macOS
Analysis Report
DesktopServicesHelper
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Analysis Advice
Standard error output suggests that the sample could not be started due to dynamic linking errors, update the analysis machine or analyze on different analysis machine. |
Exit code information suggests that the sample terminated abnormally, try to lookup the sample's target architecture. |
Non-zero exit code suggests an error during the execution. Lookup the error code for hints. |
Exit code suggests that the sample could not be started, try to look at standard streams or writes to anonymous pipes for possible reason. |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 563409 |
Start date: | 31.01.2022 |
Start time: | 16:18:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | DesktopServicesHelper |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
Analysis Mode: | default |
Detection: | CLEAN |
Classification: | clean1.mac@0/0@0/0 |
- Excluded IPs from analysis (whitelisted): 104.92.88.33, 184.87.213.132
- Excluded domains from analysis (whitelisted): cds-cdn.v.aaplimg.com, cds.apple.com.edgekey.net, e11408.d.akamaiedge.net, cds.apple.com.akadns.net, help.origin-apple.com.akadns.net, cds.apple.com, help.apple.com, e14768.dscb.akamaiedge.net, help-ar.apple.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa
Command: | /Users/berri/Desktop/DesktopServicesHelper |
Exit Code: | 134 |
Exit Code Info: | SIGABRT (6) Abort signal from abort |
Killed: | False |
Standard Output: | |
Standard Error: | dyld: Library not loaded: /usr/lib/libfakelink.dylib Referenced from: /Users/berri/Desktop/DesktopServicesHelper Reason: image not found |
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Mach-O header: |
Source: | Mach-O header: |
Source: | Mach-O header: |
Source: | Code Signing Info: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Invalid Code Signature | 1 Input Capture | System Service Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Code Signing | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.211.5.115 | unknown | United States | 16625 | AKAMAI-ASUS | false |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
23.211.5.115 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
File type: | |
Entropy (8bit): | 6.212751546657418 |
TrID: |
|
File name: | DesktopServicesHelper |
File size: | 532192 |
MD5: | 0978c50bacd2f4874e4b38c118e38ace |
SHA1: | 5778690f4bc98159202a440942fe97ee651c289f |
SHA256: | 20ea73ae75d5b6f23f47a4143afbc6bc0e65492dbb64240ae8813684868d74e6 |
SHA512: | f2c48425043664672cb07ad134a02d2ddf8593038ca85283ae1f72fae63ac57c4bcacf9f1b21e729d9187ff8af82616925444c708cec50b79c6576b5a6f54941 |
SSDEEP: | 6144:ERHV4IVKkaiZRc5nIPwAPvkZ5gOI19iBa0GzUmBncqaDuyUXLD5fyBAXz5La3IdQ:CHPawPr8Z36hT5LKoaOlTFchkg |
File Content Preview: | ................!...0.....!.........H...__PAGEZERO..........................................................X...__TEXT...................`...............`......................__text..........__TEXT...................V..................................... |
|
General Information for header 1 | |
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x66000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x66000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA_CONST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100066000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x2000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x66000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x2000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100068000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x3000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x68000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x2000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x10006B000 |
vmsize | 0x18000 |
fileoff | 0x6A000 |
filesize | 0x17EE0 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
Name | Value |
---|---|
rebase_off | 434176 |
rebase_size | 272 |
bind_off | 434448 |
bind_size | 4304 |
weak_bind_off | 438752 |
weak_bind_size | 2440 |
lazy_bind_off | 441192 |
lazy_bind_size | 11840 |
export_off | 453032 |
export_size | 26520 |
Name | Value |
---|---|
symoff | 481624 |
nsyms | 582 |
stroff | 494692 |
strsize | 14624 |
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 1 |
iextdefsym | 1 |
nextdefsym | 32 |
iundefsym | 33 |
nundefsym | 549 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 490936 |
nindirectsyms | 939 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
Name | Value |
---|---|
name | 12 |
Datas | /usr/lib/dyld |
Name | Value |
---|---|
uuid | b'\x1b\xf0f\\2\xf4<\xf5\xbc\xd2\\\x94\xa6$\xc7\xd6' |
Name | Value |
---|---|
platform | 1 |
minos | 659200 |
sdk | 659206 |
ntools | 1 |
Datas | . |
Name | Value |
---|---|
version | 1408480838680576 |
Name | Value |
---|---|
entryoff | 77446 |
stacksize | 0 |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1061.141.1 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1.0.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/PrivateFrameworks/APFS.framework/Versions/A/APFS |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 59306.140.5 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/Security.framework/Versions/A/Security |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 52.0.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1069.24.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 228.0.0 |
compatibility_version | 1.0.0 |
Datas | /usr/lib/libobjc.A.dylib |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1.0.0 |
compatibility_version | 1.0.0 |
Datas | /usr/lib/libbsm.0.dylib |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 0.0.0 |
compatibility_version | 0.0.0 |
Datas | /usr/lib/libfakelink.dylib |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 438.3.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/PrivateFrameworks/IconServices.framework/Versions/A/IconServices |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1677.201.0 |
compatibility_version | 300.0.0 |
Datas | /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1.0.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 275.0.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 902.1.0 |
compatibility_version | 1.0.0 |
Datas | /usr/lib/libc++.1.dylib |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1281.100.1 |
compatibility_version | 1.0.0 |
Datas | /usr/lib/libSystem.B.dylib |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1677.201.0 |
compatibility_version | 150.0.0 |
Datas | /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1355.22.0 |
compatibility_version | 64.0.0 |
Datas | /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1.0.0 |
compatibility_version | 1.0.0 |
Datas | /System/Library/Frameworks/CoreText.framework/Versions/A/CoreText |
Name | Value |
---|---|
dataoff | 479552 |
datasize | 1880 |
Name | Value |
---|---|
dataoff | 481432 |
datasize | 192 |
Name | Value |
---|---|
dataoff | 509328 |
datasize | 22864 |
_AcquireIconRef |
_AuthorizationCopyRights |
_AuthorizationCreateFromExternalForm |
_CFAbsoluteTimeGetCurrent |
_CFArrayAppendValue |
_CFArrayContainsValue |
_CFArrayCreateMutable |
_CFArrayCreateMutableCopy |
_CFArrayGetCount |
_CFArrayGetTypeID |
_CFArrayGetValueAtIndex |
_CFAttributedStringCreate |
_CFAutorelease |
_CFBooleanGetTypeID |
_CFDataAppendBytes |
_CFDataCreate |
_CFDataCreateMutable |
_CFDataCreateWithBytesNoCopy |
_CFDataGetBytePtr |
_CFDataGetBytes |
_CFDataGetLength |
_CFDateCompare |
_CFDateCreate |
_CFDateGetAbsoluteTime |
_CFDictionaryAddValue |
_CFDictionaryContainsKey |
_CFDictionaryCreateMutable |
_CFDictionaryCreateMutableCopy |
_CFDictionaryGetTypeID |
_CFDictionaryGetValue |
_CFDictionaryRemoveValue |
_CFDictionarySetValue |
_CFEqual |
_CFErrorCopyUserInfo |
_CFErrorCreate |
_CFErrorGetCode |
_CFErrorGetDomain |
_CFFileSecurityClearProperties |
_CFFileSecurityCopyAccessControlList |
_CFFileSecurityCreate |
_CFFileSecurityCreateCopy |
_CFFileSecurityGetGroup |
_CFFileSecurityGetMode |
_CFFileSecurityGetOwner |
_CFFileSecuritySetAccessControlList |
_CFFileSecuritySetGroup |
_CFFileSecuritySetMode |
_CFFileSecuritySetOwner |
_CFGetTypeID |
_CFNumberGetTypeID |
_CFNumberGetValue |
_CFPreferencesCopyAppValue |
_CFPreferencesGetAppBooleanValue |
_CFPreferencesGetAppIntegerValue |
_CFPropertyListCreateWithData |
_CFPropertyListCreateWithStream |
_CFPropertyListWrite |
_CFReadStreamClose |
_CFReadStreamCreateWithFile |
_CFReadStreamOpen |
_CFRelease |
_CFRetain |
_CFRunLoopGetMain |
_CFRunLoopRun |
_CFRunLoopStop |
_CFSetAddValue |
_CFSetContainsValue |
_CFSetCreateMutable |
_CFSetGetCount |
_CFStringAppend |
_CFStringAppendCString |
_CFStringAppendCharacters |
_CFStringCompare |
_CFStringCompareWithOptions |
_CFStringCreateMutableCopy |
_CFStringCreateWithBytes |
_CFStringCreateWithCString |
_CFStringCreateWithCharacters |
_CFStringCreateWithSubstring |
_CFStringGetCString |
_CFStringGetCStringPtr |
_CFStringGetCharacterAtIndex |
_CFStringGetCharacters |
_CFStringGetCharactersPtr |
_CFStringGetLength |
_CFStringGetTypeID |
_CFStringHasPrefix |
_CFURLClearResourcePropertyCache |
_CFURLCopyFileSystemPath |
_CFURLCopyLastPathComponent |
_CFURLCopyResourcePropertiesForKeys |
_CFURLCopyResourcePropertyForKey |
_CFURLCreateBookmarkData |
_CFURLCreateCopyDeletingLastPathComponent |
_CFURLCreateFilePathURL |
_CFURLCreateFromFileSystemRepresentation |
_CFURLCreateWithFileSystemPath |
_CFURLCreateWithString |
_CFURLEnumeratorCreateForDirectoryURL |
_CFURLEnumeratorGetDescendentLevel |
_CFURLEnumeratorGetNextURL |
_CFURLEnumeratorSkipDescendents |
_CFURLGetFSRef |
_CFURLGetFileSystemRepresentation |
_CFURLGetString |
_CFURLGetTypeID |
_CFURLResourceIsReachable |
_CFURLSetResourcePropertiesForKeys |
_CFURLSetResourcePropertyForKey |
_CFURLWriteBookmarkDataToFile |
_CFWriteStreamClose |
_CFWriteStreamCreateWithFile |
_CFWriteStreamOpen |
_CGBitmapContextCreate |
_CGColorCreate |
_CGColorSpaceCreateDeviceGray |
_CGColorSpaceRelease |
_CGContextFlush |
_CGContextRelease |
_CGContextSetTextPosition |
_CSBackupMobileIteratorCreateWithOptions |
_CSBackupMobileIteratorGetNextURLWithFlags |
_CSBackupMobileIteratorSkipDescendents |
_CTFontCreateWithName |
_CTLineCreateWithAttributedString |
_CTLineDraw |
_CTLineGetImageBounds |
_DADiskCopyIOMedia |
_DADiskCreateFromBSDName |
_DASessionCreate |
_FSGetResourceForkName |
_FSGetVolumeInfo |
_IOObjectRelease |
_IORegistryEntrySearchCFProperty |
_LMGetBootDrive |
_LSRegisterURL |
_NSFileGroupOwnerAccountID |
_NSFileOwnerAccountID |
_NSFilePosixPermissions |
_NSLocalizedDescriptionKey |
_NSPOSIXErrorDomain |
_NSProgressFileOperationKindKey |
_NSProgressFileURLKey |
_NSProgressKindFile |
_NSURLContentModificationDateKey |
_NSURLFileSizeKey |
_NSURLIsDirectoryKey |
_NSURLIsHiddenKey |
_NSURLNameKey |
_NSURLVolumeLocalizedNameKey |
_NSURLVolumeUUIDStringKey |
_OBJC_CLASS_$_NSArray |
_OBJC_CLASS_$_NSAssertionHandler |
_OBJC_CLASS_$_NSDate |
_OBJC_CLASS_$_NSDateFormatter |
_OBJC_CLASS_$_NSDictionary |
_OBJC_CLASS_$_NSError |
_OBJC_CLASS_$_NSFileCoordinator |
_OBJC_CLASS_$_NSFileManager |
_OBJC_CLASS_$_NSMutableArray |
_OBJC_CLASS_$_NSMutableDictionary |
_OBJC_CLASS_$_NSMutableSet |
_OBJC_CLASS_$_NSNumber |
_OBJC_CLASS_$_NSObject |
_OBJC_CLASS_$_NSProgress |
_OBJC_CLASS_$_NSSet |
_OBJC_CLASS_$_NSString |
_OBJC_CLASS_$_NSTask |
_OBJC_CLASS_$_NSURL |
_OBJC_CLASS_$_NSUUID |
_OBJC_EHTYPE_$_NSException |
_OBJC_METACLASS_$_NSObject |
_RMFSCreateResourceFile |
_ReleaseIconRef |
_SCDynamicStoreCopyComputerName |
_SecTaskCopyValueForEntitlement |
_SecTaskCreateWithAuditToken |
__Block_object_assign |
__Block_object_dispose |
__Block_release |
__CFFileSecurityGetFilesec |
__CFURLCopyLogicalNameOfPromiseAtURL |
__CFURLCopyLogicalURLOfPromiseAtURL |
__CFURLCopyResourcePropertyValuesAndFlags |
__CFURLGetResourcePropertyFlags |
__CFURLGetVolumePropertyFlags |
__CFURLIsFileURL |
__CFURLIsPromiseName |
__CFURLIsProtectedDirectory |
__CSBackupCopyBackupItemsForBUItem |
__CSBackupSystemVersionCompare |
__CSBackupURLIsBackupItem |
__FSFileSecurityCreateForFileFromDirectory |
__FSGetVolumePermissions |
__FSSetVolumePermissions |
__LSCopyApplicationsWithPath |
__LSGetShowAllExtensionsPreference |
__LSSetApplicationCategories |
__LSUnregisterURL |
__MDItemRemoveAttributesWithURL |
__MDItemSetAttributesWithURL |
__MDResumeIndexingDirectory |
__MDSuspendIndexingDirectory |
__NSConcreteGlobalBlock |
__NSConcreteStackBlock |
__Unwind_Resume |
__ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEmmPKcm |
__ZNKSt3__119__shared_weak_count13__get_deleterERKSt9type_info |
__ZNKSt3__120__vector_base_commonILb1EE20__throw_length_errorEv |
__ZNKSt3__120__vector_base_commonILb1EE20__throw_out_of_rangeEv |
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv |
__ZNKSt9exception4whatEv |
__ZNSt11logic_errorC2EPKc |
__ZNSt12length_errorD1Ev |
__ZNSt12out_of_rangeD1Ev |
__ZNSt3__112__next_primeEm |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_ |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSERKS5_ |
__ZNSt3__118condition_variable10notify_allEv |
__ZNSt3__118condition_variable15__do_timed_waitERNS_11unique_lockINS_5mutexEEENS_6chrono10time_pointINS5_12system_clockENS5_8durationIxNS_5ratioILl1ELl1000000000EEEEEEE |
__ZNSt3__118condition_variable4waitERNS_11unique_lockINS_5mutexEEE |
__ZNSt3__118condition_variableD1Ev |
__ZNSt3__119__shared_weak_count14__release_weakEv |
__ZNSt3__119__shared_weak_countD2Ev |
__ZNSt3__120__throw_system_errorEiPKc |
__ZNSt3__15mutex4lockEv |
__ZNSt3__15mutex6unlockEv |
__ZNSt3__15mutexD1Ev |
__ZNSt3__16__sortIRNS_6__lessIxxEEPxEEvT0_S5_T_ |
__ZNSt3__16__sortIRNS_6__lessIyyEEPyEEvT0_S5_T_ |
__ZNSt3__16chrono12steady_clock3nowEv |
__ZNSt3__16chrono12system_clock3nowEv |
__ZNSt3__16stoullERKNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEPmi |
__ZNSt9exceptionD2Ev |
__ZSt9terminatev |
__ZTI18TOperationReporter |
__ZTI39TDesktopServicesHelperOperationReporter |
__ZTI9ICollator |
__ZTINSt3__110__function6__baseIFNS_10shared_ptrI10TCFURLInfoEE19ECloneRestoreActionS4_EEE |
__ZTINSt3__110__function6__baseIFNS_8optionalI12TCloneFamilyEEvEEE |
__ZTINSt3__110__function6__baseIFvvEEE |
__ZTINSt3__117bad_function_callE |
__ZTINSt3__119__shared_weak_countE |
__ZTINSt3__120__shared_ptr_emplaceI10TCFURLInfoNS_9allocatorIS1_EEEE |
__ZTINSt3__120__shared_ptr_emplaceI14TCFURLInfoListNS_9allocatorIS1_EEEE |
__ZTINSt3__120__shared_ptr_emplaceINS_5mutexENS_9allocatorIS1_EEEE |
__ZTINSt3__120__shared_ptr_emplaceINS_6vectorI7TExtentNS_9allocatorIS2_EEEENS3_IS5_EEEE |
__ZTINSt3__120__shared_ptr_pointerIP10TCFURLInfoNS_14default_deleteIS1_EENS_9allocatorIS1_EEEE |
__ZTINSt3__120__shared_ptr_pointerIP14TCFURLInfoListNS_14default_deleteIS1_EENS_9allocatorIS1_EEEE |
__ZTINSt3__120__shared_ptr_pointerIPNS_6vectorI7TExtentNS_9allocatorIS2_EEEENS_14default_deleteIS5_EENS3_IS5_EEEE |
__ZTISt12length_error |
__ZTISt12out_of_range |
__ZTISt9exception |
__ZTIi |
__ZTS18TOperationReporter |
__ZTS39TDesktopServicesHelperOperationReporter |
__ZTS9ICollator |
__ZTSNSt3__110__function6__baseIFNS_10shared_ptrI10TCFURLInfoEE19ECloneRestoreActionS4_EEE |
__ZTSNSt3__110__function6__baseIFNS_8optionalI12TCloneFamilyEEvEEE |
__ZTSNSt3__110__function6__baseIFvvEEE |
__ZTSNSt3__114default_deleteI10TCFURLInfoEE |
__ZTSNSt3__114default_deleteI14TCFURLInfoListEE |
__ZTSNSt3__114default_deleteINS_6vectorI7TExtentNS_9allocatorIS2_EEEEEE |
__ZTSNSt3__117bad_function_callE |
__ZTSNSt3__120__shared_ptr_emplaceI10TCFURLInfoNS_9allocatorIS1_EEEE |
__ZTSNSt3__120__shared_ptr_emplaceI14TCFURLInfoListNS_9allocatorIS1_EEEE |
__ZTSNSt3__120__shared_ptr_emplaceINS_5mutexENS_9allocatorIS1_EEEE |
__ZTSNSt3__120__shared_ptr_emplaceINS_6vectorI7TExtentNS_9allocatorIS2_EEEENS3_IS5_EEEE |
__ZTSNSt3__120__shared_ptr_pointerIP10TCFURLInfoNS_14default_deleteIS1_EENS_9allocatorIS1_EEEE |
__ZTSNSt3__120__shared_ptr_pointerIP14TCFURLInfoListNS_14default_deleteIS1_EENS_9allocatorIS1_EEEE |
__ZTSNSt3__120__shared_ptr_pointerIPNS_6vectorI7TExtentNS_9allocatorIS2_EEEENS_14default_deleteIS5_EENS3_IS5_EEEE |
__ZTVN10__cxxabiv116__enum_type_infoE |
__ZTVN10__cxxabiv117__class_type_infoE |
__ZTVN10__cxxabiv120__si_class_type_infoE |
__ZTVSt12length_error |
__ZTVSt12out_of_range |
__ZdaPv |
__ZdlPv |
__Znam |
__Znwm |
___CFConstantStringClassReference |
___CFStringIsMutable |
___NSArray0__ |
____chkstk_darwin |
___assert_rtn |
___bzero |
___carbon_delete |
___copyfile |
___cxa_allocate_exception |
___cxa_begin_catch |
___cxa_end_catch |
___cxa_free_exception |
___cxa_guard_abort |
___cxa_guard_acquire |
___cxa_guard_release |
___cxa_pure_virtual |
___cxa_rethrow |
___cxa_throw |
___error |
___gxx_personality_v0 |
___mac_set_proc |
___objc_personality_v0 |
___stack_chk_fail |
___stack_chk_guard |
___stderrp |
__dispatch_source_type_timer |
__kCFURLCloudDocsPlaceholderDictionaryKey |
__kCFURLFileAllocatedSizeOfResourceForkKey |
__kCFURLFileFlagsKey |
__kCFURLFileIDKey |
__kCFURLFileSizeOfResourceForkKey |
__kCFURLFinderInfoKey |
__kCFURLInodeNumberKey |
__kCFURLIsCompressedKey |
__kCFURLIsRestrictedKey |
__kCFURLIsSystemAppendKey |
__kCFURLIsSystemNoUnlinkKey |
__kCFURLIsUserAppendKey |
__kCFURLParentDirectoryIsVolumeRootKey |
__kCFURLVolumeIsDiskImageKey |
__kCFURLVolumeIsQuarantinedKey |
__kCFURLVolumeRefNumKey |
__kMDItemFinderLabel |
__kMDItemUserTags |
__mh_execute_header |
__objc_empty_cache |
__os_log_impl |
__qtn_file_alloc |
__qtn_file_apply_to_path |
__qtn_file_clone |
__qtn_file_free |
__qtn_file_get_flags |
__qtn_file_init_with_path |
__qtn_file_set_flags |
__qtn_xattr_name |
__xpc_error_connection_interrupted |
__xpc_error_connection_invalid |
__xpc_error_termination_imminent |
__xpc_type_connection |
__xpc_type_dictionary |
__xpc_type_error |
_abort |
_acl_add_perm |
_acl_clear_perms |
_acl_create_entry_np |
_acl_delete_entry |
_acl_dup |
_acl_free |
_acl_from_text |
_acl_get_entry |
_acl_get_flag_np |
_acl_get_flagset_np |
_acl_get_link_np |
_acl_get_perm_np |
_acl_get_permset |
_acl_get_qualifier |
_acl_get_tag_type |
_acl_init |
_acl_set_fd |
_acl_set_link_np |
_acl_set_permset |
_acl_set_qualifier |
_acl_set_tag_type |
_audit_session_join |
_audit_session_port |
_audit_token_to_au32 |
_audit_token_to_pid |
_chmod |
_clonefile |
_close |
_closedir |
_copyfile |
_csr_check |
_dispatch_async |
_dispatch_get_global_queue |
_dispatch_once |
_dispatch_queue_attr_make_with_qos_class |
_dispatch_queue_create |
_dispatch_release |
_dispatch_resume |
_dispatch_semaphore_create |
_dispatch_semaphore_signal |
_dispatch_semaphore_wait |
_dispatch_source_cancel |
_dispatch_source_create |
_dispatch_source_set_event_handler |
_dispatch_source_set_timer |
_dispatch_time |
_dlopen |
_dlsym |
_fakelink_group_add |
_fakelink_group_new |
_fakelink_group_resolve |
_fakelink_volume_new |
_fchflags |
_fchmod |
_fcntl |
_fdopendir$INODE64 |
_free |
_fremovexattr |
_fsctl |
_fsetxattr |
_fstat$INODE64 |
_ftruncate |
_fwrite |
_getattrlist |
_getenv |
_geteuid |
_getgid |
_getprogname |
_getpwuid |
_getuid |
_getxattr |
_initgroups |
_kCFAbsoluteTimeIntervalSince1904 |
_kCFAllocatorDefault |
_kCFAllocatorMalloc |
_kCFAllocatorNull |
_kCFBooleanFalse |
_kCFBooleanTrue |
_kCFErrorDomainCocoa |
_kCFErrorDomainOSStatus |
_kCFErrorDomainPOSIX |
_kCFErrorFilePathKey |
_kCFErrorUnderlyingErrorKey |
_kCFTypeArrayCallBacks |
_kCFTypeDictionaryKeyCallBacks |
_kCFTypeDictionaryValueCallBacks |
_kCFTypeSetCallBacks |
_kCFURLAddedToDirectoryDateKey |
_kCFURLAttributeModificationDateKey |
_kCFURLContentModificationDateKey |
_kCFURLCreationDateKey |
_kCFURLFileAllocatedSizeKey |
_kCFURLFileSecurityKey |
_kCFURLFileSizeKey |
_kCFURLHasHiddenExtensionKey |
_kCFURLIsAliasFileKey |
_kCFURLIsApplicationKey |
_kCFURLIsDirectoryKey |
_kCFURLIsExecutableKey |
_kCFURLIsHiddenKey |
_kCFURLIsMountTriggerKey |
_kCFURLIsPackageKey |
_kCFURLIsReadableKey |
_kCFURLIsRegularFileKey |
_kCFURLIsSymbolicLinkKey |
_kCFURLIsSystemImmutableKey |
_kCFURLIsUserImmutableKey |
_kCFURLIsVolumeKey |
_kCFURLIsWritableKey |
_kCFURLLabelNumberKey |
_kCFURLLinkCountKey |
_kCFURLLocalizedNameKey |
_kCFURLNameKey |
_kCFURLParentDirectoryURLKey |
_kCFURLTotalFileAllocatedSizeKey |
_kCFURLVolumeAvailableCapacityKey |
_kCFURLVolumeIsLocalKey |
_kCFURLVolumeMaximumFileSizeKey |
_kCFURLVolumeURLKey |
_kCFURLVolumeUUIDStringKey |
_kCTFontAttributeName |
_kCTForegroundColorAttributeName |
_lchflags |
_lchown |
_link |
_listxattr |
_lseek |
_lstat$INODE64 |
_mach_absolute_time |
_mach_error_string |
_mach_port_deallocate |
_mach_task_self_ |
_mach_timebase_info |
_malloc |
_mbr_gid_to_uuid |
_mbr_uid_to_uuid |
_memcmp |
_memcpy |
_memmove |
_mkdir |
_mkdirx_np |
_notify_post |
_objc_alloc |
_objc_autorelease |
_objc_autoreleasePoolPop |
_objc_autoreleasePoolPush |
_objc_begin_catch |
_objc_end_catch |
_objc_enumerationMutation |
_objc_getClass |
_objc_msgSend |
_objc_msgSendSuper2 |
_objc_release |
_objc_retain |
_object_getClassName |
_open |
_openx_np |
_os_log_create |
_os_log_type_enabled |
_os_unfair_lock_lock |
_os_unfair_lock_unlock |
_pread |
_pthread_attr_init |
_pthread_attr_set_qos_class_np |
_pthread_attr_setdetachstate |
_pthread_create |
_pthread_getugid_np |
_pthread_mutex_init |
_pthread_mutex_lock |
_pthread_mutex_unlock |
_pthread_mutexattr_destroy |
_pthread_mutexattr_init |
_pthread_mutexattr_settype |
_pthread_setugid_np |
_pwrite |
_qos_class_self |
_readdir$INODE64 |
_readlink |
_realloc |
_removexattr |
_rename |
_renamex_np |
_rmdir |
_sandbox_check_by_audit_token |
_setattrlist |
_setiopolicy_np |
_setxattr |
_snprintf |
_stat$INODE64 |
_statfs$INODE64 |
_strchr |
_strcmp |
_strerror |
_strlcat |
_strlcpy |
_strlen |
_strncasecmp |
_strncmp |
_strstr |
_strtoul |
_symlink |
_sysctlbyname |
_truncate |
_unlink |
_unlinkat |
_usleep |
_valloc |
_vasprintf |
_xattr_name_with_flags |
_xattr_preserve_for_intent |
_xpc_array_get_count |
_xpc_array_get_data |
_xpc_array_get_string |
_xpc_connection_create_mach_service |
_xpc_connection_get_asid |
_xpc_connection_get_egid |
_xpc_connection_get_euid |
_xpc_connection_resume |
_xpc_connection_send_message |
_xpc_connection_send_message_with_reply_sync |
_xpc_connection_set_event_handler |
_xpc_connection_set_target_queue |
_xpc_dictionary_create |
_xpc_dictionary_create_reply |
_xpc_dictionary_get_audit_token |
_xpc_dictionary_get_bool |
_xpc_dictionary_get_data |
_xpc_dictionary_get_double |
_xpc_dictionary_get_int64 |
_xpc_dictionary_get_string |
_xpc_dictionary_get_uint64 |
_xpc_dictionary_get_value |
_xpc_dictionary_set_bool |
_xpc_dictionary_set_int64 |
_xpc_dictionary_set_string |
_xpc_dictionary_set_uint64 |
_xpc_get_type |
dyld_stub_binder |
radr://5614542 |
_AcquireIconRef |
_AuthorizationCopyRights |
_AuthorizationCreateFromExternalForm |
_CFAbsoluteTimeGetCurrent |
_CFArrayAppendValue |
_CFArrayContainsValue |
_CFArrayCreateMutable |
_CFArrayCreateMutableCopy |
_CFArrayGetCount |
_CFArrayGetTypeID |
_CFArrayGetValueAtIndex |
_CFAttributedStringCreate |
_CFAutorelease |
_CFBooleanGetTypeID |
_CFDataAppendBytes |
_CFDataCreate |
_CFDataCreateMutable |
_CFDataCreateWithBytesNoCopy |
_CFDataGetBytePtr |
_CFDataGetBytes |
_CFDataGetLength |
_CFDateCompare |
_CFDateCreate |
_CFDateGetAbsoluteTime |
_CFDictionaryAddValue |
_CFDictionaryContainsKey |
_CFDictionaryCreateMutable |
_CFDictionaryCreateMutableCopy |
_CFDictionaryGetTypeID |
_CFDictionaryGetValue |
_CFDictionaryRemoveValue |
_CFDictionarySetValue |
_CFEqual |
_CFErrorCopyUserInfo |
_CFErrorCreate |
_CFErrorGetCode |
_CFErrorGetDomain |
_CFFileSecurityClearProperties |
_CFFileSecurityCopyAccessControlList |
_CFFileSecurityCreate |
_CFFileSecurityCreateCopy |
_CFFileSecurityGetGroup |
_CFFileSecurityGetMode |
_CFFileSecurityGetOwner |
_CFFileSecuritySetAccessControlList |
_CFFileSecuritySetGroup |
_CFFileSecuritySetMode |
_CFFileSecuritySetOwner |
_CFGetTypeID |
_CFNumberGetTypeID |
_CFNumberGetValue |
_CFPreferencesCopyAppValue |
_CFPreferencesGetAppBooleanValue |
_CFPreferencesGetAppIntegerValue |
_CFPropertyListCreateWithData |
_CFPropertyListCreateWithStream |
_CFPropertyListWrite |
_CFReadStreamClose |
_CFReadStreamCreateWithFile |
_CFReadStreamOpen |
_CFRelease |
_CFRetain |
_CFRunLoopGetMain |
_CFRunLoopRun |
_CFRunLoopStop |
_CFSetAddValue |
_CFSetContainsValue |
_CFSetCreateMutable |
_CFSetGetCount |
_CFStringAppend |
_CFStringAppendCString |
_CFStringAppendCharacters |
_CFStringCompare |
_CFStringCompareWithOptions |
_CFStringCreateMutableCopy |
_CFStringCreateWithBytes |
_CFStringCreateWithCString |
_CFStringCreateWithCharacters |
_CFStringCreateWithSubstring |
_CFStringGetCString |
_CFStringGetCStringPtr |
_CFStringGetCharacterAtIndex |
_CFStringGetCharacters |
_CFStringGetCharactersPtr |
_CFStringGetLength |
_CFStringGetTypeID |
_CFStringHasPrefix |
_CFURLClearResourcePropertyCache |
_CFURLCopyFileSystemPath |
_CFURLCopyLastPathComponent |
_CFURLCopyResourcePropertiesForKeys |
_CFURLCopyResourcePropertyForKey |
_CFURLCreateBookmarkData |
_CFURLCreateCopyDeletingLastPathComponent |
_CFURLCreateFilePathURL |
_CFURLCreateFromFileSystemRepresentation |
_CFURLCreateWithFileSystemPath |
_CFURLCreateWithString |
_CFURLEnumeratorCreateForDirectoryURL |
_CFURLEnumeratorGetDescendentLevel |
_CFURLEnumeratorGetNextURL |
_CFURLEnumeratorSkipDescendents |
_CFURLGetFSRef |
_CFURLGetFileSystemRepresentation |
_CFURLGetString |
_CFURLGetTypeID |
_CFURLResourceIsReachable |
_CFURLSetResourcePropertiesForKeys |
_CFURLSetResourcePropertyForKey |
_CFURLWriteBookmarkDataToFile |
_CFWriteStreamClose |
_CFWriteStreamCreateWithFile |
_CFWriteStreamOpen |
_CGBitmapContextCreate |
_CGColorCreate |
_CGColorSpaceCreateDeviceGray |
_CGColorSpaceRelease |
_CGContextFlush |
_CGContextRelease |
_CGContextSetTextPosition |
_CSBackupMobileIteratorCreateWithOptions |
_CSBackupMobileIteratorGetNextURLWithFlags |
_CSBackupMobileIteratorSkipDescendents |
_CTFontCreateWithName |
_CTLineCreateWithAttributedString |
_CTLineDraw |
_CTLineGetImageBounds |
_DADiskCopyIOMedia |
_DADiskCreateFromBSDName |
_DASessionCreate |
_FSGetResourceForkName |
_FSGetVolumeInfo |
_IOObjectRelease |
_IORegistryEntrySearchCFProperty |
_LMGetBootDrive |
_LSRegisterURL |
_RMFSCreateResourceFile |
_ReleaseIconRef |
_SCDynamicStoreCopyComputerName |
_SecTaskCopyValueForEntitlement |
_SecTaskCreateWithAuditToken |
__Block_object_assign |
__Block_object_dispose |
__Block_release |
__CFFileSecurityGetFilesec |
__CFURLCopyLogicalNameOfPromiseAtURL |
__CFURLCopyLogicalURLOfPromiseAtURL |
__CFURLCopyResourcePropertyValuesAndFlags |
__CFURLGetResourcePropertyFlags |
__CFURLGetVolumePropertyFlags |
__CFURLIsFileURL |
__CFURLIsPromiseName |
__CFURLIsProtectedDirectory |
__CSBackupCopyBackupItemsForBUItem |
__CSBackupSystemVersionCompare |
__CSBackupURLIsBackupItem |
__FSFileSecurityCreateForFileFromDirectory |
__FSGetVolumePermissions |
__FSSetVolumePermissions |
__LSCopyApplicationsWithPath |
__LSGetShowAllExtensionsPreference |
__LSSetApplicationCategories |
__LSUnregisterURL |
__MDItemRemoveAttributesWithURL |
__MDItemSetAttributesWithURL |
__MDResumeIndexingDirectory |
__MDSuspendIndexingDirectory |
__Unwind_Resume |
__ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEmmPKcm |
__ZNKSt3__120__vector_base_commonILb1EE20__throw_length_errorEv |
__ZNKSt3__120__vector_base_commonILb1EE20__throw_out_of_rangeEv |
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv |
__ZNSt11logic_errorC2EPKc |
__ZNSt3__112__next_primeEm |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_ |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEaSERKS5_ |
__ZNSt3__118condition_variable10notify_allEv |
__ZNSt3__118condition_variable15__do_timed_waitERNS_11unique_lockINS_5mutexEEENS_6chrono10time_pointINS5_12system_clockENS5_8durationIxNS_5ratioILl1ELl1000000000EEEEEEE |
__ZNSt3__118condition_variable4waitERNS_11unique_lockINS_5mutexEEE |
__ZNSt3__118condition_variableD1Ev |
__ZNSt3__119__shared_weak_count14__release_weakEv |
__ZNSt3__119__shared_weak_countD2Ev |
__ZNSt3__120__throw_system_errorEiPKc |
__ZNSt3__15mutex4lockEv |
__ZNSt3__15mutex6unlockEv |
__ZNSt3__15mutexD1Ev |
__ZNSt3__16__sortIRNS_6__lessIxxEEPxEEvT0_S5_T_ |
__ZNSt3__16__sortIRNS_6__lessIyyEEPyEEvT0_S5_T_ |
__ZNSt3__16chrono12steady_clock3nowEv |
__ZNSt3__16chrono12system_clock3nowEv |
__ZNSt3__16stoullERKNS_12basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEEPmi |
__ZNSt9exceptionD2Ev |
__ZSt9terminatev |
___CFStringIsMutable |
___assert_rtn |
___bzero |
___carbon_delete |
___copyfile |
___cxa_allocate_exception |
___cxa_begin_catch |
___cxa_end_catch |
___cxa_free_exception |
___cxa_guard_abort |
___cxa_guard_acquire |
___cxa_guard_release |
___cxa_rethrow |
___cxa_throw |
___error |
___mac_set_proc |
___stack_chk_fail |
__os_log_impl |
__qtn_file_alloc |
__qtn_file_apply_to_path |
__qtn_file_clone |
__qtn_file_free |
__qtn_file_get_flags |
__qtn_file_init_with_path |
__qtn_file_set_flags |
_abort |
_acl_add_perm |
_acl_clear_perms |
_acl_create_entry_np |
_acl_delete_entry |
_acl_dup |
_acl_free |
_acl_from_text |
_acl_get_entry |
_acl_get_flag_np |
_acl_get_flagset_np |
_acl_get_link_np |
_acl_get_perm_np |
_acl_get_permset |
_acl_get_qualifier |
_acl_get_tag_type |
_acl_init |
_acl_set_fd |
_acl_set_link_np |
_acl_set_permset |
_acl_set_qualifier |
_acl_set_tag_type |
_audit_session_join |
_audit_session_port |
_audit_token_to_au32 |
_audit_token_to_pid |
_chmod |
_clonefile |
_close |
_closedir |
_copyfile |
_csr_check |
_dispatch_async |
_dispatch_get_global_queue |
_dispatch_once |
_dispatch_queue_attr_make_with_qos_class |
_dispatch_queue_create |
_dispatch_release |
_dispatch_resume |
_dispatch_semaphore_create |
_dispatch_semaphore_signal |
_dispatch_semaphore_wait |
_dispatch_source_cancel |
_dispatch_source_create |
_dispatch_source_set_event_handler |
_dispatch_source_set_timer |
_dispatch_time |
_dlopen |
_dlsym |
_fakelink_group_add |
_fakelink_group_new |
_fakelink_group_resolve |
_fakelink_volume_new |
_fchflags |
_fchmod |
_fcntl |
_fdopendir$INODE64 |
_free |
_fremovexattr |
_fsctl |
_fsetxattr |
_fstat$INODE64 |
_ftruncate |
_fwrite |
_getattrlist |
_getenv |
_geteuid |
_getgid |
_getprogname |
_getpwuid |
_getuid |
_getxattr |
_initgroups |
_lchflags |
_lchown |
_link |
_listxattr |
_lseek |
_lstat$INODE64 |
_mach_absolute_time |
_mach_error_string |
_mach_port_deallocate |
_mach_timebase_info |
_malloc |
_mbr_gid_to_uuid |
_mbr_uid_to_uuid |
_memcmp |
_memcpy |
_memmove |
_mkdir |
_mkdirx_np |
_notify_post |
_objc_alloc |
_objc_autorelease |
_objc_autoreleasePoolPop |
_objc_autoreleasePoolPush |
_objc_begin_catch |
_objc_end_catch |
_objc_enumerationMutation |
_objc_getClass |
_objc_msgSendSuper2 |
_object_getClassName |
_open |
_openx_np |
_os_log_create |
_os_log_type_enabled |
_os_unfair_lock_lock |
_os_unfair_lock_unlock |
_pread |
_pthread_attr_init |
_pthread_attr_set_qos_class_np |
_pthread_attr_setdetachstate |
_pthread_create |
_pthread_getugid_np |
_pthread_mutex_init |
_pthread_mutex_lock |
_pthread_mutex_unlock |
_pthread_mutexattr_destroy |
_pthread_mutexattr_init |
_pthread_mutexattr_settype |
_pthread_setugid_np |
_pwrite |
_qos_class_self |
_readdir$INODE64 |
_readlink |
_realloc |
_removexattr |
_rename |
_renamex_np |
_rmdir |
_sandbox_check_by_audit_token |
_setattrlist |
_setiopolicy_np |
_setxattr |
_snprintf |
_stat$INODE64 |
_statfs$INODE64 |
_strchr |
_strcmp |
_strerror |
_strlcat |
_strlcpy |
_strlen |
_strncasecmp |
_strncmp |
_strstr |
_strtoul |
_symlink |
_sysctlbyname |
_truncate |
_unlink |
_unlinkat |
_usleep |
_valloc |
_vasprintf |
_xattr_name_with_flags |
_xattr_preserve_for_intent |
_xpc_array_get_count |
_xpc_array_get_data |
_xpc_array_get_string |
_xpc_connection_create_mach_service |
_xpc_connection_get_asid |
_xpc_connection_get_egid |
_xpc_connection_get_euid |
_xpc_connection_resume |
_xpc_connection_send_message |
_xpc_connection_send_message_with_reply_sync |
_xpc_connection_set_event_handler |
_xpc_connection_set_target_queue |
_xpc_dictionary_create |
_xpc_dictionary_create_reply |
_xpc_dictionary_get_audit_token |
_xpc_dictionary_get_bool |
_xpc_dictionary_get_data |
_xpc_dictionary_get_double |
_xpc_dictionary_get_int64 |
_xpc_dictionary_get_string |
_xpc_dictionary_get_uint64 |
_xpc_dictionary_get_value |
_xpc_dictionary_set_bool |
_xpc_dictionary_set_int64 |
_xpc_dictionary_set_string |
_xpc_dictionary_set_uint64 |
_xpc_get_type |
Download Network PCAP: filtered – full
- Total Packets: 7
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 31, 2022 16:19:27.409244061 CET | 49276 | 443 | 192.168.11.11 | 17.122.193.88 |
Jan 31, 2022 16:19:27.409342051 CET | 49276 | 443 | 192.168.11.11 | 17.122.193.88 |
Jan 31, 2022 16:19:27.551099062 CET | 443 | 49276 | 17.122.193.88 | 192.168.11.11 |
Jan 31, 2022 16:19:27.551167011 CET | 443 | 49276 | 17.122.193.88 | 192.168.11.11 |
Jan 31, 2022 16:19:27.551752090 CET | 49276 | 443 | 192.168.11.11 | 17.122.193.88 |
Jan 31, 2022 16:19:54.660268068 CET | 49285 | 80 | 192.168.11.11 | 17.253.5.206 |
Jan 31, 2022 16:19:54.660371065 CET | 49287 | 80 | 192.168.11.11 | 23.211.5.115 |
Jan 31, 2022 16:19:54.669586897 CET | 80 | 49287 | 23.211.5.115 | 192.168.11.11 |
Jan 31, 2022 16:19:54.670265913 CET | 49287 | 80 | 192.168.11.11 | 23.211.5.115 |
Jan 31, 2022 16:19:54.832294941 CET | 80 | 49285 | 17.253.5.206 | 192.168.11.11 |
Jan 31, 2022 16:19:54.832954884 CET | 49285 | 80 | 192.168.11.11 | 17.253.5.206 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 31, 2022 16:19:57.452214956 CET | 53 | 53716 | 1.1.1.1 | 192.168.11.11 |
System Behavior
Start time: | 16:19:29 |
Start date: | 31/01/2022 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | n/a |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
Start time: | 16:19:29 |
Start date: | 31/01/2022 |
Path: | /Users/berri/Desktop/DesktopServicesHelper |
Arguments: | /Users/berri/Desktop/DesktopServicesHelper |
File size: | 532192 bytes |
MD5 hash: | 0978c50bacd2f4874e4b38c118e38ace |