8e435b862b2
SHA1:2992d7b146603cd5bb175a1010b8699a828a239d
SHA256:4e4ad25e652768157b460a62f87f3d41586a40da4b3b8e40ee35a28d3f5cca03
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false

Signatures

Performs DNS queries to domains with low reputation
Process executable has a file extension which is uncommon (probably to disguise the executable)
Explicitly loads/starts launch services
Contains symbols with suspicious names likely related to networking
Reads the systems hostname
Creates system-wide 'launchd' managed services aka launch daemons
Executes the "mkdir" command used to create folders
Changes permissions of written Mach-O files
Executes commands using a shell command-line interpreter
Reads the systems OS release and/or type
Writes 64-bit Mach-O files to disk

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox Version:33.0.0 White Diamond
Analysis ID:1691
Start date:16.10.2021
Start time:12:09:05
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 49s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:PT.updd
Cookbook file name:defaultmacfilecookbook.jbs
Analysis system description:Virtual Machine, High Sierra (Office 2016 v16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:default
Detection:MAL
Classification:mal48.troj.evad.macUPDD@0/4@1/0
Warnings:
  • Excluded IPs from analysis (whitelisted): 17.253.55.202, 17.253.55.204, 17.253.55.206, 17.253.38.125, 17.253.38.253, 17.253.54.253, 17.253.54.125, 17.253.54.251
  • Excluded domains from analysis (whitelisted): ocsp.apple.com, valid.origin-apple.com.akadns.net, time-macos.apple.com, time-osx.g.aaplimg.com, ocsp-a.g.aaplimg.com, valid-apple.g.aaplimg.com, crl.apple.com, valid.apple.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa
  • VT rate limit hit for: http://t4p-upd.info/
  • System is macvm-highsierra
  • PT.updd (MD5: e344d16054bf7571d7ecb8e435b862b2) Arguments: /Users/berri/Desktop/PT.updd
    • sh New Fork (PID: 554, Parent: 553)
    • mkdir (MD5: 135a3b94b3d9efccb4c8cd23ac404571) Arguments: mkdir -p /Library/PrivilegedHelperTools/
    • sh New Fork (PID: 555, Parent: 553)
    • cp (MD5: 57fc302d74610c3350e683c6c9771076) Arguments: cp /Users/berri/Desktop/PT.updd /Library/PrivilegedHelperTools/PT.updd
    • sh New Fork (PID: 556, Parent: 553)
    • mkdir (MD5: 135a3b94b3d9efccb4c8cd23ac404571) Arguments: mkdir -p /Library/LaunchDaemons/
    • sh New Fork (PID: 557, Parent: 553)
    • launchctl (MD5: 17fad4b994d600d0a5b6bc02b55c2c80) Arguments: /bin/launchctl load /Library/LaunchDaemons/PT.updd.plist
  • PT.updd (MD5: e344d16054bf7571d7ecb8e435b862b2) Arguments: /Library/PrivilegedHelperTools/PT.updd
    • PT.updd New Fork (PID: 559, Parent: 558)
    • sh (MD5: 8aa60b22a5d30418a002b340989384dc) Arguments: sh -c /usr/libexec/PlistBuddy /Applications/PopcornTime.app/Contents/Info.plist -c 'Print CFBundleVersion'
    • PlistBuddy (MD5: dc74460b36c41234337e907d4f151e4c) Arguments: /usr/libexec/PlistBuddy /Applications/PopcornTime.app/Contents/Info.plist -c Print CFBundleVersion
  • cleanup

Yara Overview

No yara matches

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Networking:

barindex
Performs DNS queries to domains with low reputation
Source: DNS query: popcorntimeupd.xyz
Source: unknownDNS traffic detected: queries for: popcorntimeupd.xyz
Source: unknownTCP traffic detected without corresponding DNS query: 104.89.44.72
Source: unknownTCP traffic detected without corresponding DNS query: 104.89.44.72
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?app_id=T4P_SEM&hid=dd4890ac960b28289774ea936e033343&ver=UNKNOWN&os=OSX101302 HTTP/1.1Host: popcorntimeupd.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 v1.4Accept: */*
Source: PT.updd, 00000553.00000239.1.000000010f216000.000000010f231000.r--.sdmpString found in binary or memory: http://crl.apple.com/codesigning.crl0
Source: PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpString found in binary or memory: http://pct-upd.info/
Source: PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpString found in binary or memory: http://pct-upd.info/(http://t4p-upd.info/&http://updpct.info/(http://upd-pct.info/&http://pctupd.inf
Source: PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpString found in binary or memory: http://pctupd.info/
Source: PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpString found in binary or memory: http://t4p-upd.info/
Source: PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpString found in binary or memory: http://upd-pct.info/
Source: PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpString found in binary or memory: http://updpct.info/
Source: PT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmp, PT.updd, 00000553.00000239.1.000000010f216000.000000010f231000.r--.sdmp, PT.updd.plist.239.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: PT.updd, 00000553.00000239.1.000000010f216000.000000010f231000.r--.sdmpString found in binary or memory: http://www.apple.com/appleca/root.crl0
Source: PT.updd, 00000553.00000239.1.000000010f216000.000000010f231000.r--.sdmpString found in binary or memory: http://www.apple.com/certificateauthority0
Source: PT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: PT.updd, 00000553.00000239.1.000000010f216000.000000010f231000.r--.sdmpString found in binary or memory: https://www.apple.com/appleca/0
Source: PT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmpString found in binary or memory: https://www.openssl.org/docs/faq.html
Source: PT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmpString found in binary or memory: https://www.openssl.org/docs/faq.htmlPRNG
Source: classification engineClassification label: mal48.troj.evad.macUPDD@0/4@1/0
Source: submission PT.upddMach-O symbol: _connect
Source: submission PT.upddMach-O symbol: _getsockname
Source: submission PT.upddMach-O symbol: _getsockopt
Source: submission PT.upddMach-O symbol: _gethostbyname
Source: submission PT.upddMach-O symbol: __ZTVSt12domain_error
Source: submission PT.upddMach-O symbol: __ZNKSt3__18numpunctIcE11do_groupingEv
Source: submission PT.upddMach-O symbol: _send
Source: submission PT.upddMach-O symbol: _sendto
Source: submission PT.upddMach-O symbol: __ZNSt12domain_errorD1Ev
Source: submission PT.upddMach-O symbol: _setsockopt
Source: submission PT.upddMach-O symbol: __ZTISt12domain_error
Source: submission PT.upddMach-O symbol: _socket
Source: submission PT.upddMach-O symbol: _socketpair
Source: dropped file PT.updd.243.drMach-O symbol: _connect
Source: dropped file PT.updd.243.drMach-O symbol: _getsockname
Source: dropped file PT.updd.243.drMach-O symbol: _getsockopt
Source: dropped file PT.updd.243.drMach-O symbol: _gethostbyname
Source: dropped file PT.updd.243.drMach-O symbol: __ZTVSt12domain_error
Source: dropped file PT.updd.243.drMach-O symbol: __ZNKSt3__18numpunctIcE11do_groupingEv
Source: dropped file PT.updd.243.drMach-O symbol: _send
Source: dropped file PT.updd.243.drMach-O symbol: _sendto
Source: dropped file PT.updd.243.drMach-O symbol: __ZNSt12domain_errorD1Ev
Source: dropped file PT.updd.243.drMach-O symbol: _setsockopt
Source: dropped file PT.updd.243.drMach-O symbol: __ZTISt12domain_error
Source: dropped file PT.updd.243.drMach-O symbol: _socket
Source: dropped file PT.updd.243.drMach-O symbol: _socketpair
Source: /bin/sh (PID: 557)Launch agent/daemon loaded: /bin/launchctl load /Library/LaunchDaemons/PT.updd.plistJump to behavior
Source: /bin/sh (PID: 554)Mkdir executable: /bin/mkdir -> mkdir -p /Library/PrivilegedHelperTools/Jump to behavior
Source: /bin/sh (PID: 556)Mkdir executable: /bin/mkdir -> mkdir -p /Library/LaunchDaemons/Jump to behavior
Source: /bin/cp (PID: 555)Permissions modified for written 64-bit Mach-O /Library/PrivilegedHelperTools/PT.updd: bits: - usr: rx grp: rx all: rwxJump to dropped file
Source: /Users/berri/Desktop/PT.updd (PID: 553)Shell command executed: sh -c mkdir -p /Library/PrivilegedHelperTools/Jump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Shell command executed: sh -c cp /Users/berri/Desktop/PT.updd /Library/PrivilegedHelperTools/PT.upddJump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Shell command executed: sh -c mkdir -p /Library/LaunchDaemons/Jump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Shell command executed: sh -c /bin/launchctl load /Library/LaunchDaemons/PT.updd.plistJump to behavior
Source: /Library/PrivilegedHelperTools/PT.updd (PID: 559)Shell command executed: sh -c /usr/libexec/PlistBuddy /Applications/PopcornTime.app/Contents/Info.plist -c 'Print CFBundleVersion'Jump to behavior
Source: /bin/cp (PID: 555)File written: /Library/PrivilegedHelperTools/PT.upddJump to dropped file
Source: /bin/sh (PID: 559)PlistBuddy executable: /usr/libexec/PlistBuddy /usr/libexec/PlistBuddy /Applications/PopcornTime.app/Contents/Info.plist -c Print CFBundleVersionJump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Launch daemon created File created: /Library/LaunchDaemons/PT.updd.plistJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Process executable has a file extension which is uncommon (probably to disguise the executable)
Source: /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 (PID: 553)Process executable with extension: /Users/berri/Desktop/PT.upddJump to behavior
Source: /usr/libexec/xpcproxy (PID: 558)Process executable with extension: /Library/PrivilegedHelperTools/PT.upddJump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 554)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 555)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 556)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 557)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /Library/PrivilegedHelperTools/PT.updd (PID: 558)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /bin/sh (PID: 559)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Sysctl requested: kern.ostype (1.1)Jump to behavior
Source: /Users/berri/Desktop/PT.updd (PID: 553)Sysctl requested: kern.osrelease (1.2)Jump to behavior
Source: /Library/PrivilegedHelperTools/PT.updd (PID: 558)Sysctl requested: kern.ostype (1.1)Jump to behavior
Source: /Library/PrivilegedHelperTools/PT.updd (PID: 558)Sysctl requested: kern.osrelease (1.2)Jump to behavior
Source: /Library/PrivilegedHelperTools/PT.updd (PID: 558)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting1LC_LOAD_DYLIB Addition1LC_LOAD_DYLIB Addition1Masquerading1OS Credential DumpingSystem Information Discovery21Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobLaunch Agent1Launch Agent1Scripting1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Launch Daemon2Launch Daemon2Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Plist Modification1Plist Modification1Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1691 Sample: PT.updd Startdate: 16/10/2021 Architecture: MAC Score: 48 25 popcorntimeupd.xyz 172.67.191.194, 49194, 80 CLOUDFLARENETUS United States 2->25 27 104.89.44.72, 49191, 80 AKAMAI-ASUS United States 2->27 29 Performs DNS queries to domains with low reputation 2->29 7 mono-sgen32 PT.updd 1 2->7         started        10 xpcproxy PT.updd 1 2->10         started        signatures3 process4 signatures5 31 Process executable has a file extension which is uncommon (probably to disguise the executable) 7->31 12 sh cp 1 7->12         started        15 sh mkdir 7->15         started        17 sh mkdir 7->17         started        19 sh launchctl 7->19         started        21 PT.updd sh PlistBuddy 10->21         started        process6 file7 23 /Library/PrivilegedHelperTools/PT.updd, Mach-O 12->23 dropped

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

cam-macmac-stand
SourceDetectionScannerLabelLink
PT.updd0%VirustotalBrowse
PT.updd0%MetadefenderBrowse
PT.updd2%ReversingLabs
SourceDetectionScannerLabelLink
/Library/PrivilegedHelperTools/PT.updd0%MetadefenderBrowse
/Library/PrivilegedHelperTools/PT.updd2%ReversingLabs
SourceDetectionScannerLabelLink
popcorntimeupd.xyz0%VirustotalBrowse
SourceDetectionScannerLabelLink
http://pct-upd.info/1%VirustotalBrowse
http://pct-upd.info/0%Avira URL Cloudsafe
http://pctupd.info/0%VirustotalBrowse
http://pctupd.info/0%Avira URL Cloudsafe
http://updpct.info/4%VirustotalBrowse
http://updpct.info/0%Avira URL Cloudsafe
http://popcorntimeupd.xyz/?app_id=T4P_SEM&hid=dd4890ac960b28289774ea936e033343&ver=UNKNOWN&os=OSX1013020%Avira URL Cloudsafe
http://t4p-upd.info/0%Avira URL Cloudsafe
http://upd-pct.info/0%Avira URL Cloudsafe
http://pct-upd.info/(http://t4p-upd.info/&http://updpct.info/(http://upd-pct.info/&http://pctupd.inf0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
popcorntimeupd.xyz
172.67.191.194
truetrueunknown
NameMaliciousAntivirus DetectionReputation
http://popcorntimeupd.xyz/?app_id=T4P_SEM&hid=dd4890ac960b28289774ea936e033343&ver=UNKNOWN&os=OSX101302false
  • Avira URL Cloud: safe
unknown
NameSourceMaliciousAntivirus DetectionReputation
http://pct-upd.info/PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://pctupd.info/PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.openssl.org/docs/faq.htmlPRNGPT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmpfalse
    high
    http://updpct.info/PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpfalse
    • 4%, Virustotal, Browse
    • Avira URL Cloud: safe
    unknown
    http://t4p-upd.info/PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://www.openssl.org/docs/faq.htmlPT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmpfalse
      high
      http://upd-pct.info/PT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      http://pct-upd.info/(http://t4p-upd.info/&http://updpct.info/(http://upd-pct.info/&http://pctupd.infPT.updd, 00000553.00000239.1.00000001092c8000.00000001092f8000.rw-.sdmpfalse
      • Avira URL Cloud: safe
      unknown
      https://curl.haxx.se/docs/http-cookies.htmlPT.updd, 00000553.00000239.1.000000010900b000.00000001092c8000.r-x.sdmpfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        172.67.191.194
        popcorntimeupd.xyzUnited States
        13335CLOUDFLARENETUStrue
        104.89.44.72
        unknownUnited States
        16625AKAMAI-ASUSfalse
        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        104.89.44.72login_helperGet hashmaliciousBrowse
          module_initGet hashmaliciousBrowse
            63E2F3FC7E33Get hashmaliciousBrowse
              31A21_.10.10.118.3.dmgGet hashmaliciousBrowse
                bfeGet hashmaliciousBrowse
                  puS2SWi74RGet hashmaliciousBrowse
                    VaudTax_2020.dmgGet hashmaliciousBrowse
                      ON24-ScreenShare-plugin.dmgGet hashmaliciousBrowse
                        bFdGet hashmaliciousBrowse
                          No context
                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          AKAMAI-ASUSWGEcMZQA.dllGet hashmaliciousBrowse
                          • 95.100.216.34
                          1WL2kQmrNkGet hashmaliciousBrowse
                          • 23.13.101.220
                          1Mwzgsrx9CGet hashmaliciousBrowse
                          • 104.91.41.117
                          MQzYHhdWg0Get hashmaliciousBrowse
                          • 23.214.21.214
                          8ayDJW4ujqGet hashmaliciousBrowse
                          • 104.73.204.126
                          DEMONS.armGet hashmaliciousBrowse
                          • 104.85.207.75
                          DEMONS.arm7Get hashmaliciousBrowse
                          • 184.26.78.15
                          vdQzjfJR0uGet hashmaliciousBrowse
                          • 23.40.23.245
                          dUdVswLLvuGet hashmaliciousBrowse
                          • 23.33.161.185
                          6ZtFD1dbIyGet hashmaliciousBrowse
                          • 23.52.18.154
                          Qr7o5ZZmz1Get hashmaliciousBrowse
                          • 104.90.135.158
                          ii.arm7Get hashmaliciousBrowse
                          • 104.78.21.133
                          ii.armGet hashmaliciousBrowse
                          • 23.51.122.182
                          login_helperGet hashmaliciousBrowse
                          • 104.89.44.72
                          module_initGet hashmaliciousBrowse
                          • 104.89.44.72
                          KKveTTgaAAsecNNaaaa.armGet hashmaliciousBrowse
                          • 88.221.5.31
                          b3astmode.x86Get hashmaliciousBrowse
                          • 23.75.28.45
                          Owari.arm7Get hashmaliciousBrowse
                          • 104.78.196.214
                          z3hir.arm7Get hashmaliciousBrowse
                          • 104.127.5.222
                          ATT64938.HTMGet hashmaliciousBrowse
                          • 104.89.34.102
                          CLOUDFLARENETUSZEKk2t5fJt.exeGet hashmaliciousBrowse
                          • 172.67.204.112
                          dBJ2dwRpl5.exeGet hashmaliciousBrowse
                          • 104.21.85.99
                          WGEcMZQA.dllGet hashmaliciousBrowse
                          • 104.20.185.68
                          Fr6yaDjoE5.exeGet hashmaliciousBrowse
                          • 104.21.85.99
                          9ubsb7p6h1.exeGet hashmaliciousBrowse
                          • 172.67.204.112
                          Synapse-X-Cracked_460637337.exeGet hashmaliciousBrowse
                          • 172.67.177.45
                          AeXXqhQNJKur7teIlOrvF329.exeGet hashmaliciousBrowse
                          • 104.21.33.184
                          1u1hBVyy1iGet hashmaliciousBrowse
                          • 172.67.247.211
                          IOI6w12lUDfF4tNCGf_7pzse.exeGet hashmaliciousBrowse
                          • 104.21.94.228
                          UTJTSQdX9ITDLyCRBKvHrxJ7.exeGet hashmaliciousBrowse
                          • 104.21.33.184
                          48fl6271oClv7lfnOsBHvbLy.exeGet hashmaliciousBrowse
                          • 172.67.176.199
                          uFvG6DlSUpNCq_0a0Y3vNrYQ.exeGet hashmaliciousBrowse
                          • 172.67.166.84
                          UfZQclP1sP8dkdmyrez2O3E7.exeGet hashmaliciousBrowse
                          • 104.21.85.99
                          5he1PBER3h.exeGet hashmaliciousBrowse
                          • 104.21.33.184
                          OeMKv473p6Get hashmaliciousBrowse
                          • 1.4.26.75
                          Sapphire.exeGet hashmaliciousBrowse
                          • 162.159.129.233
                          Setup.exeGet hashmaliciousBrowse
                          • 162.159.129.233
                          Quotation- urgent basis.exeGet hashmaliciousBrowse
                          • 23.227.38.74
                          _APNote Summary79286.HTMGet hashmaliciousBrowse
                          • 104.18.11.207
                          fO6A7nqU5e.exeGet hashmaliciousBrowse
                          • 172.67.171.248
                          No context
                          No context


                          Command:/Users/berri/Desktop/PT.updd
                          Exit Code:0
                          Exit Code Info:
                          Killed:False
                          Standard Output:

                          Standard Error:
                          /Library/Application Support/updater.bin
                          Process:/Library/PrivilegedHelperTools/PT.updd
                          File Type:ASCII text, with no line terminators
                          Category:dropped
                          Size (bytes):90
                          Entropy (8bit):5.535863096137363
                          Encrypted:false
                          SSDEEP:3:/8VCDVPlKD729L3GTjR6hc/vMUMYh+QwI:/ECJtNDG3Ic/PnwI
                          MD5:4178CC326AE0A9A02CB9CE4A04273E66
                          SHA1:493DE5364F78E36CEC36103BFCB635FF8E48BC55
                          SHA-256:CA2D485E589C290F49BA0F85F8D06EC6AAD85BF8127C79E593B2A735DFE9950D
                          SHA-512:E0420F9ED532CB4C95C65B3C239A28ABACBBB1CBFFCCF1E1F97E3F3C18A60D4972A7A4360B0073D420D7D244ECBA5E9243B9F2F6C9CD953F848B79A2570EA702
                          Malicious:false
                          Reputation:low
                          Preview: wWdSMXjhBAps234567y0jWSrQFzqxGfy/S0rI7KgU9RRAeSXF69FuE1AQ/XZTVNgzYNqGiiT78koK7DtP5j5UmsU/q
                          /Library/LaunchDaemons/PT.updd.plist
                          Process:/Users/berri/Desktop/PT.updd
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):555
                          Entropy (8bit):4.824585057120754
                          Encrypted:false
                          SSDEEP:12:TMHdgo+t7EdQiCX7+j5oDYY/lKv42EZM0ClnZzMn:2dzyiwi0R/Z7ZM0ChZzMn
                          MD5:302234A90C59418FFB32905D5D4C99E7
                          SHA1:46E681E8CC57E8A1305280CA9F310A636E8A8E85
                          SHA-256:A3D5582DC5E6600EB3632758BFAE018A9DC9699A8860A8144B9A169C9E71108C
                          SHA-512:37FB1B44C6DC7758A76409AABFF9FD6525895CD96D670D1B537074DE7767CA8D015192584D23CE69853D50FC43A11F0EFB886DFD3063B666E5708D909F36FC48
                          Malicious:false
                          Reputation:low
                          Preview: <?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" " http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">. <dict>. <key>Label</key>. <string>PT.updd</string>. <key>ProgramArguments</key>. <array>. <string>/Library/PrivilegedHelperTools/PT.updd</string>. </array>. <key>KeepAlive</key>. <true/>. <key>RunAtLoad</key>. <true/>. <key>Nice</key>. <integer>20</integer>. <key>LowPriorityIO</key>. <true/>. </dict>.</plist>.
                          /Library/PrivilegedHelperTools/PT.updd
                          Process:/bin/cp
                          File Type:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|PIE>
                          Category:dropped
                          Size (bytes):3285300
                          Entropy (8bit):6.328074786115305
                          Encrypted:false
                          SSDEEP:98304:wRS7Y6vD08J/l6p+bpkPjmOqpVHuCvniKQVY:BXvD084kO2AK
                          MD5:E344D16054BF7571D7ECB8E435B862B2
                          SHA1:2992D7B146603CD5BB175A1010B8699A828A239D
                          SHA-256:4E4AD25E652768157B460A62F87F3D41586A40DA4B3B8E40EE35A28D3F5CCA03
                          SHA-512:1C3AACCD9B631EACD009C5108AF5FCD4763BC90A7A6E54D670DCF865FE858A4A9115AB83AAF44EA05847385580561F3F64C0357D7CAF6283CE8D6D8C2CBEBDF7
                          Malicious:true
                          Antivirus:
                          • Antivirus: Metadefender, Detection: 0%, Browse
                          • Antivirus: ReversingLabs, Detection: 2%
                          Reputation:low
                          Preview: ..........................!.........H...__PAGEZERO..............................................................__TEXT....................+...............+.....................__text..........__TEXT........... ........!...... ..............................__stubs.........__TEXT............"...............".............................__stub_helper...__TEXT..........x.".............x.".............................__const.........__TEXT............".....l.........".............................__gcc_except_tab__TEXT............$......W........$.............................__cstring.......__TEXT...........m$.....1G.......m$.............................__unwind_info...__TEXT...........&......D.......&.............................__eh_frame......__TEXT..........h.&.....X.......h.&.....................................__DATA............+......0........+.............................__program_vars..__DATA............+.....(.........+.............................__got...........__DATA..........
                          /dev/null
                          Process:/usr/libexec/PlistBuddy
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):48
                          Entropy (8bit):4.389460876028362
                          Encrypted:false
                          SSDEEP:3:WNzGkr/dMo:aGiVZ
                          MD5:6F367B4299FCEC09BF91F53697086443
                          SHA1:2FEE70E0140AB7F83A7D01452FD78117EBB479CF
                          SHA-256:63B485F855A9AD14D9EB90633C5AC3745120ACAB487422EB5178102525661820
                          SHA-512:12E883C8AAE5401A919929B5DFF70BE79F833A43DC3DB9349C3B84CADD096134BA6FC74807AB2CDCE3696FA1035FAD20E1FB5225A2F3E2BD90DE9A02807B8921
                          Malicious:false
                          Reputation:low
                          Preview: Print: Entry, "CFBundleVersion", Does Not Exist.

                          Static File Info

                          General

                          File type:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|PIE>
                          Entropy (8bit):6.328074786115305
                          TrID:
                          • Mac OS X Mach-O 64bit Intel executable (20004/1) 100.00%
                          File name:PT.updd
                          File size:3285300
                          MD5:e344d16054bf7571d7ecb8e435b862b2
                          SHA1:2992d7b146603cd5bb175a1010b8699a828a239d
                          SHA256:4e4ad25e652768157b460a62f87f3d41586a40da4b3b8e40ee35a28d3f5cca03
                          SHA512:1c3aaccd9b631eacd009c5108af5fcd4763bc90a7a6e54d670dcf865fe858a4a9115ab83aaf44ea05847385580561f3f64c0357d7caf6283ce8d6d8c2cbebdf7
                          SSDEEP:98304:wRS7Y6vD08J/l6p+bpkPjmOqpVHuCvniKQVY:BXvD084kO2AK
                          File Content Preview:..........................!.........H...__PAGEZERO..............................................................__TEXT....................+...............+.....................__text..........__TEXT........... ........!...... .............................
                          General Information for header 1
                          Endian:<
                          Size:64-bit
                          Architecture:x86_64
                          Filetype:execute
                          Nbr. of load commands:16
                          Entry point:0x100002000
                          NameValue
                          segname__PAGEZERO
                          vmaddr0x0
                          vmsize0x100000000
                          fileoff0x0
                          filesize0x0
                          maxprot0x0
                          initprot0x0
                          nsects0
                          flags0x0
                          NameValue
                          segname__TEXT
                          vmaddr0x100000000
                          vmsize0x2BD000
                          fileoff0x0
                          filesize0x2BD000
                          maxprot0x7
                          initprot0x5
                          nsects8
                          flags0x0
                          Datas
                          sectnamesegnameaddrsizeoffsetentropyalignreloffnrelocflags
                          __text__TEXT0x1000020000x21E8CB0x20006.68560xC0x000x80000400
                          __stubs__TEXT0x1002208CC0xAAA0x2208CC4.04840x10x000x80000408
                          __stub_helper__TEXT0x1002213780xBFA0x2213784.88400x20x000x80000400
                          __const__TEXT0x100221F800x1F66C0x221F802.60150x60x000x0
                          __gcc_except_tab__TEXT0x1002415EC0x579C0x2415EC3.28640x20x000x0
                          __cstring__TEXT0x100246D900x247310x246D905.39150x40x000x2
                          __unwind_info__TEXT0x10026B4C40x44A40x26B4C45.85550x20x000x0
                          __eh_frame__TEXT0x10026F9680x4D2580x26F9684.08980x30x000x0
                          NameValue
                          segname__DATA
                          vmaddr0x1002BD000
                          vmsize0x33000
                          fileoff0x2BD000
                          filesize0x30000
                          maxprot0x7
                          initprot0x3
                          nsects9
                          flags0x0
                          Datas
                          sectnamesegnameaddrsizeoffsetentropyalignreloffnrelocflags
                          __program_vars__DATA0x1002BD0000x280x2BD0002.03060x30x000x0
                          __got__DATA0x1002BD0280x4080x2BD0282.53460x30x000x6
                          __nl_symbol_ptr__DATA0x1002BD4300x100x2BD430-0.00000x30x000x6
                          __la_symbol_ptr__DATA0x1002BD4400xE380x2BD4403.44610x30x000x7
                          __mod_init_func__DATA0x1002BE2780x300x2BE2782.59080x30x000x9
                          __const__DATA0x1002BE2B00x1F4580x2BE2B02.60150x40x000x0
                          __data__DATA0x1002DD7100xEACC0x2DD7103.29710x40x000x0
                          __common__DATA0x1002EC1E00x7580x0-0.00000x40x000x1
                          __bss__DATA0x1002EC9400x2F4A0x0-0.00000x40x000x1
                          NameValue
                          segname__LINKEDIT
                          vmaddr0x1002F0000
                          vmsize0x35134
                          fileoff0x2ED000
                          filesize0x35134
                          maxprot0x7
                          initprot0x1
                          nsects0
                          flags0x0
                          NameValue
                          rebase_off3067904
                          rebase_size7848
                          bind_off3075752
                          bind_size5064
                          weak_bind_off3080816
                          weak_bind_size5928
                          lazy_bind_off3086744
                          lazy_bind_size10088
                          export_off3096832
                          export_size127376
                          NameValue
                          symoff3234552
                          nsyms635
                          stroff3248876
                          strsize36424
                          NameValue
                          ilocalsym0
                          nlocalsym150
                          iextdefsym150
                          nextdefsym88
                          iundefsym238
                          nundefsym397
                          tocoff0
                          ntoc0
                          modtaboff0
                          nmodtab0
                          extrefsymoff0
                          nextrefsyms0
                          indirectsymoff3244712
                          nindirectsyms1041
                          extreloff0
                          nextrel0
                          locreloff0
                          nlocrel0
                          NameValue
                          name12
                          Datas/usr/lib/dyld
                          NameValue
                          uuidb'\x11\x99A\xb2\xbe\xc57!\xa01b\x1a\xa7qW\xa7'
                          NameValue
                          version657152
                          sdk657920
                          NameValue
                          flavor4
                          count42
                          NameValue
                          name24
                          timestampThu Jan 1 01:00:02 1970
                          current_version120.0.0
                          compatibility_version1.0.0
                          Datas/usr/lib/libc++.1.dylib
                          NameValue
                          name24
                          timestampThu Jan 1 01:00:02 1970
                          current_version62.0.0
                          compatibility_version1.0.0
                          Datas/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
                          NameValue
                          name24
                          timestampThu Jan 1 01:00:02 1970
                          current_version1213.0.0
                          compatibility_version1.0.0
                          Datas/usr/lib/libSystem.B.dylib
                          NameValue
                          dataoff3224208
                          datasize10344
                          NameValue
                          dataoff3234552
                          datasize0
                          _Gestalt
                          _NXGetLocalArchInfo
                          __DefaultRuneLocale
                          __NSGetExecutablePath
                          __Unwind_Resume
                          __ZGVZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E4dumpEiE3loc
                          __ZN4redi14basic_ipstreamIcNSt3__111char_traitsIcEEEC1ERKNS1_12basic_stringIcS3_NS1_9allocatorIcEEEEj
                          __ZN4redi14basic_ipstreamIcNSt3__111char_traitsIcEEED2Ev
                          __ZN4redi14pstream_commonIcNSt3__111char_traitsIcEEEC2ERKNS1_12basic_stringIcS3_NS1_9allocatorIcEEEEj
                          __ZN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEE11fill_bufferEb
                          __ZN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEE14create_buffersEj
                          __ZN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEE4forkEj
                          __ZN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEE4openERKNS1_12basic_stringIcS3_NS1_9allocatorIcEEEEj
                          __ZN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEE4waitEb
                          __ZN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEE5closeEv
                          __ZN5Plist15stringFromValueINSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEES7_RKT_
                          __ZN5Plist15stringFromValueIdEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKT_
                          __ZN5Plist15stringFromValueIfEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKT_
                          __ZN5Plist15stringFromValueIiEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKT_
                          __ZN5Plist15stringFromValueIlEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKT_
                          __ZN5Plist15stringFromValueIsEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKT_
                          __ZN5Plist15stringFromValueIxEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKT_
                          __ZN5Plist18writeXMLSimpleNodeINSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist18writeXMLSimpleNodeIdEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist18writeXMLSimpleNodeIfEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist18writeXMLSimpleNodeIiEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist18writeXMLSimpleNodeIlEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist18writeXMLSimpleNodeIsEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist18writeXMLSimpleNodeIxEEvRN4pugi8xml_nodeEPKcRKN5boost3anyE
                          __ZN5Plist9readPlistINSt3__13mapINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEN5boost3anyENS1_4lessIS8_EENS6_INS1_4pairIKS8_SA_EEEEEEEEvRNS1_13basic_istreamIcS5_EERT_
                          __ZN5boost15throw_exceptionINS_12bad_any_castEEEvRKT_
                          __ZN5boost16exception_detail10clone_implINS0_19error_info_injectorINS_12bad_any_castEEEEC1ERKS4_
                          __ZN5boost16exception_detail10clone_implINS0_19error_info_injectorINS_12bad_any_castEEEEC1ERKS5_NS5_9clone_tagE
                          __ZN5boost6locale3utf10utf_traitsIcLi1EE6encodeINSt3__120back_insert_iteratorINS5_12basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEEEEEET_jSE_
                          __ZN5boost6locale4conv10utf_to_utfIcsEENSt3__112basic_stringIT_NS3_11char_traitsIS5_EENS3_9allocatorIS5_EEEEPKT0_SD_NS1_11method_typeE
                          __ZN5boost8any_castINSt3__13mapINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS_3anyENS1_4lessIS8_EENS6_INS1_4pairIKS8_S9_EEEEEEEET_RS9_
                          __ZN5boost8any_castIRKN5Plist4DateEEET_RNS_3anyE
                          __ZN5boost8any_castIRKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEET_RNS_3anyE
                          __ZN5boost8any_castIRKNSt3__13mapINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS_3anyENS1_4lessIS8_EENS6_INS1_4pairIKS8_S9_EEEEEEEET_RS9_
                          __ZN5boost8any_castIRKNSt3__16vectorINS_3anyENS1_9allocatorIS3_EEEEEET_RS3_
                          __ZN5boost8any_castIRKNSt3__16vectorIcNS1_9allocatorIcEEEEEET_RNS_3anyE
                          __ZN5boost8any_castIRKbEET_RNS_3anyE
                          __ZN5boost8any_castIRKdEET_RNS_3anyE
                          __ZN5boost8any_castIRKfEET_RNS_3anyE
                          __ZN5boost8any_castIRKiEET_RNS_3anyE
                          __ZN5boost8any_castIRKlEET_RNS_3anyE
                          __ZN5boost8any_castIRKsEET_RNS_3anyE
                          __ZN5boost8any_castIRKxEET_RNS_3anyE
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E10json_valueC2ENSA_7value_tE
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E13escape_stringERKS9_
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5lexer10to_unicodeEmm
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5lexer15token_type_nameENSB_10token_typeE
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5lexer16fill_line_bufferEv
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5lexer4scanEv
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5parseINS1_11__wrap_iterIPKcEELi0EEESA_T_SG_NS1_8functionIFbiNSA_13parse_event_tERSA_EEE
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5parseIS9_Li0EEESA_RKT_NS1_8functionIFbiNSA_13parse_event_tERSA_EEE
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E6parser14parse_internalEb
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E6parser5parseEv
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E9push_backEOSA_
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EC1EDn
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EC1EOSA_
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EC2ENSA_7value_tE
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EC2ERKS9_
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_ED2Ev
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EaSESA_
                          __ZN8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EixERKS9_
                          __ZNK5boost16exception_detail10clone_implINS0_19error_info_injectorINS_12bad_any_castEEEE7rethrowEv
                          __ZNK6base64IcNSt3__111char_traitsIcEEE3getIPKcNS0_15insert_iteratorINS0_6vectorIcNS0_9allocatorIcEEEEEEiEET_SD_SD_T0_RT1_
                          __ZNK6base64IcNSt3__111char_traitsIcEEE3putINS0_11__wrap_iterIPKcEENS0_15insert_iteratorINS0_12basic_stringIcS2_NS0_9allocatorIcEEEEEEiNS3_2lfEEET_SG_SG_T0_RT1_T2_
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E14const_iteratoreqERKSB_
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E2atERKS9_
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E4dumpERNS1_13basic_ostreamIcS6_EEbjj
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E4dumpEi
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5lexer10get_numberERSA_
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E5lexer10get_stringEv
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E6parser6expectENSA_5lexer10token_typeE
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E6parser8unexpectENSA_5lexer10token_typeE
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E8get_implIS9_Li0EEET_PSC_
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E8get_implIxLi0EEET_PSC_
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E9type_nameEv
                          __ZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_EixERKS9_
                          __ZNKSt13runtime_error4whatEv
                          __ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE4findEPKcmm
                          __ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE5rfindEcm
                          __ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEPKc
                          __ZNKSt3__115basic_stringbufIcNS_11char_traitsIcEENS_9allocatorIcEEE3strEv
                          __ZNKSt3__115basic_stringbufIwNS_11char_traitsIwEENS_9allocatorIwEEE3strEv
                          __ZNKSt3__120__vector_base_commonILb1EE20__throw_length_errorEv
                          __ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv
                          __ZNKSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE13__lower_boundIS7_EENS_21__tree_const_iteratorISA_PNS_11__tree_nodeISA_PvEElEERKT_SM_SM_
                          __ZNKSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE4findIS7_EENS_21__tree_const_iteratorISA_PNS_11__tree_nodeISA_PvEElEERKT_
                          __ZNKSt3__16locale9has_facetERNS0_2idE
                          __ZNKSt3__16locale9use_facetERNS0_2idE
                          __ZNKSt3__18ios_base6getlocEv
                          __ZNKSt3__18numpunctIcE11do_groupingEv
                          __ZNKSt3__18numpunctIcE11do_truenameEv
                          __ZNKSt3__18numpunctIcE12do_falsenameEv
                          __ZNKSt3__18numpunctIcE16do_thousands_sepEv
                          __ZNKSt9exception4whatEv
                          __ZNSt11logic_errorC2EPKc
                          __ZNSt11logic_errorC2ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE
                          __ZNSt12domain_errorD1Ev
                          __ZNSt12out_of_rangeD1Ev
                          __ZNSt13runtime_errorC2EPKc
                          __ZNSt13runtime_errorC2ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE
                          __ZNSt13runtime_errorD2Ev
                          __ZNSt16invalid_argumentD1Ev
                          __ZNSt3__111this_thread9sleep_forERKNS_6chrono8durationIxNS_5ratioILl1ELl1000000000EEEEE
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE5eraseEmm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEPKcm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEPKcmm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEmc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEmc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6assignEPKc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertENS_11__wrap_iterIPKcEEc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertEmPKc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6resizeEmc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7replaceEmmPKcm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7reserveEm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE9push_backEc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_mmRKS4_
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEED1Ev
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSERKS5_
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSEc
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEPKwm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEPKwmm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEmw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6appendEPKw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6appendEPKwm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6assignEPKw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6resizeEmw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE7reserveEm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE9push_backEw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEC1ERKS5_
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEED1Ev
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEaSERKS5_
                          __ZNSt3__113basic_filebufIcNS_11char_traitsIcEEE4syncEv
                          __ZNSt3__113basic_filebufIcNS_11char_traitsIcEEEC2Ev
                          __ZNSt3__113basic_filebufIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE4readEPcl
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5seekgENS_4fposI11__mbstate_tEE
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5seekgExNS_8ios_base7seekdirE
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5tellgEv
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE6sentryC1ERS3_b
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE4readEPwl
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE5seekgENS_4fposI11__mbstate_tEE
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE5seekgExNS_8ios_base7seekdirE
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE5tellgEv
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEED0Ev
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEED1Ev
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5writeEPKcl
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEPNS_15basic_streambufIcS2_EE
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEd
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEf
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEi
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEl
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEs
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEt
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEx
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEy
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEE5writeEPKwl
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEED0Ev
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEED1Ev
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEElsEd
                          __ZNSt3__114__split_bufferIcRNS_9allocatorIcEEE18__construct_at_endINS_19istreambuf_iteratorIcNS_11char_traitsIcEEEEEENS_9enable_ifIXaasr19__is_input_iteratorIT_EE5valuentsr21__is_forward_iteratorISB_EE5valueEvE4typeESB_SB_
                          __ZNSt3__114__split_bufferIcRNS_9allocatorIcEEE9push_backEOc
                          __ZNSt3__114__split_bufferIhRNS_9allocatorIhEEE9push_backEOh
                          __ZNSt3__114__thread_proxyINS_5tupleIJPFvP9TMainLoopES3_EEEEEPvS7_
                          __ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED0Ev
                          __ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED1Ev
                          __ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__115__thread_structC1Ev
                          __ZNSt3__115__thread_structD1Ev
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE4syncEv
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5imbueERKNS_6localeE
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5uflowEv
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6setbufEPcl
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsgetnEPcl
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsputnEPKcl
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE7seekoffExNS_8ios_base7seekdirEj
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE7seekposENS_4fposI11__mbstate_tEEj
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9showmanycEv
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE4syncEv
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE5imbueERKNS_6localeE
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE5uflowEv
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE6setbufEPwl
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE6xsgetnEPwl
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE6xsputnEPKwl
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEE9showmanycEv
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEEC2Ev
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__115basic_stringbufIcNS_11char_traitsIcEENS_9allocatorIcEEE3strERKNS_12basic_stringIcS2_S4_EE
                          __ZNSt3__115basic_stringbufIwNS_11char_traitsIwEENS_9allocatorIwEEE3strERKNS_12basic_stringIwS2_S4_EE
                          __ZNSt3__119__thread_local_dataEv
                          __ZNSt3__120__throw_system_errorEiPKc
                          __ZNSt3__124__put_character_sequenceIcNS_11char_traitsIcEEEERNS_13basic_ostreamIT_T0_EES7_PKS4_m
                          __ZNSt3__124uniform_int_distributionIiEclINS_26linear_congruential_engineIjLj48271ELj0ELj2147483647EEEEEiRT_RKNS1_10param_typeE
                          __ZNSt3__125__independent_bits_engineINS_26linear_congruential_engineIjLj48271ELj0ELj2147483647EEEjE6__evalENS_17integral_constantIbLb1EEE
                          __ZNSt3__125__independent_bits_engineINS_26linear_congruential_engineIjLj48271ELj0ELj2147483647EEEjEC2ERS2_m
                          __ZNSt3__127__tree_balance_after_insertIPNS_16__tree_node_baseIPvEEEEvT_S5_
                          __ZNSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyENS_4lessIS6_EENS4_INS_4pairIKS6_S8_EEEEE16__find_equal_keyERPNS_16__tree_node_baseIPvEERSC_
                          __ZNSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyENS_4lessIS6_EENS4_INS_4pairIKS6_S8_EEEEEixERSC_
                          __ZNSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN8nlohmann10basic_jsonIS0_NS_6vectorES6_bxydS4_EENS_4lessIS6_EENS4_INS_4pairIKS6_SA_EEEEE16__find_equal_keyERPNS_16__tree_node_baseIPvEERSE_
                          __ZNSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN8nlohmann10basic_jsonIS0_NS_6vectorES6_bxydS4_EENS_4lessIS6_EENS4_INS_4pairIKS6_SA_EEEEE2atERSE_
                          __ZNSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN8nlohmann10basic_jsonIS0_NS_6vectorES6_bxydS4_EENS_4lessIS6_EENS4_INS_4pairIKS6_SA_EEEEEixERSE_
                          __ZNSt3__13mapINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueNS_4lessIS6_EENS4_INS_4pairIKS6_S8_EEEEE16__find_equal_keyERPNS_16__tree_node_baseIPvEERSC_
                          __ZNSt3__13mapINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueNS_4lessIS6_EENS4_INS_4pairIKS6_S8_EEEEEixERSC_
                          __ZNSt3__15ctypeIcE2idE
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyEEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE12__find_equalISA_EERPNS_16__tree_node_baseIPvEENS_21__tree_const_iteratorISA_PNS_11__tree_nodeISA_SJ_EElEESM_RKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyEEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE12__find_equalISA_EERPNS_16__tree_node_baseIPvEESM_RKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyEEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE15__insert_uniqueIRKNS_4pairIKS7_S9_EEEENS_15__tree_iteratorISA_PNS_11__tree_nodeISA_PvEElEENS_21__tree_const_iteratorISA_SR_lEEOT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyEEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE16__construct_nodeIJRKNS_4pairIKS7_S9_EEEEENS_10unique_ptrINS_11__tree_nodeISA_PvEENS_22__tree_node_destructorINS5_ISQ_EEEEEEDpOT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyEEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE4findIS7_EENS_15__tree_iteratorISA_PNS_11__tree_nodeISA_PvEElEERKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyEEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE7destroyEPNS_11__tree_nodeISA_PvEE
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN8nlohmann10basic_jsonINS_3mapENS_6vectorES7_bxydS5_EEEENS_19__map_value_compareIS7_SD_NS_4lessIS7_EELb1EEENS5_ISD_EEE4findIS7_EENS_15__tree_iteratorISD_PNS_11__tree_nodeISD_PvEElEERKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN8nlohmann10basic_jsonINS_3mapENS_6vectorES7_bxydS5_EEEENS_19__map_value_compareIS7_SD_NS_4lessIS7_EELb1EEENS5_ISD_EEE7destroyEPNS_11__tree_nodeISD_PvEE
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE12__find_equalISA_EERPNS_16__tree_node_baseIPvEENS_21__tree_const_iteratorISA_PNS_11__tree_nodeISA_SJ_EElEESM_RKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE12__find_equalISA_EERPNS_16__tree_node_baseIPvEESM_RKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE13__lower_boundIS7_EENS_15__tree_iteratorISA_PNS_11__tree_nodeISA_PvEElEERKT_SM_SM_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE14__assign_multiINS_21__tree_const_iteratorISA_PNS_11__tree_nodeISA_PvEElEEEEvT_SO_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE14__insert_multiERKSA_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE15__insert_uniqueIRKNS_4pairIKS7_S9_EEEENS_15__tree_iteratorISA_PNS_11__tree_nodeISA_PvEElEENS_21__tree_const_iteratorISA_SR_lEEOT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE16__find_leaf_highERPNS_16__tree_node_baseIPvEERKSA_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE4findIS7_EENS_15__tree_iteratorISA_PNS_11__tree_nodeISA_PvEElEERKT_
                          __ZNSt3__16__treeINS_12__value_typeINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEEP9JSONValueEENS_19__map_value_compareIS7_SA_NS_4lessIS7_EELb1EEENS5_ISA_EEE7destroyEPNS_11__tree_nodeISA_PvEE
                          __ZNSt3__16chrono12system_clock3nowEv
                          __ZNSt3__16locale14__install_ctorERKS0_PNS0_5facetEl
                          __ZNSt3__16locale2id5__getEv
                          __ZNSt3__16locale5facet16__on_zero_sharedEv
                          __ZNSt3__16localeC1ERKS0_
                          __ZNSt3__16localeC1Ev
                          __ZNSt3__16localeD1Ev
                          __ZNSt3__16localeaSERKS0_
                          __ZNSt3__16removeINS_11__wrap_iterIPNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEEES7_EET_SA_SA_RKT0_
                          __ZNSt3__16threadD1Ev
                          __ZNSt3__16vectorIN5boost3anyENS_9allocatorIS2_EEE21__push_back_slow_pathIS2_EEvOT_
                          __ZNSt3__16vectorIN5boost3anyENS_9allocatorIS2_EEEC2ERKS5_
                          __ZNSt3__16vectorIN8nlohmann10basic_jsonINS_3mapES0_NS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEbxydS7_EENS7_ISA_EEE21__push_back_slow_pathISA_EEvOT_
                          __ZNSt3__16vectorINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEENS4_IS6_EEE21__push_back_slow_pathIRKS6_EEvOT_
                          __ZNSt3__16vectorINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEENS4_IS6_EEE5eraseENS_11__wrap_iterIPKS6_EESC_
                          __ZNSt3__16vectorINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEENS4_IS6_EEE6assignIPKS6_EENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIS6_NS_15iterator_traitsISD_E9referenceEEE5valueEvE4typeESD_SD_
                          __ZNSt3__16vectorINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEENS4_IS6_EEE6insertINS_11__wrap_iterIPS6_EEEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIS6_NS_15iterator_traitsISE_E9referenceEEE5valueESC_E4typeENSA_IPKS6_EESE_SE_
                          __ZNSt3__16vectorINS_12basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEENS4_IS6_EEE21__push_back_slow_pathIRKS6_EEvOT_
                          __ZNSt3__16vectorIP9JSONValueNS_9allocatorIS2_EEE21__push_back_slow_pathIRKS2_EEvOT_
                          __ZNSt3__16vectorIP9JSONValueNS_9allocatorIS2_EEE21__push_back_slow_pathIS2_EEvOT_
                          __ZNSt3__16vectorIP9JSONValueNS_9allocatorIS2_EEE6assignIPS2_EENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIS2_NS_15iterator_traitsIS9_E9referenceEEE5valueEvE4typeES9_S9_
                          __ZNSt3__16vectorIP9JSONValueNS_9allocatorIS2_EEEC2ERKS5_
                          __ZNSt3__16vectorIcNS_9allocatorIcEEE6insertENS_11__wrap_iterIPKcEEOc
                          __ZNSt3__16vectorIcNS_9allocatorIcEEE6insertINS_13move_iteratorIPcEEEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIcNS_15iterator_traitsIS9_E9referenceEEE5valueENS_11__wrap_iterIS6_EEE4typeENSD_IPKcEES9_S9_
                          __ZNSt3__16vectorIcNS_9allocatorIcEEE6insertINS_19istreambuf_iteratorIcNS_11char_traitsIcEEEEEENS_9enable_ifIXaaaasr19__is_input_iteratorIT_EE5valuentsr21__is_forward_iteratorISA_EE5valuesr16is_constructibleIcNS_15iterator_traitsISA_E9referenceEEE5valueENS_11__wrap_iterIPcEEE4typeENSE_IPKcEESA_SA_
                          __ZNSt3__16vectorIcNS_9allocatorIcEEE8__appendEm
                          __ZNSt3__16vectorIcNS_9allocatorIcEEEC2ERKS3_
                          __ZNSt3__16vectorIcNS_9allocatorIcEEEC2Em
                          __ZNSt3__16vectorIcNS_9allocatorIcEEEC2INS_11__wrap_iterIPKcEEEET_NS_9enable_ifIXaasr21__is_forward_iteratorIS9_EE5valuesr16is_constructibleIcNS_15iterator_traitsIS9_E9referenceEEE5valueES9_E4typeE
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE21__push_back_slow_pathIRKhEEvOT_
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE21__push_back_slow_pathIhEEvOT_
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE6insertENS_11__wrap_iterIPKhEEOh
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE6insertINS_11__wrap_iterIPhEEEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIhNS_15iterator_traitsIS9_E9referenceEEE5valueES7_E4typeENS5_IPKhEES9_S9_
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE6insertINS_16reverse_iteratorINS_11__wrap_iterIPhEEEEEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIhNS_15iterator_traitsISB_E9referenceEEE5valueES8_E4typeENS6_IPKhEESB_SB_
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE6insertIPhEENS_9enable_ifIXaasr21__is_forward_iteratorIT_EE5valuesr16is_constructibleIhNS_15iterator_traitsIS7_E9referenceEEE5valueENS_11__wrap_iterIS5_EEE4typeENSB_IPKhEES7_S7_
                          __ZNSt3__16vectorIhNS_9allocatorIhEEE8__appendEmRKh
                          __ZNSt3__16vectorIhNS_9allocatorIhEEEC2ERKS3_
                          __ZNSt3__16vectorIhNS_9allocatorIhEEEC2Em
                          __ZNSt3__16vectorIiNS_9allocatorIiEEE21__push_back_slow_pathIRKiEEvOT_
                          __ZNSt3__16vectorIiNS_9allocatorIiEEE21__push_back_slow_pathIiEEvOT_
                          __ZNSt3__17codecvtIcc11__mbstate_tE2idE
                          __ZNSt3__17getlineIcNS_11char_traitsIcEENS_9allocatorIcEEEERNS_13basic_istreamIT_T0_EES9_RNS_12basic_stringIS6_S7_T1_EES6_
                          __ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv
                          __ZNSt3__18ios_base4initEPv
                          __ZNSt3__18ios_base5clearEj
                          __ZNSt3__18ios_base5imbueERKNS_6localeE
                          __ZNSt3__18numpunctIcE2idE
                          __ZNSt3__18numpunctIcEC2Em
                          __ZNSt3__18numpunctIcED2Ev
                          __ZNSt3__19basic_iosIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__19basic_iosIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_
                          __ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EERKS9_PKS6_
                          __ZNSt8bad_castC1Ev
                          __ZNSt8bad_castC2Ev
                          __ZNSt8bad_castD1Ev
                          __ZNSt8bad_castD2Ev
                          __ZNSt9bad_allocC1Ev
                          __ZNSt9bad_allocD1Ev
                          __ZNSt9exceptionD2Ev
                          __ZSt9terminatev
                          __ZTIN4pugi10xml_writerE
                          __ZTIN4redi14basic_ipstreamIcNSt3__111char_traitsIcEEEE
                          __ZTIN4redi14pstream_commonIcNSt3__111char_traitsIcEEEE
                          __ZTIN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEEE
                          __ZTIN4redi8pstreamsE
                          __ZTIN5Plist4DateE
                          __ZTIN5Plist5ErrorE
                          __ZTIN5boost12bad_any_castE
                          __ZTIN5boost16exception_detail10clone_baseE
                          __ZTIN5boost16exception_detail10clone_implINS0_19error_info_injectorINS_12bad_any_castEEEEE
                          __ZTIN5boost16exception_detail19error_info_injectorINS_12bad_any_castEEE
                          __ZTIN5boost3any11placeholderE
                          __ZTIN5boost3any6holderIKNSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEEE
                          __ZTIN5boost3any6holderIN5Plist4DateEEE
                          __ZTIN5boost3any6holderINSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEEE
                          __ZTIN5boost3any6holderINSt3__13mapINS2_12basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEES0_NS2_4lessIS9_EENS7_INS2_4pairIKS9_S0_EEEEEEEE
                          __ZTIN5boost3any6holderINSt3__16vectorIS0_NS2_9allocatorIS0_EEEEEE
                          __ZTIN5boost3any6holderINSt3__16vectorIcNS2_9allocatorIcEEEEEE
                          __ZTIN5boost3any6holderIbEE
                          __ZTIN5boost3any6holderIdEE
                          __ZTIN5boost3any6holderIxEE
                          __ZTIN5boost6locale4conv16conversion_errorE
                          __ZTIN5boost9exceptionE
                          __ZTIN9libcode646bufferE
                          __ZTINSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTINSt3__113__vector_baseIN5boost3anyENS_9allocatorIS2_EEEE
                          __ZTINSt3__113__vector_baseIcNS_9allocatorIcEEEE
                          __ZTINSt3__113basic_filebufIcNS_11char_traitsIcEEEE
                          __ZTINSt3__113basic_istreamIcNS_11char_traitsIcEEEE
                          __ZTINSt3__113basic_istreamIwNS_11char_traitsIwEEEE
                          __ZTINSt3__113basic_ostreamIcNS_11char_traitsIcEEEE
                          __ZTINSt3__113basic_ostreamIwNS_11char_traitsIwEEEE
                          __ZTINSt3__114basic_ifstreamIcNS_11char_traitsIcEEEE
                          __ZTINSt3__114basic_iostreamIcNS_11char_traitsIcEEEE
                          __ZTINSt3__114basic_iostreamIwNS_11char_traitsIwEEEE
                          __ZTINSt3__114basic_ofstreamIcNS_11char_traitsIcEEEE
                          __ZTINSt3__115basic_streambufIcNS_11char_traitsIcEEEE
                          __ZTINSt3__115basic_streambufIwNS_11char_traitsIwEEEE
                          __ZTINSt3__115basic_stringbufIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTINSt3__115basic_stringbufIwNS_11char_traitsIwEENS_9allocatorIwEEEE
                          __ZTINSt3__117bad_function_callE
                          __ZTINSt3__118basic_stringstreamIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTINSt3__118basic_stringstreamIwNS_11char_traitsIwEENS_9allocatorIwEEEE
                          __ZTINSt3__119basic_ostringstreamIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTINSt3__120__vector_base_commonILb1EEE
                          __ZTINSt3__121__basic_string_commonILb1EEE
                          __ZTINSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyENS_4lessIS6_EENS4_INS_4pairIKS6_S8_EEEEEE
                          __ZTINSt3__16vectorIN5boost3anyENS_9allocatorIS2_EEEE
                          __ZTINSt3__16vectorIcNS_9allocatorIcEEEE
                          __ZTINSt3__18numpunctIcEE
                          __ZTINSt3__19basic_iosIcNS_11char_traitsIcEEEE
                          __ZTISt12domain_error
                          __ZTISt12out_of_range
                          __ZTISt13runtime_error
                          __ZTISt16invalid_argument
                          __ZTISt8bad_cast
                          __ZTISt9bad_alloc
                          __ZTISt9exception
                          __ZTIb
                          __ZTId
                          __ZTIf
                          __ZTIi
                          __ZTIl
                          __ZTIs
                          __ZTIv
                          __ZTIx
                          __ZTSN4pugi10xml_writerE
                          __ZTSN4redi14basic_ipstreamIcNSt3__111char_traitsIcEEEE
                          __ZTSN4redi14pstream_commonIcNSt3__111char_traitsIcEEEE
                          __ZTSN4redi16basic_pstreambufIcNSt3__111char_traitsIcEEEE
                          __ZTSN4redi8pstreamsE
                          __ZTSN5Plist4DateE
                          __ZTSN5Plist5ErrorE
                          __ZTSN5boost12bad_any_castE
                          __ZTSN5boost16exception_detail10clone_baseE
                          __ZTSN5boost16exception_detail10clone_implINS0_19error_info_injectorINS_12bad_any_castEEEEE
                          __ZTSN5boost16exception_detail19error_info_injectorINS_12bad_any_castEEE
                          __ZTSN5boost3any11placeholderE
                          __ZTSN5boost3any6holderIKNSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEEE
                          __ZTSN5boost3any6holderIN5Plist4DateEEE
                          __ZTSN5boost3any6holderINSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEEE
                          __ZTSN5boost3any6holderINSt3__13mapINS2_12basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEES0_NS2_4lessIS9_EENS7_INS2_4pairIKS9_S0_EEEEEEEE
                          __ZTSN5boost3any6holderINSt3__16vectorIS0_NS2_9allocatorIS0_EEEEEE
                          __ZTSN5boost3any6holderINSt3__16vectorIcNS2_9allocatorIcEEEEEE
                          __ZTSN5boost3any6holderIbEE
                          __ZTSN5boost3any6holderIdEE
                          __ZTSN5boost3any6holderIxEE
                          __ZTSN5boost6locale4conv16conversion_errorE
                          __ZTSN5boost9exceptionE
                          __ZTSN9libcode646bufferE
                          __ZTSNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTSNSt3__113__vector_baseIN5boost3anyENS_9allocatorIS2_EEEE
                          __ZTSNSt3__113__vector_baseIcNS_9allocatorIcEEEE
                          __ZTSNSt3__113basic_filebufIcNS_11char_traitsIcEEEE
                          __ZTSNSt3__114basic_ifstreamIcNS_11char_traitsIcEEEE
                          __ZTSNSt3__114basic_iostreamIwNS_11char_traitsIwEEEE
                          __ZTSNSt3__114basic_ofstreamIcNS_11char_traitsIcEEEE
                          __ZTSNSt3__115basic_stringbufIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTSNSt3__115basic_stringbufIwNS_11char_traitsIwEENS_9allocatorIwEEEE
                          __ZTSNSt3__117bad_function_callE
                          __ZTSNSt3__118basic_stringstreamIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTSNSt3__118basic_stringstreamIwNS_11char_traitsIwEENS_9allocatorIwEEEE
                          __ZTSNSt3__119basic_ostringstreamIcNS_11char_traitsIcEENS_9allocatorIcEEEE
                          __ZTSNSt3__120__vector_base_commonILb1EEE
                          __ZTSNSt3__121__basic_string_commonILb1EEE
                          __ZTSNSt3__13mapINS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEN5boost3anyENS_4lessIS6_EENS4_INS_4pairIKS6_S8_EEEEEE
                          __ZTSNSt3__16vectorIN5boost3anyENS_9allocatorIS2_EEEE
                          __ZTSNSt3__16vectorIcNS_9allocatorIcEEEE
                          __ZTVN10__cxxabiv117__class_type_infoE
                          __ZTVN10__cxxabiv120__si_class_type_infoE
                          __ZTVN10__cxxabiv121__vmi_class_type_infoE
                          __ZTVSt12domain_error
                          __ZTVSt12out_of_range
                          __ZTVSt16invalid_argument
                          __ZThn16_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED0Ev
                          __ZThn16_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED1Ev
                          __ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev
                          __ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev
                          __ZTv0_n24_NSt3__113basic_istreamIwNS_11char_traitsIwEEED0Ev
                          __ZTv0_n24_NSt3__113basic_istreamIwNS_11char_traitsIwEEED1Ev
                          __ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev
                          __ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev
                          __ZTv0_n24_NSt3__113basic_ostreamIwNS_11char_traitsIwEEED0Ev
                          __ZTv0_n24_NSt3__113basic_ostreamIwNS_11char_traitsIwEEED1Ev
                          __ZTv0_n24_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED0Ev
                          __ZTv0_n24_NSt3__114basic_iostreamIcNS_11char_traitsIcEEED1Ev
                          __ZZNK8nlohmann10basic_jsonINSt3__13mapENS1_6vectorENS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEbxydS7_E4dumpEiE3loc
                          __ZdaPv
                          __ZdlPv
                          __Znam
                          __Znwm
                          ___assert_rtn
                          ___bzero
                          ___cxa_allocate_exception
                          ___cxa_atexit
                          ___cxa_begin_catch
                          ___cxa_end_catch
                          ___cxa_free_exception
                          ___cxa_guard_abort
                          ___cxa_guard_acquire
                          ___cxa_guard_release
                          ___cxa_pure_virtual
                          ___cxa_rethrow
                          ___cxa_throw
                          ___error
                          ___fpclassifyd
                          ___gxx_personality_v0
                          ___maskrune
                          ___memcpy_chk
                          ___memmove_chk
                          ___memset_chk
                          ___sprintf_chk
                          ___stack_chk_fail
                          ___stack_chk_guard
                          ___stderrp
                          ___stdinp
                          ___stdoutp
                          ___strcat_chk
                          ___strcpy_chk
                          ___tolower
                          ___toupper
                          __exit
                          __longjmp
                          __mh_execute_header
                          __setjmp
                          _abort
                          _accept
                          _access
                          _alarm
                          _atexit
                          _atof
                          _atoi
                          _atoll
                          _basename
                          _bind
                          _calloc
                          _ceil
                          _chmod
                          _close
                          _closedir
                          _connect
                          _dlclose
                          _dlerror
                          _dlopen
                          _dlsym
                          _dup2
                          _execl
                          _exit
                          _fclose
                          _fcntl
                          _fdopen
                          _feof
                          _ferror
                          _fflush
                          _fgets
                          _fileno
                          _floor
                          _fmod
                          _fopen
                          _fork
                          _fprintf
                          _fputc
                          _fputs
                          _fread
                          _free
                          _freeaddrinfo
                          _freeifaddrs
                          _fseek
                          _fseeko
                          _fstat$INODE64
                          _ftell
                          _ftello
                          _fwrite
                          _gai_strerror
                          _getaddrinfo
                          _getcontext
                          _getegid
                          _getenv
                          _geteuid
                          _getgid
                          _gethostbyname
                          _gethostname
                          _getifaddrs
                          _getnameinfo
                          _getpeername
                          _getpid
                          _getpwuid_r
                          _getsockname
                          _getsockopt
                          _gettimeofday
                          _getuid
                          _gmtime
                          _gmtime_r
                          _if_nametoindex
                          _inet_ntop
                          _inet_pton
                          _ioctl
                          _kill
                          _listen
                          _localtime
                          _lseek
                          _makecontext
                          _malloc
                          _mbstowcs
                          _memchr
                          _memcmp
                          _memcpy
                          _memmove
                          _memset
                          _memset_pattern16
                          _mktemp
                          _mktime
                          _mlock
                          _mmap
                          _mprotect
                          _munmap
                          _open
                          _opendir$INODE64
                          _pipe
                          _poll
                          _pthread_create
                          _pthread_equal
                          _pthread_getspecific
                          _pthread_key_create
                          _pthread_key_delete
                          _pthread_once
                          _pthread_rwlock_destroy
                          _pthread_rwlock_init
                          _pthread_rwlock_rdlock
                          _pthread_rwlock_unlock
                          _pthread_rwlock_wrlock
                          _pthread_self
                          _pthread_setspecific
                          _qsort
                          _rand
                          _read
                          _readdir$INODE64
                          _realloc
                          _recv
                          _recvfrom
                          _remove
                          _select$1050
                          _send
                          _sendto
                          _setbuf
                          _setcontext
                          _setpgid
                          _setsockopt
                          _sigaction
                          _siglongjmp
                          _signal
                          _sigsetjmp
                          _sleep
                          _snprintf
                          _socket
                          _socketpair
                          _sprintf
                          _srand
                          _sscanf
                          _stat$INODE64
                          _strcasecmp
                          _strchr
                          _strcmp
                          _strcpy
                          _strcspn
                          _strdup
                          _strerror
                          _strerror_r
                          _strftime
                          _strlen
                          _strncasecmp
                          _strncmp
                          _strncpy
                          _strpbrk
                          _strrchr
                          _strspn
                          _strstr
                          _strtod
                          _strtok_r
                          _strtol
                          _strtoul
                          _sysconf
                          _system
                          _tcgetattr
                          _tcsetattr
                          _time
                          _uname
                          _vfprintf
                          _waitpid
                          _wcslen
                          _wcsncasecmp
                          _wmemcmp
                          _write
                          dyld_stub_binder
                          _Gestalt
                          _NXGetLocalArchInfo
                          __NSGetExecutablePath
                          __Unwind_Resume
                          __ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE4findEPKcmm
                          __ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE5rfindEcm
                          __ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEPKc
                          __ZNKSt3__120__vector_base_commonILb1EE20__throw_length_errorEv
                          __ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv
                          __ZNKSt3__16locale9has_facetERNS0_2idE
                          __ZNKSt3__16locale9use_facetERNS0_2idE
                          __ZNKSt3__18ios_base6getlocEv
                          __ZNSt11logic_errorC2EPKc
                          __ZNSt11logic_errorC2ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE
                          __ZNSt13runtime_errorC2EPKc
                          __ZNSt13runtime_errorC2ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE
                          __ZNSt13runtime_errorD2Ev
                          __ZNSt3__111this_thread9sleep_forERKNS_6chrono8durationIxNS_5ratioILl1ELl1000000000EEEEE
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE5eraseEmm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEPKcm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEPKcmm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6__initEmc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEmc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6assignEPKc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertENS_11__wrap_iterIPKcEEc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertEmPKc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6resizeEmc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7replaceEmmPKcm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7reserveEm
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE9push_backEc
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_mmRKS4_
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEED1Ev
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSERKS5_
                          __ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSEc
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEPKwm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEPKwmm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEmw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6appendEPKw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6appendEPKwm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6assignEPKw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6resizeEmw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE7reserveEm
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE9push_backEw
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEC1ERKS5_
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEED1Ev
                          __ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEaSERKS5_
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE4readEPcl
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5seekgENS_4fposI11__mbstate_tEE
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5seekgExNS_8ios_base7seekdirE
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5tellgEv
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE6sentryC1ERS3_b
                          __ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE4readEPwl
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE5seekgENS_4fposI11__mbstate_tEE
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE5seekgExNS_8ios_base7seekdirE
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEE5tellgEv
                          __ZNSt3__113basic_istreamIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5writeEPKcl
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEPNS_15basic_streambufIcS2_EE
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEd
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEf
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEi
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEl
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEs
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEt
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEx
                          __ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEy
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEE5writeEPKwl
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__113basic_ostreamIwNS_11char_traitsIwEEElsEd
                          __ZNSt3__114basic_iostreamIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__115__thread_structC1Ev
                          __ZNSt3__115__thread_structD1Ev
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev
                          __ZNSt3__115basic_streambufIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEEC2Ev
                          __ZNSt3__115basic_streambufIwNS_11char_traitsIwEEED2Ev
                          __ZNSt3__119__thread_local_dataEv
                          __ZNSt3__120__throw_system_errorEiPKc
                          __ZNSt3__16chrono12system_clock3nowEv
                          __ZNSt3__16locale14__install_ctorERKS0_PNS0_5facetEl
                          __ZNSt3__16locale2id5__getEv
                          __ZNSt3__16localeC1ERKS0_
                          __ZNSt3__16localeC1Ev
                          __ZNSt3__16localeD1Ev
                          __ZNSt3__16localeaSERKS0_
                          __ZNSt3__16threadD1Ev
                          __ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv
                          __ZNSt3__18ios_base4initEPv
                          __ZNSt3__18ios_base5clearEj
                          __ZNSt3__18ios_base5imbueERKNS_6localeE
                          __ZNSt3__18numpunctIcEC2Em
                          __ZNSt3__18numpunctIcED2Ev
                          __ZNSt3__19basic_iosIcNS_11char_traitsIcEEED2Ev
                          __ZNSt3__19basic_iosIwNS_11char_traitsIwEEED2Ev
                          __ZNSt8bad_castC1Ev
                          __ZNSt8bad_castC2Ev
                          __ZNSt8bad_castD2Ev
                          __ZNSt9bad_allocC1Ev
                          __ZNSt9exceptionD2Ev
                          __ZSt9terminatev
                          ___assert_rtn
                          ___bzero
                          ___cxa_allocate_exception
                          ___cxa_atexit
                          ___cxa_begin_catch
                          ___cxa_end_catch
                          ___cxa_free_exception
                          ___cxa_guard_abort
                          ___cxa_guard_acquire
                          ___cxa_guard_release
                          ___cxa_rethrow
                          ___cxa_throw
                          ___error
                          ___fpclassifyd
                          ___maskrune
                          ___memcpy_chk
                          ___memmove_chk
                          ___memset_chk
                          ___sprintf_chk
                          ___stack_chk_fail
                          ___strcat_chk
                          ___strcpy_chk
                          ___tolower
                          ___toupper
                          __exit
                          __longjmp
                          __setjmp
                          _abort
                          _accept
                          _access
                          _alarm
                          _atexit
                          _atof
                          _atoi
                          _atoll
                          _basename
                          _bind
                          _ceil
                          _chmod
                          _close
                          _closedir
                          _connect
                          _dlclose
                          _dlerror
                          _dlopen
                          _dlsym
                          _dup2
                          _execl
                          _exit
                          _fclose
                          _fcntl
                          _fdopen
                          _feof
                          _ferror
                          _fflush
                          _fgets
                          _fileno
                          _floor
                          _fmod
                          _fopen
                          _fork
                          _fprintf
                          _fputc
                          _fputs
                          _fread
                          _free
                          _freeaddrinfo
                          _freeifaddrs
                          _fseek
                          _fseeko
                          _fstat$INODE64
                          _ftell
                          _ftello
                          _fwrite
                          _gai_strerror
                          _getaddrinfo
                          _getcontext
                          _getegid
                          _getenv
                          _geteuid
                          _getgid
                          _gethostbyname
                          _gethostname
                          _getifaddrs
                          _getnameinfo
                          _getpeername
                          _getpid
                          _getpwuid_r
                          _getsockname
                          _getsockopt
                          _gettimeofday
                          _getuid
                          _gmtime
                          _gmtime_r
                          _if_nametoindex
                          _inet_ntop
                          _inet_pton
                          _ioctl
                          _kill
                          _listen
                          _localtime
                          _lseek
                          _makecontext
                          _malloc
                          _mbstowcs
                          _memchr
                          _memcmp
                          _memcpy
                          _memmove
                          _memset
                          _memset_pattern16
                          _mktemp
                          _mktime
                          _mlock
                          _mmap
                          _mprotect
                          _munmap
                          _open
                          _opendir$INODE64
                          _pipe
                          _poll
                          _pthread_create
                          _pthread_equal
                          _pthread_getspecific
                          _pthread_key_create
                          _pthread_key_delete
                          _pthread_once
                          _pthread_rwlock_destroy
                          _pthread_rwlock_init
                          _pthread_rwlock_rdlock
                          _pthread_rwlock_unlock
                          _pthread_rwlock_wrlock
                          _pthread_self
                          _pthread_setspecific
                          _qsort
                          _rand
                          _read
                          _readdir$INODE64
                          _realloc
                          _recv
                          _recvfrom
                          _remove
                          _select$1050
                          _send
                          _sendto
                          _setbuf
                          _setcontext
                          _setpgid
                          _setsockopt
                          _sigaction
                          _siglongjmp
                          _signal
                          _sigsetjmp
                          _sleep
                          _snprintf
                          _socket
                          _socketpair
                          _sprintf
                          _srand
                          _sscanf
                          _stat$INODE64
                          _strcasecmp
                          _strchr
                          _strcmp
                          _strcpy
                          _strcspn
                          _strdup
                          _strerror
                          _strerror_r
                          _strftime
                          _strlen
                          _strncasecmp
                          _strncmp
                          _strncpy
                          _strpbrk
                          _strrchr
                          _strspn
                          _strstr
                          _strtod
                          _strtok_r
                          _strtol
                          _strtoul
                          _sysconf
                          _system
                          _tcgetattr
                          _tcsetattr
                          _time
                          _uname
                          _vfprintf
                          _waitpid
                          _wcslen
                          _wcsncasecmp
                          _wmemcmp
                          _write

                          Network Behavior

                          Download Network PCAP: filteredfull

                          Network Port Distribution

                          • Total Packets: 9
                          • 80 (HTTP)
                          • 53 (DNS)
                          TimestampSource PortDest PortSource IPDest IP
                          Oct 16, 2021 12:10:22.968626976 CEST4919180192.168.11.11104.89.44.72
                          Oct 16, 2021 12:10:22.978148937 CEST8049191104.89.44.72192.168.11.11
                          Oct 16, 2021 12:10:22.978698015 CEST4919180192.168.11.11104.89.44.72
                          Oct 16, 2021 12:10:59.202996969 CEST4919480192.168.11.11172.67.191.194
                          Oct 16, 2021 12:10:59.211236000 CEST8049194172.67.191.194192.168.11.11
                          Oct 16, 2021 12:10:59.212163925 CEST4919480192.168.11.11172.67.191.194
                          Oct 16, 2021 12:10:59.212583065 CEST4919480192.168.11.11172.67.191.194
                          Oct 16, 2021 12:10:59.220938921 CEST8049194172.67.191.194192.168.11.11
                          Oct 16, 2021 12:10:59.330450058 CEST8049194172.67.191.194192.168.11.11
                          Oct 16, 2021 12:10:59.331088066 CEST4919480192.168.11.11172.67.191.194
                          Oct 16, 2021 12:10:59.331429005 CEST4919480192.168.11.11172.67.191.194
                          Oct 16, 2021 12:10:59.339994907 CEST8049194172.67.191.194192.168.11.11
                          Oct 16, 2021 12:10:59.340524912 CEST4919480192.168.11.11172.67.191.194
                          TimestampSource PortDest PortSource IPDest IP
                          Oct 16, 2021 12:10:27.754759073 CEST53535381.1.1.1192.168.11.11
                          Oct 16, 2021 12:10:59.188711882 CEST5822253192.168.11.111.1.1.1
                          Oct 16, 2021 12:10:59.199978113 CEST53582221.1.1.1192.168.11.11
                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                          Oct 16, 2021 12:10:59.188711882 CEST192.168.11.111.1.1.10x97ebStandard query (0)popcorntimeupd.xyzA (IP address)IN (0x0001)
                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                          Oct 16, 2021 12:10:59.199978113 CEST1.1.1.1192.168.11.110x97ebNo error (0)popcorntimeupd.xyz172.67.191.194A (IP address)IN (0x0001)
                          Oct 16, 2021 12:10:59.199978113 CEST1.1.1.1192.168.11.110x97ebNo error (0)popcorntimeupd.xyz104.21.36.91A (IP address)IN (0x0001)
                          • popcorntimeupd.xyz
                          Session IDSource IPSource PortDestination IPDestination Port
                          0192.168.11.1149194172.67.191.19480
                          TimestampkBytes transferredDirectionData
                          Oct 16, 2021 12:10:59.212583065 CEST6862OUTGET /?app_id=T4P_SEM&hid=dd4890ac960b28289774ea936e033343&ver=UNKNOWN&os=OSX101302 HTTP/1.1
                          Host: popcorntimeupd.xyz
                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 v1.4
                          Accept: */*
                          Oct 16, 2021 12:10:59.330450058 CEST6863INHTTP/1.1 200 OK
                          Date: Sat, 16 Oct 2021 10:10:59 GMT
                          Content-Type: text/plain; charset=UTF-8
                          Content-Length: 0
                          Connection: keep-alive
                          access-control-allow-origin: *
                          CF-Cache-Status: DYNAMIC
                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOaXLaD3NzCqqJH5RMhNSa6S0BVIR7Qsrhq11X6FZc2V2th2bstVS68crTsLVbYTxrmbagqucFxes5EBFaFw80hCJhbWZxDqyb%2FMHMAbCax1zH89X1vibKQ8EXTzwaGd5xJQEAA%3D"}],"group":"cf-nel","max_age":604800}
                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                          Server: cloudflare
                          CF-RAY: 69f080201e1597c0-FRA
                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400


                          System Behavior

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
                          Arguments:n/a
                          File size:3722408 bytes
                          MD5 hash:8910349f44a940d8d79318367855b236
                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/Users/berri/Desktop/PT.updd
                          Arguments:/Users/berri/Desktop/PT.updd
                          File size:3285300 bytes
                          MD5 hash:e344d16054bf7571d7ecb8e435b862b2
                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/sh
                          Arguments:n/a
                          File size:618512 bytes
                          MD5 hash:8aa60b22a5d30418a002b340989384dc

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/mkdir
                          Arguments:mkdir -p /Library/PrivilegedHelperTools/
                          File size:18592 bytes
                          MD5 hash:135a3b94b3d9efccb4c8cd23ac404571

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/sh
                          Arguments:n/a
                          File size:618512 bytes
                          MD5 hash:8aa60b22a5d30418a002b340989384dc

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/cp
                          Arguments:cp /Users/berri/Desktop/PT.updd /Library/PrivilegedHelperTools/PT.updd
                          File size:29008 bytes
                          MD5 hash:57fc302d74610c3350e683c6c9771076
                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/sh
                          Arguments:n/a
                          File size:618512 bytes
                          MD5 hash:8aa60b22a5d30418a002b340989384dc

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/mkdir
                          Arguments:mkdir -p /Library/LaunchDaemons/
                          File size:18592 bytes
                          MD5 hash:135a3b94b3d9efccb4c8cd23ac404571

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/sh
                          Arguments:n/a
                          File size:618512 bytes
                          MD5 hash:8aa60b22a5d30418a002b340989384dc

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/bin/launchctl
                          Arguments:/bin/launchctl load /Library/LaunchDaemons/PT.updd.plist
                          File size:124656 bytes
                          MD5 hash:17fad4b994d600d0a5b6bc02b55c2c80

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/usr/libexec/xpcproxy
                          Arguments:n/a
                          File size:43488 bytes
                          MD5 hash:d1bb9a4899f0af921e8188218b20d744

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:09:57
                          Start date:16/10/2021
                          Path:/Library/PrivilegedHelperTools/PT.updd
                          Arguments:/Library/PrivilegedHelperTools/PT.updd
                          File size:3285300 bytes
                          MD5 hash:e344d16054bf7571d7ecb8e435b862b2
                          Start time:12:10:58
                          Start date:16/10/2021
                          Path:/Library/PrivilegedHelperTools/PT.updd
                          Arguments:n/a
                          File size:3285300 bytes
                          MD5 hash:e344d16054bf7571d7ecb8e435b862b2

                          Process Activities

                          Start time:12:10:58
                          Start date:16/10/2021
                          Path:/bin/sh
                          Arguments:sh -c /usr/libexec/PlistBuddy /Applications/PopcornTime.app/Contents/Info.plist -c 'Print CFBundleVersion'
                          File size:618512 bytes
                          MD5 hash:8aa60b22a5d30418a002b340989384dc

                          File Activities

                          Process Activities

                          System Activities

                          Start time:12:10:58
                          Start date:16/10/2021
                          Path:/usr/libexec/PlistBuddy
                          Arguments:/usr/libexec/PlistBuddy /Applications/PopcornTime.app/Contents/Info.plist -c Print CFBundleVersion
                          File size:41152 bytes
                          MD5 hash:dc74460b36c41234337e907d4f151e4c