Edit tour

macOS Analysis Report
CalendlyApp

Overview

General Information

Sample name:	CalendlyApp
Analysis ID:	1541759
MD5:	55c70b5d0cebb28d0ba3e21a6b065884
SHA1:	15e4f1227b9c76400dc15f39a22c553065c62fd6
SHA256:	a697503c8d77ad21f30eb9e5efbbb50b2fa20237931072bc66101292c4eb6d4b
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Executes Apple scripts that request for passwords (for privilege escalation or leakage)

Executes the "dscl" command with authonly argument (probably to verify the login password)

Uses Apple scripts to hide Terminal windows

Contains symbols with suspicious names likely related to networking

Executes Apple scripts and/or other OSA language scripts with shell command 'osascript'

Executes commands using a shell command-line interpreter

Executes the "mkdir" command used to create folders

Executes the "system_profiler" command used to collect detailed system hardware and software information

Queries OS software version with shell command 'sw_vers'

Reads file resource fork extended attributes

Reads hardware related sysctl values

Reads the saved state of applications

Reads the sysctl hardware model value (potentially used for VM-detection)

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Reads the systems OS release and/or type

Reads the systems hostname

Sample is a FAT Mach-O sample containing binaries for multiple architectures

Sample is code signed by an ad-hoc signature

Uses AppleScript framework/components containing Apple Script related functionalities

Uses AppleScript scripting additions containing additional functionalities for Apple Scripts

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541759
Start date and time:	2024-10-25 05:31:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultmacfilecookbook.jbs
Analysis system description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.14
CPU architecture:	x86_64
Analysis Mode:	default
Sample name:	CalendlyApp
Detection:	MAL
Classification:	mal60.spyw.evad.mac@0/6@1/0

Warnings

Excluded IPs from analysis (whitelisted): 23.199.49.152, 17.253.97.202, 17.253.97.204, 17.36.200.79, 17.253.27.201, 23.57.0.29, 17.253.97.205
Excluded domains from analysis (whitelisted): e11408.d.akamaiedge.net, lcdn-locator-usuqo.apple.com.akadns.net, updates.cdn-apple.com.akadns.net, e673.dsce9.akamaiedge.net, help-ar.apple.com.edgekey.net, crl.apple.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, valid.apple.com, lcdn-locator.apple.com.akadns.net, valid.origin-apple.com.akadns.net, help.origin-apple.com.akadns.net, valid-apple.g.aaplimg.com, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, itunes.apple.com.edgekey.net, help.apple.com, init.itunes.apple.com, updates.cdn-apple.com, init-cdn.itunes-apple.com.akadns.net

Runtime Messages

Command:	/Users/bernard/Desktop/CalendlyApp
PID:	621
Exit Code:
Exit Code Info:
Killed:	True
Standard Output:
Standard Error:	<dscl_cmd> DS Error: -14090 (eDSAuthFailed)

Process Tree

System is macvm-mojave

xpcproxy New Fork (PID: 611, Parent: 1)

nsurlstoraged (MD5: 321b0a40e24b45f0af49ba42742b3f64) Arguments: /usr/libexec/nsurlstoraged --privileged

mono-sgen32 New Fork (PID: 621, Parent: 537)

CalendlyApp (MD5: 55c70b5d0cebb28d0ba3e21a6b065884) Arguments: /Users/bernard/Desktop/CalendlyApp

sh New Fork (PID: 622, Parent: 621)

osascript (MD5: f13b7c85f3c1c08fae3b709a536281a1) Arguments: osascript -e tell application 'Terminal' to set visible of front window to false

sh New Fork (PID: 623, Parent: 621)

mkdir (MD5: bbbaafd2a4d7dcb9ddd178d814fea708) Arguments: mkdir /Users/root/570944017

sh New Fork (PID: 624, Parent: 621)

sw_vers (MD5: b1a0821a52f96765ef7bc349eaaa2acf) Arguments: sw_vers

sh New Fork (PID: 625, Parent: 621)

system_profiler (MD5: 271feb2b4c0447da2b7ac523f13a4824) Arguments: system_profiler SPHardwareDataType

system_profiler New Fork (PID: 626, Parent: 625)

sh New Fork (PID: 627, Parent: 621)

system_profiler (MD5: 271feb2b4c0447da2b7ac523f13a4824) Arguments: system_profiler SPDisplaysDataType

system_profiler New Fork (PID: 628, Parent: 627)

sh New Fork (PID: 629, Parent: 621)

dscl (MD5: 9a2337f2a5a6271e0187153296de3c9f) Arguments: dscl /Local/Default -authonly root

sh New Fork (PID: 630, Parent: 621)

osascript (MD5: f13b7c85f3c1c08fae3b709a536281a1) Arguments: osascript -e display dialog 'To launch the application, you need to update the system settings \n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer

sh New Fork (PID: 652, Parent: 621)

osascript (MD5: f13b7c85f3c1c08fae3b709a536281a1) Arguments: osascript -e display dialog 'To launch the application, you need to update the system settings You entered an invalid password.\n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer

xpcproxy New Fork (PID: 632, Parent: 1)

dirhelper (MD5: 23edb05ab305e115e8874baa5b1e3004) Arguments: /usr/libexec/dirhelper

xpcproxy New Fork (PID: 654, Parent: 1)

eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: CalendlyApp	ReversingLabs: Detection: 31%
Source: CalendlyApp	Virustotal: Detection: 47%			Perma Link

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.253.97.206:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49401 version: TLS 1.2

Source: submission: CalendlyApp	Mach-O symbol: _send
Source: submission: CalendlyApp	Mach-O symbol: _socket
Source: submission: CalendlyApp	Mach-O symbol: _connect
Source: submission: CalendlyApp	Mach-O symbol: _inet_addr
Source: submission: CalendlyApp	Mach-O symbol: _send
Source: submission: CalendlyApp	Mach-O symbol: _socket
Source: submission: CalendlyApp	Mach-O symbol: _connect
Source: submission: CalendlyApp	Mach-O symbol: _inet_addr

Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.64
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.97.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.224.247
Source: unknown	TCP traffic detected without corresponding DNS query: 23.46.224.247
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: CalendlyApp, 00000621.00000258.1.000000010cbd1000.000000010cbfa000.r--.sdmp	String found in binary or memory: http://crl.apple.com/codesigning.crl0
Source: CalendlyApp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: CalendlyApp, 00000621.00000258.1.000000010cbd1000.000000010cbfa000.r--.sdmp	String found in binary or memory: http://www.apple.com/appleca/root.crl0
Source: CalendlyApp, 00000621.00000258.1.000000010cbd1000.000000010cbfa000.r--.sdmp	String found in binary or memory: http://www.apple.com/certificateauthority0
Source: CalendlyApp, 00000621.00000258.1.000000010cbd1000.000000010cbfa000.r--.sdmp	String found in binary or memory: https://www.apple.com/appleca/0

Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49381
Source: unknown	Network traffic detected: HTTP traffic on port 49386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49381 -> 443

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.253.97.206:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49386 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49401 version: TLS 1.2

Source: classification engine

Classification label: mal60.spyw.evad.mac@0/6@1/0

Source: /bin/sh (PID: 622)	Osascript command executed: osascript -e tell application 'Terminal' to set visible of front window to false	Jump to behavior
Source: /bin/sh (PID: 630)	Osascript command executed: osascript -e display dialog 'To launch the application, you need to update the system settings \n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer	Jump to behavior
Source: /bin/sh (PID: 652)	Osascript command executed: osascript -e display dialog 'To launch the application, you need to update the system settings You entered an invalid password.\n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer	Jump to behavior

Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c osascript -e 'tell application 'Terminal' to set visible of front window to false'	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c mkdir /Users/root/570944017	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c sw_vers	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c system_profiler SPHardwareDataType	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c system_profiler SPDisplaysDataType	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c dscl /Local/Default -authonly root ''	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c osascript -e 'display dialog 'To launch the application, you need to update the system settings \n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer'	Jump to behavior
Source: /Users/bernard/Desktop/CalendlyApp (PID: 621)	Shell command executed: sh -c osascript -e 'display dialog 'To launch the application, you need to update the system settings You entered an invalid password.\n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer'	Jump to behavior

Source: /bin/sh (PID: 623)

Mkdir executable: /bin/mkdir -> mkdir /Users/root/570944017

Jump to behavior

Source: /usr/bin/osascript (PID: 652)

Saved state directory opened: /private/var/root/Library/Saved Application State/com.apple.osascript.savedState

Jump to behavior

Source: submission

Source: submission

Code Signing Info: Signature=adhoc

Source: /usr/bin/osascript (PID: 622)	AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 622)	AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	AppleScript framework/component info plist opened: /System/Library/PrivateFrameworks/AppleScript.framework/Resources/Info.plist	Jump to behavior

Source: /usr/bin/osascript (PID: 622)	AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 622)	AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	AppleScript scripting addition info plist opened: /System/Library/ScriptingAdditions/Digital Hub Scripting.osax/Contents/Info.plist	Jump to behavior

Source: submission

Source: /usr/bin/osascript (PID: 622)	Random device file read: /dev/random	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	Random device file read: /dev/random	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Random device file read: /dev/random	Jump to behavior
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 654)	Random device file read: /dev/random	Jump to behavior

Source: /usr/bin/osascript (PID: 622)	AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist	Jump to behavior

Source: /usr/bin/osascript (PID: 630)	Binary plist file created: /private/var/root/Library/Saved Application State/com.apple.osascript.savedState/windows.plist
Source: /usr/bin/osascript (PID: 652)	Binary plist file created: /private/var/root/Library/Saved Application State/com.apple.osascript.savedState/restorecount.plist	Jump to dropped file
Source: /usr/bin/osascript (PID: 652)	Binary plist file created: /private/var/root/Library/Saved Application State/com.apple.osascript.savedState/windows.plist	Jump to dropped file

Source: submission

CodeSign Info: Executable=/Users/bernard/Desktop/CalendlyApp

Hooking and other Techniques for Hiding and Protection

Uses Apple scripts to hide Terminal windows

Source: /bin/sh (PID: 622)

Osascript command executed: osascript -e tell application 'Terminal' to set visible of front window to false

Jump to behavior

Source: /usr/bin/osascript (PID: 622)	Reads from a resource fork: /usr/bin/osascript/..namedfork/rsrc	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	Reads from a resource fork: /usr/bin/osascript/..namedfork/rsrc	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Reads from a resource fork: /usr/bin/osascript/..namedfork/rsrc	Jump to behavior

Source: /usr/sbin/system_profiler (PID: 626)

Sysctl read request: hw.model (6.2)

Jump to behavior

Source: /usr/bin/osascript (PID: 630)	Sysctl read request: kern.safeboot (1.66)			Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Sysctl read request: kern.safeboot (1.66)			Jump to behavior

Source: /bin/sh (PID: 624)

sw_vers executed: sw_vers

Jump to behavior

Source: /usr/sbin/system_profiler (PID: 626)	Sysctl read request: hw.cpu_freq (6.15)	Jump to behavior
Source: /usr/sbin/system_profiler (PID: 626)	Sysctl read request: hw.memsize (6.24)	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior

Source: /usr/bin/osascript (PID: 630)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior

Source: /bin/sh (PID: 622)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 623)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 624)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 625)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 627)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 629)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 630)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 652)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	Sysctl requested: kern.hostname (1.10)	Jump to behavior

Source: /usr/bin/osascript (PID: 622)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/sw_vers (PID: 624)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 630)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/osascript (PID: 652)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior

Stealing of Sensitive Information

Executes Apple scripts that request for passwords (for privilege escalation or leakage)

Source: /bin/sh (PID: 630)	Osascript requesting password: osascript -e display dialog 'To launch the application, you need to update the system settings \n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer			Jump to behavior
Source: /bin/sh (PID: 652)	Osascript requesting password: osascript -e display dialog 'To launch the application, you need to update the system settings You entered an invalid password.\n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer			Jump to behavior

Executes the "dscl" command with authonly argument (probably to verify the login password)

Source: /bin/sh (PID: 629)

Security executable: /usr/bin/dscl dscl /Local/Default -authonly root

Jump to behavior

Source: /bin/sh (PID: 625)	System_profiler executable: /usr/sbin/system_profiler system_profiler SPHardwareDataType	Jump to behavior
Source: /usr/sbin/system_profiler (PID: 625)	System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler -nospawn -xml SPHardwareDataType -detailLevel full	Jump to behavior
Source: /bin/sh (PID: 627)	System_profiler executable: /usr/sbin/system_profiler system_profiler SPDisplaysDataType	Jump to behavior
Source: /usr/sbin/system_profiler (PID: 627)	System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler -nospawn -xml SPDisplaysDataType -detailLevel full	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Scripting	1 Exploitation for Privilege Escalation	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	13 AppleScript	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Hidden Files and Directories	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Invalid Code Signature	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Code Signing	NTDS	71 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Source	Detection	Scanner	Label	Link
CalendlyApp	32%	ReversingLabs	MacOS.Infostealer.Generic
CalendlyApp	48%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
h3.apis.apple.map.fastly.net	0%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
h3.apis.apple.map.fastly.net	151.101.131.6	true	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.131.6	h3.apis.apple.map.fastly.net	United States	54113	FASTLYUS	false
151.101.195.6	unknown	United States	54113	FASTLYUS	false
23.46.224.247	unknown	United States	16625	AKAMAI-ASUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
151.101.131.6	https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	Unknown	Browse
	Constate	Get hash	malicious	Unknown	Browse
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse
	https://b3dc9.dynv6.net/en-tj/iphone	Get hash	malicious	Unknown	Browse
	https://b3dc9.dynv6.net/en-uz/mac	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse
	http://grifon.info/announce?info_hash=%08%95%AE%D1m%DD%1A%0B%CEo%C0%27%3Af%7B%14sf%3FC&peer_id=-AZ5770-SNhwkI5WcC8E&supportcrypto=1&port=51797&azudp=51797&uploaded=0&downloaded=0&left=243670495&corrupt=0&event=started&numwant=75&no_peer_id=1&compact=1&key=j9C8cT74&azver=3(87.236.16.208)	Get hash	malicious	Unknown	Browse
	https://lookerstudio.google.com/reporting/d787ae12-bf74-43b9-af2f-d8d57b4065f6/page/RpuBE?s=t1OjWts8lSQ	Get hash	malicious	Unknown	Browse
	https://l.co.uk	Get hash	malicious	Unknown	Browse
	https://ab5.dultzman.ru/453661207694068nTmWxOZPLYNVYOTMBINCEQSANMABCGVTBFIXRSRIKIYCZTF	Get hash	malicious	Unknown	Browse
151.101.195.6	https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	Unknown	Browse
	Constate	Get hash	malicious	Unknown	Browse
	iB8UZgdjgk	Get hash	malicious	CTHULHU STEALER	Browse
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse
	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse
	https://b3dc9.dynv6.net/en-uz/mac	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse
	EACA1218AC7D98866DFE1F45785598942394234D.html	Get hash	malicious	Unknown	Browse
	http://grifon.info/announce?info_hash=%08%95%AE%D1m%DD%1A%0B%CEo%C0%27%3Af%7B%14sf%3FC&peer_id=-AZ5770-SNhwkI5WcC8E&supportcrypto=1&port=51797&azudp=51797&uploaded=0&downloaded=0&left=243670495&corrupt=0&event=started&numwant=75&no_peer_id=1&compact=1&key=j9C8cT74&azver=3(87.236.16.208)	Get hash	malicious	Unknown	Browse
23.46.224.247	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse
23.46.224.247	EACA1218AC7D98866DFE1F45785598942394234D.html	Get hash	malicious	Unknown	Browse
151.101.67.6	Constate	Get hash	malicious	Unknown	Browse
	iB8UZgdjgk	Get hash	malicious	CTHULHU STEALER	Browse
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse
	sakura	Get hash	malicious	Unknown	Browse
	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bxn--dic%C2%ADesisdeba%C2%ADrin%C2%ADas%C2%AD-6%C2%ADu%C2%ADb.%E2%80%8Bor%C2%ADg%2Fsys%2Fcss%2FvzEOd74Ux6iYa/YWxldGhpYS5oZXJtb3NpbGxvQHdyaS5vcmc=	Get hash	malicious	Unknown	Browse
	https://lookerstudio.google.com/reporting/d787ae12-bf74-43b9-af2f-d8d57b4065f6/page/RpuBE?s=t1OjWts8lSQ	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
h3.apis.apple.map.fastly.net	Constate	Get hash	malicious	Unknown	Browse	151.101.67.6
	iB8UZgdjgk	Get hash	malicious	CTHULHU STEALER	Browse	151.101.67.6
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	151.101.131.6
	sakura	Get hash	malicious	Unknown	Browse	151.101.3.6
	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse	151.101.195.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==	Get hash	malicious	Unknown	Browse	151.101.3.6
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://b3dc9.dynv6.net/en-tj/iphone	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://b3dc9.dynv6.net/en-nz/itunes-gift-card-scams	Get hash	malicious	Unknown	Browse	151.101.3.6

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Unknown	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	http://toungeassociates-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	151.101.1.229
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
FASTLYUS	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Unknown	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	http://toungeassociates-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	151.101.1.229
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	la.bot.sh4.elf	Get hash	malicious	Unknown	Browse	23.210.87.183
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	104.72.132.62
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	http://toungeassociates-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.114
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
FASTLYUS	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.65.91
	file.exe	Get hash	malicious	Unknown	Browse	151.101.129.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.193.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91
	http://toungeassociates-sharepoint.com	Get hash	malicious	HTMLPhisher	Browse	151.101.1.229
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.1.91
	file.exe	Get hash	malicious	Credential Flusher	Browse	151.101.129.91

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
5c118da645babe52f060d0754256a73c	https://burlingtonenqlish.com/vm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	Constate	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	iB8UZgdjgk	Get hash	malicious	CTHULHU STEALER	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	V6QED2Q1WBYVOPE	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	sakura	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse	151.101.131.6 17.253.97.206 151.101.195.6 151.101.67.6

Process:	/Users/bernard/Desktop/CalendlyApp
File Type:	ASCII text
Category:	dropped
Size (bytes):	1073
Entropy (8bit):	4.806737564358835
Encrypted:	false
SSDEEP:	24:9INPKhNSO0Vt2HVbBTqhkrz6OvQL5UPc9eTd1gblDa9:WkOO0Vt2hBTqhs+Ok5UPcqLgZg
MD5:	E0100AB89A518CC123D0524C33EB5A90
SHA1:	6981836F0BF3612A80D68A1FA658A6F3035D73D2
SHA-256:	493A5BDA58BE80F80F1F71C2AD3340448239C041BB42FDA880C6DBF9C373C37B
SHA-512:	8046E83936641CFBAB4C9648487C26E25B37018B81B6B3211784C772C3A9F9DFB45CCA935FFB3A6689B9ABD5A40E3D1DD9F6590FEB054C09B2BD9C3DFDE7C63A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	ProductName:.Mac OS X.ProductVersion:.10.14.2.BuildVersion:.18C54..Hardware:.. Hardware Overview:.. Model Name: Mac mini. Model Identifier: Macmini8,1. Processor Speed: 3.01 GHz. Number of Processors: 1. Total Number of Cores: 2. L2 Cache (per Core): 256 KB. L3 Cache: 18 MB. Memory: 4 GB. Boot ROM Version: VirtualBox. Apple ROM Info: vboxVer_7.0.12vboxRev_159484. SMC Version (system): 2.3f35. Serial Number (system): 0. Hardware UUID: 6661EB4A-CDF0-4E32-8BDC-6B405B1B36B2...Graphics/Displays:.. Display:.. Type: GPU. VRAM (Total): 3 MB. VRAM (Dynamic, Max): . Device ID: 0xbeef. Revision ID: 0x0000. Kernel Extension Info: No Kext Loaded. Displays:. Display:. Resolution: 1024 x 768 (XGA - eXtended Graphics Array). UI Looks like: 1024 x 768. Framebuffer Depth: 24-Bit Color (ARGB8888). Main Display: Yes. Mirror: Off. Online: Yes

/private/var/root/Library/Saved Application State/com.apple.osascript.savedState/data.data

Download File

Process:	/usr/bin/osascript
File Type:	data
Category:	dropped
Size (bytes):	1248
Entropy (8bit):	7.839772174444316
Encrypted:	false
SSDEEP:	24:i5AFhBcvUXAofWVUwMTsQ3ENvE9dRmb3+3WkTIb/WtTS6PUTOYAx:22hmwAofUQ0Tb3WRtTSQUqx
MD5:	2A668B3DFB47F7782CB9D95CC437444B
SHA1:	9227972000FFEC1567081B1542173CA935EF7F17
SHA-256:	E184FB3FACBA3E03EF5B2A00697438B45E0949E6C92DE268F827313DE86AFE04
SHA-512:	36365EFDBC13F43479C5EF88C1F0AF41078AC1B8CCA0FF3989ADDA0ED9BB46D3AD0F28F49E57F7619F48BBE9D5949F5C0FA7C2A7D55B78862B3C29CFB6A02F88
Malicious:	false
Reputation:	low
Preview:	NSCR1000.........&.qXb8.g.....<../.n..T+ \|.x.../.-3..HW!...%.X6....E.D.2u..p....~pC...P[..{..o...(z.....7.\|E.....x-....@wI(..rt.d.VU.1=R.z..1n<)..~h...%<E.Q......Lx..C@.%y..@(.QyW....U!N...5w....E.3t.S..0....._s.}}.z....=K....n.Xaw...qt.......5...O.r.....~....l.< s...9...gk..F.o{6.M\%Dp.bU.K2e..;.?...Y)P.~.U..x[.9N..........kX.W...p..H.<.S^...^...:....JCv.......N%k.=`...v..oQ.B...D.p..w..}..!...~]6..H%D.34.F...1V.. #.@......H..f.....d.&J.uI@....H5...b....<Lv.....z.D...N...6..................U.D...s.Ux;\|..9%.b.7..q...O...P.-Fg.f...-.U...j...(.. .._..H.Ts.(.2Fv.\.a...+.....y.jl.a.6..o........G.y..N...a.-Y.dqn..1.x..+)\.-&...!$.<....v.....9.2.5..E.O(..72h....~.om..+..`..5.a....)o.&J..1....I.#.5%3h>^...U.,....5YF..U.q.h...#...@..r..e..#k..q}..kA.P.)&.Dr....%..P..fP:...#dv.._..C....GI........i ..v.R..J..qX....bH`..\|w...]..ZM."._.M.6.....p..C....R.U..Dj.F.N....G,.r..7p....cg.Q...l.#.o....INSCR1000....... r....c5..Q,..SN..-...

/private/var/root/Library/Saved Application State/com.apple.osascript.savedState/restorecount.plist

Download File

Process:	/usr/bin/osascript
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	79
Entropy (8bit):	4.191357344902421
Encrypted:	false
SSDEEP:	3:NbWgMGLLR0lk5lW/ltKll3:NbMgmV9t+l
MD5:	6F598DCC1FB3ED4419CBE1E75385094C
SHA1:	C04E16BC2D9F7C86F24F823CBC3435498B154D90
SHA-256:	E835FAB130C9D0A3DAB89B6D8B4E088CC8CFCF7DFF300C87B61798BA65D51133
SHA-512:	A4C297DFEEEE59595518954FC44A4180FE16BFF5074743DBC769B5C13E24E79916C1EF9F81B845972922E5472DC1561DB4101E6988CAE176AD9537BC651E92CB
Malicious:	false
Reputation:	low
Preview:	bplist00.......UcountUstartSend...,.H........!&...............................(

/private/var/root/Library/Saved Application State/com.apple.osascript.savedState/windows.plist

Download File

Process:	/usr/bin/osascript
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	828
Entropy (8bit):	6.167381470207562
Encrypted:	false
SSDEEP:	12:Qq10XGnLxGArGyW1lzgedxjaaFApp/DB+AkKEkXTfuC4G3O1cPHWXh:/+SLkPymgW8oADDFkTgTm1G3OcH2h
MD5:	FB3A43558CAD2B5DFB6BB02E7830A9C5
SHA1:	6E4BF5D618F8EB066C01ED50A72E132D197F1429
SHA-256:	BF125EAF63A0E9E3A5F670FD6118BE41D5ABA6F11125A6130EA8988250C25D3B
SHA-512:	622C41D7524A734DC11B78E1E4807E47DA182126D724A212E4E65E1D025EEE39FE95AA6C018CA299DD23661A55EC519C99DDE7FDC8D5AE688CFA32C1DF51BC74
Malicious:	false
Reputation:	low
Preview:	bplist00........................\NSDragRegionZNSWindowIDYNSDataKey_..NSUIPersistenceIsKey^NSWindowNumber]NSWindowLevel]NSWindowFrame_..NSIsAuxiliaryFullScreenWNSTitle_..NSWindowWorkspaceIDO.$......................................O......LZ2..8g....V..;.._..302 391 420 239 0 0 1024 745 ._..System PreferencesP............#$%^NSWindowZOrderZNSIsGlobal_..NSSystemVersion_..NSSystemAppearance_..NSExecutableInode..O..~f.B..t..@...... !"......O...bplist00.........X$versionX$objectsY$archiverT$top..........U$null.....V$class_..NSAppearanceName...._..NSAppearanceNameDarkAqua.....Z$classnameX$classes\NSAppearance...XNSObject_..NSKeyedArchiver...Troot.....#-27<BGNace............................................................. .-.8.B.Y.h.v.........................3.4.C.R.].o.....................................&................

Static File Info

General

File type:	Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|WEAK_DEFINES\|BINDS_TO_WEAK\|PIE>] [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|BINDS_TO_WEAK\|PIE>]
Entropy (8bit):	5.634396413644174
TrID:	Mac OS X Universal Binary executable (4004/1) 75.96% HSC music composer song (1267/141) 24.04%
File name:	CalendlyApp
File size:	442'032 bytes
MD5:	55c70b5d0cebb28d0ba3e21a6b065884
SHA1:	15e4f1227b9c76400dc15f39a22c553065c62fd6
SHA256:	a697503c8d77ad21f30eb9e5efbbb50b2fa20237931072bc66101292c4eb6d4b
SHA512:	1ba85105e706e0ab2545b81dd8e89531d91028876564713607cb3a90a21bcf059725510a0ef512d845560439867c6c00de2e27c96cb56b810ea44e2aef9beb76
SSDEEP:	12288:Qi47OyVLC1VU1xgOdGNHxtnhmdpBhHgAZmBkWwDB3ZxD/6FF:W7OoakxgOdGNHvhmdpBhHgAZmBkWw13O
TLSH:	9A948D4722BDADA1C482A17C3FCB1BE71A1179311E3095AE7F1297364E95AB0E709733
File Content Preview:	..................@.......................>....................................................................................................................................................................................................................

CodeSign Information

["Executable=/Users/bernard/Desktop/CalendlyApp","Identifier=setup-5555494473444d6fa04d3bcd8145b267da36c265","Format=Mach-O universal (x86_64 arm64)","CodeDirectory v=20400 size=1799 flags=0x2(adhoc) hashes=45+7 location=embedded","VersionPlatform=1","VersionMin=659200","VersionSDK=918784","Hash type=sha256 size=32","CandidateCDHash sha256=e88c5b4e03a368f8eda51d4f365090c6c91ef56a","Hash choices=sha256","Executable Segment base=0","Executable Segment limit=159744","Executable Segment flags=0x1","Page size=4096","CDHash=e88c5b4e03a368f8eda51d4f365090c6c91ef56a","Signature=adhoc","Info.plist=not bound","TeamIdentifier=not set","Sealed Resources=none","Internal requirements count=0 size=12"]

Static Mach Info

General Information for header 1
Endian:	little-endian
Size:	64-bit
Architecture:	x86_64
Filetype:	execute
Nbr. of load commands:	18
Entry point:	0x10001F580

segment_64 load command - aggregated: 5

Name	Value
segname	__PAGEZERO
vmaddr	0x0
vmsize	0x100000000
fileoff	0x0
filesize	0x0
maxprot	0x0
initprot	0x0
nsects	0
flags	0x0

Name

Value

segname

__TEXT

vmaddr

0x100000000

vmsize

0x27000

fileoff

0x0

filesize

0x27000

maxprot

0x5

initprot

0x5

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__text	__TEXT	0x100001530	0x22630	0x1530	6.26233387	4	0x0	0	0x80000400
__stubs	__TEXT	0x100023B60	0x258	0x23B60	3.47430657	0	0x0	0	0x80000400
__stub_helper	__TEXT	0x100023DB8	0x3D0	0x23DB8	4.49511232	0	0x0	0	0x80000400
__gcc_except_tab	__TEXT	0x100024188	0x195C	0x24188	6.22158503	2	0x0	0	0x0
__const	__TEXT	0x100025AF0	0x1184	0x25AF0	5.13070614	4	0x0	0	0x0
__cstring	__TEXT	0x100026C74	0x58	0x26C74	4.05649835	0	0x0	0	0x0
__unwind_info	__TEXT	0x100026CCC	0x330	0x26CCC	4.92626465	2	0x0	0	0x0

Name

Value

segname

__DATA_CONST

vmaddr

0x100027000

vmsize

0x1000

fileoff

0x27000

filesize

0x1000

maxprot

0x3

initprot

0x3

nsects

flags

0x10

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__got	__DATA_CONST	0x100027000	0xD0	0x27000	-0.00000000	3	0x0	0	0x0
__mod_init_func	__DATA_CONST	0x1000270D0	0x8	0x270D0	2.00000000	3	0x0	0	0x0
__const	__DATA_CONST	0x1000270D8	0x248	0x270D8	2.32466666	3	0x0	0	0x0

Name

Value

segname

__DATA

vmaddr

0x100028000

vmsize

0x1000

fileoff

0x28000

filesize

0x1000

maxprot

0x3

initprot

0x3

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__la_symbol_ptr	__DATA	0x100028000	0x300	0x28000	3.06745030	3	0x0	0	0x0
__data	__DATA	0x100028300	0x6B	0x28300	3.81116979	4	0x0	0	0x0
__bss	__DATA	0x100028370	0x18	0x0	0.00000000	3	0x0	0	0x0
__common	__DATA	0x100028388	0xC8	0x0	0.00000000	3	0x0	0	0x0

Name	Value
segname	__LINKEDIT
vmaddr	0x100029000
vmsize	0xC000
fileoff	0x29000
filesize	0x8300
maxprot	0x1
initprot	0x1
nsects	0
flags	0x0

dyld_info_only load command - aggregated: 1

Name	Value
rebase_off	167936
rebase_size	32
bind_off	167968
bind_size	1768
weak_bind_off	169736
weak_bind_size	480
lazy_bind_off	170216
lazy_bind_size	3072
export_off	173288
export_size	352

symtab load command - aggregated: 1

Name	Value
symoff	173800
nsyms	146
stroff	177024
strsize	4256

dysymtab load command - aggregated: 1

Name	Value
ilocalsym	0
nlocalsym	1
iextdefsym	1
nextdefsym	7
iundefsym	8
nundefsym	138
tocoff	0
ntoc	0
modtaboff	0
nmodtab	0
extrefsymoff	0
nextrefsyms	0
indirectsymoff	176136
nindirectsyms	222
extreloff	0
nextrel	0
locreloff	0
nlocrel	0

load_dylinker load command - aggregated: 1

Name	Value

uuid load command - aggregated: 1

Name	Value
uuid	479cc872-b4bd-3700-bf7c-4b91179aaa9a

build_version load command - aggregated: 1

Name	Value

source_version load command - aggregated: 1

Name	Value
path	0.0.0.0.0

main load command - aggregated: 1

Name	Value

load_dylib load command - aggregated: 2

Name

Value

compatibility_version

1.0.0

current_version

1700.255.5

timestamp

1970-01-01

Datas

/usr/lib/libc++.1.dylib

Name

Value

compatibility_version

1.0.0

current_version

1345.120.2

timestamp

1970-01-01

Datas

/usr/lib/libSystem.B.dylib

function_starts load command - aggregated: 1

Name	Value
dataoff	173640
datasize	160

data_in_code load command - aggregated: 1

Name	Value
dataoff	173800
datasize	0

code_signature load command - aggregated: 1

Name	Value
dataoff	181280
datasize	20192

Symbols

Name	Category	Origin	Segment Name	Bind Address	Library Name
__ZTINSt3__113basic_filebufIcNS_11char_traitsIcEEEE	EXTERNAL	LC_SYMTAB	__DATA_CONST	0x1000271B8
__ZTINSt3__114basic_ifstreamIcNS_11char_traitsIcEEEE	EXTERNAL	LC_SYMTAB	__DATA_CONST	0x100027280
__ZTINSt3__114basic_ofstreamIcNS_11char_traitsIcEEEE	EXTERNAL	LC_SYMTAB	__DATA_CONST	0x100027110
__ZTSNSt3__113basic_filebufIcNS_11char_traitsIcEEEE	EXTERNAL	LC_SYMTAB	__DATA_CONST	0x100027238
__ZTSNSt3__114basic_ifstreamIcNS_11char_traitsIcEEEE	EXTERNAL	LC_SYMTAB	__DATA_CONST	0x100027310
__ZTSNSt3__114basic_ofstreamIcNS_11char_traitsIcEEEE	EXTERNAL	LC_SYMTAB	__DATA_CONST	0x1000271A0
__mh_execute_header	EXTERNAL	LC_SYMTAB
radr://5614542	LOCAL	LC_SYMTAB
__DefaultRuneLocale	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027000	/usr/lib/libSystem.B.dylib
__Unwind_Resume	UNDEFINED	LC_SYMTAB	__DATA	0x100028000	/usr/lib/libSystem.B.dylib
__ZNKSt3__16locale9has_facetERNS0_2idE	UNDEFINED	LC_SYMTAB	__DATA	0x100028008	/usr/lib/libc++.1.dylib
__ZNKSt3__16locale9use_facetERNS0_2idE	UNDEFINED	LC_SYMTAB	__DATA	0x100028010	/usr/lib/libc++.1.dylib
__ZNKSt3__18ios_base6getlocEv	UNDEFINED	LC_SYMTAB	__DATA	0x100028018	/usr/lib/libc++.1.dylib
__ZNSt11logic_errorC2EPKc	UNDEFINED	LC_SYMTAB	__DATA	0x100028020	/usr/lib/libc++.1.dylib
__ZNSt12length_errorD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027008	/usr/lib/libc++.1.dylib
__ZNSt12out_of_rangeD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027010	/usr/lib/libc++.1.dylib
__ZNSt13runtime_errorC1ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE	UNDEFINED	LC_SYMTAB	__DATA	0x100028028	/usr/lib/libc++.1.dylib
__ZNSt13runtime_errorD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027018	/usr/lib/libc++.1.dylib
__ZNSt20bad_array_new_lengthC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028030	/usr/lib/libc++.1.dylib
__ZNSt20bad_array_new_lengthD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027020	/usr/lib/libc++.1.dylib
__ZNSt3__112__next_primeEm	UNDEFINED	LC_SYMTAB	__DATA	0x100028038	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcm	UNDEFINED	LC_SYMTAB	__DATA	0x100028040	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertEmPKcm	UNDEFINED	LC_SYMTAB	__DATA	0x100028048	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7reserveEm	UNDEFINED	LC_SYMTAB	__DATA	0x100028050	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE9push_backEc	UNDEFINED	LC_SYMTAB	__DATA	0x100028058	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027028	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5seekgExNS_8ios_base7seekdirE	UNDEFINED	LC_SYMTAB	__DATA	0x100028060	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5tellgEv	UNDEFINED	LC_SYMTAB	__DATA	0x100028068	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000272D8	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000272D0	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028070	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE3putEc	UNDEFINED	LC_SYMTAB	__DATA	0x100028078	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5flushEv	UNDEFINED	LC_SYMTAB	__DATA	0x100028080	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_	UNDEFINED	LC_SYMTAB	__DATA	0x100028088	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028090	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027168	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027160	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028098	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEPNS_15basic_streambufIcS2_EE	UNDEFINED	LC_SYMTAB	__DATA	0x1000280A0	/usr/lib/libc++.1.dylib
__ZNSt3__115__thread_structC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280A8	/usr/lib/libc++.1.dylib
__ZNSt3__115__thread_structD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280B0	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5uflowEv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027210	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsgetnEPcl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027200	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsputnEPKcl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027220	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9showmanycEv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000271F8	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280B8	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280C0	/usr/lib/libc++.1.dylib
__ZNSt3__119__thread_local_dataEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000280C8	/usr/lib/libc++.1.dylib
__ZNSt3__120__throw_system_errorEiPKc	UNDEFINED	LC_SYMTAB	__DATA	0x1000280D0	/usr/lib/libc++.1.dylib
__ZNSt3__14cerrE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027030	/usr/lib/libc++.1.dylib
__ZNSt3__14coutE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027038	/usr/lib/libc++.1.dylib
__ZNSt3__15ctypeIcE2idE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027040	/usr/lib/libc++.1.dylib
__ZNSt3__16localeC1ERKS0_	UNDEFINED	LC_SYMTAB	__DATA	0x1000280D8	/usr/lib/libc++.1.dylib
__ZNSt3__16localeD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280E0	/usr/lib/libc++.1.dylib
__ZNSt3__16thread4joinEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000280E8	/usr/lib/libc++.1.dylib
__ZNSt3__16threadD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280F0	/usr/lib/libc++.1.dylib
__ZNSt3__17codecvtIcc11__mbstate_tE2idE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027048	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000280F8	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base4initEPv	UNDEFINED	LC_SYMTAB	__DATA	0x100028100	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base5clearEj	UNDEFINED	LC_SYMTAB	__DATA	0x100028108	/usr/lib/libc++.1.dylib
__ZNSt3__19basic_iosIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028110	/usr/lib/libc++.1.dylib
__ZNSt3__19to_stringEi	UNDEFINED	LC_SYMTAB	__DATA	0x100028118	/usr/lib/libc++.1.dylib
__ZNSt3__19to_stringEm	UNDEFINED	LC_SYMTAB	__DATA	0x100028120	/usr/lib/libc++.1.dylib
__ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_	UNDEFINED	LC_SYMTAB	__DATA	0x100028128	/usr/lib/libc++.1.dylib
__ZNSt8bad_castC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028130	/usr/lib/libc++.1.dylib
__ZNSt8bad_castD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027050	/usr/lib/libc++.1.dylib
__ZSt9terminatev	UNDEFINED	LC_SYMTAB	__DATA	0x100028138	/usr/lib/libc++.1.dylib
__ZTINSt3__113basic_istreamIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027318	/usr/lib/libc++.1.dylib
__ZTINSt3__113basic_ostreamIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000271A8	/usr/lib/libc++.1.dylib
__ZTINSt3__115basic_streambufIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027240	/usr/lib/libc++.1.dylib
__ZTISt12length_error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027058
__ZTISt12out_of_range	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027060
__ZTISt13runtime_error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027068	/usr/lib/libc++.1.dylib
__ZTISt20bad_array_new_length	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027070	/usr/lib/libc++.1.dylib
__ZTISt8bad_cast	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027078	/usr/lib/libc++.1.dylib
__ZTISt9exception	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027080	/usr/lib/libc++.1.dylib
__ZTVN10__cxxabiv120__si_class_type_infoE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027308	/usr/lib/libc++.1.dylib
__ZTVSt12length_error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027088	/usr/lib/libc++.1.dylib
__ZTVSt12out_of_range	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027090	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027300	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000272F8	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027190	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027188	/usr/lib/libc++.1.dylib
__ZdaPv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100027098
__ZdlPv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000270A0
__Znam	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000270A8
__Znwm	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000270B0
____chkstk_darwin	UNDEFINED	LC_SYMTAB	__DATA	0x100028140	/usr/lib/libSystem.B.dylib
___bzero	UNDEFINED	LC_SYMTAB	__DATA	0x100028148	/usr/lib/libSystem.B.dylib
___cxa_allocate_exception	UNDEFINED	LC_SYMTAB	__DATA	0x100028150	/usr/lib/libc++.1.dylib
___cxa_atexit	UNDEFINED	LC_SYMTAB	__DATA	0x100028158	/usr/lib/libSystem.B.dylib
___cxa_begin_catch	UNDEFINED	LC_SYMTAB	__DATA	0x100028160	/usr/lib/libc++.1.dylib
___cxa_end_catch	UNDEFINED	LC_SYMTAB	__DATA	0x100028168	/usr/lib/libc++.1.dylib
___cxa_free_exception	UNDEFINED	LC_SYMTAB	__DATA	0x100028170	/usr/lib/libc++.1.dylib
___cxa_rethrow	UNDEFINED	LC_SYMTAB	__DATA	0x100028178	/usr/lib/libc++.1.dylib
___cxa_throw	UNDEFINED	LC_SYMTAB	__DATA	0x100028180	/usr/lib/libc++.1.dylib
___gxx_personality_v0	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000270B8	/usr/lib/libc++.1.dylib
___maskrune	UNDEFINED	LC_SYMTAB	__DATA	0x100028188	/usr/lib/libSystem.B.dylib
___stack_chk_fail	UNDEFINED	LC_SYMTAB	__DATA	0x100028190	/usr/lib/libSystem.B.dylib
___stack_chk_guard	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000270C0	/usr/lib/libSystem.B.dylib
_close	UNDEFINED	LC_SYMTAB	__DATA	0x100028198	/usr/lib/libSystem.B.dylib
_closedir	UNDEFINED	LC_SYMTAB	__DATA	0x1000281A0	/usr/lib/libSystem.B.dylib
_connect	UNDEFINED	LC_SYMTAB	__DATA	0x1000281A8	/usr/lib/libSystem.B.dylib
_fclose	UNDEFINED	LC_SYMTAB	__DATA	0x1000281B0	/usr/lib/libSystem.B.dylib
_fflush	UNDEFINED	LC_SYMTAB	__DATA	0x1000281B8	/usr/lib/libSystem.B.dylib
_fgets	UNDEFINED	LC_SYMTAB	__DATA	0x1000281C0	/usr/lib/libSystem.B.dylib
_fopen	UNDEFINED	LC_SYMTAB	__DATA	0x1000281C8	/usr/lib/libSystem.B.dylib
_fputs	UNDEFINED	LC_SYMTAB	__DATA	0x1000281D0	/usr/lib/libSystem.B.dylib
_fread	UNDEFINED	LC_SYMTAB	__DATA	0x1000281D8	/usr/lib/libSystem.B.dylib
_fseek	UNDEFINED	LC_SYMTAB	__DATA	0x1000281E0	/usr/lib/libSystem.B.dylib
_fseeko	UNDEFINED	LC_SYMTAB	__DATA	0x1000281E8	/usr/lib/libSystem.B.dylib
_ftello	UNDEFINED	LC_SYMTAB	__DATA	0x1000281F0	/usr/lib/libSystem.B.dylib
_fwrite	UNDEFINED	LC_SYMTAB	__DATA	0x1000281F8	/usr/lib/libSystem.B.dylib
_getenv	UNDEFINED	LC_SYMTAB	__DATA	0x100028200	/usr/lib/libSystem.B.dylib
_inet_addr	UNDEFINED	LC_SYMTAB	__DATA	0x100028208	/usr/lib/libSystem.B.dylib
_malloc	UNDEFINED	LC_SYMTAB	__DATA	0x100028210	/usr/lib/libSystem.B.dylib
_memchr	UNDEFINED	LC_SYMTAB	__DATA	0x100028218	/usr/lib/libSystem.B.dylib
_memcmp	UNDEFINED	LC_SYMTAB	__DATA	0x100028220	/usr/lib/libSystem.B.dylib
_memcpy	UNDEFINED	LC_SYMTAB	__DATA	0x100028228	/usr/lib/libSystem.B.dylib
_memmove	UNDEFINED	LC_SYMTAB	__DATA	0x100028230	/usr/lib/libSystem.B.dylib
_memset	UNDEFINED	LC_SYMTAB	__DATA	0x100028238	/usr/lib/libSystem.B.dylib
_open	UNDEFINED	LC_SYMTAB	__DATA	0x100028240	/usr/lib/libSystem.B.dylib
_opendir$INODE64	UNDEFINED	LC_SYMTAB	__DATA	0x100028248	/usr/lib/libSystem.B.dylib
_pclose	UNDEFINED	LC_SYMTAB	__DATA	0x100028250	/usr/lib/libSystem.B.dylib
_popen	UNDEFINED	LC_SYMTAB	__DATA	0x100028258	/usr/lib/libSystem.B.dylib
_pthread_create	UNDEFINED	LC_SYMTAB	__DATA	0x100028260	/usr/lib/libSystem.B.dylib
_pthread_setspecific	UNDEFINED	LC_SYMTAB	__DATA	0x100028268	/usr/lib/libSystem.B.dylib
_rand	UNDEFINED	LC_SYMTAB	__DATA	0x100028270	/usr/lib/libSystem.B.dylib
_read	UNDEFINED	LC_SYMTAB	__DATA	0x100028278	/usr/lib/libSystem.B.dylib
_readdir$INODE64	UNDEFINED	LC_SYMTAB	__DATA	0x100028280	/usr/lib/libSystem.B.dylib
_realloc	UNDEFINED	LC_SYMTAB	__DATA	0x100028288	/usr/lib/libSystem.B.dylib
_recv	UNDEFINED	LC_SYMTAB	__DATA	0x100028290	/usr/lib/libSystem.B.dylib
_remove	UNDEFINED	LC_SYMTAB	__DATA	0x100028298	/usr/lib/libSystem.B.dylib
_rmdir	UNDEFINED	LC_SYMTAB	__DATA	0x1000282A0	/usr/lib/libSystem.B.dylib
_send	UNDEFINED	LC_SYMTAB	__DATA	0x1000282A8	/usr/lib/libSystem.B.dylib
_socket	UNDEFINED	LC_SYMTAB	__DATA	0x1000282B0	/usr/lib/libSystem.B.dylib
_srand	UNDEFINED	LC_SYMTAB	__DATA	0x1000282B8	/usr/lib/libSystem.B.dylib
_stat$INODE64	UNDEFINED	LC_SYMTAB	__DATA	0x1000282C0	/usr/lib/libSystem.B.dylib
_strcat	UNDEFINED	LC_SYMTAB	__DATA	0x1000282C8	/usr/lib/libSystem.B.dylib
_strcmp	UNDEFINED	LC_SYMTAB	__DATA	0x1000282D0	/usr/lib/libSystem.B.dylib
_strdup	UNDEFINED	LC_SYMTAB	__DATA	0x1000282D8	/usr/lib/libSystem.B.dylib
_strlen	UNDEFINED	LC_SYMTAB	__DATA	0x1000282E0	/usr/lib/libSystem.B.dylib
_system	UNDEFINED	LC_SYMTAB	__DATA	0x1000282E8	/usr/lib/libSystem.B.dylib
_time	UNDEFINED	LC_SYMTAB	__DATA	0x1000282F0	/usr/lib/libSystem.B.dylib
_write	UNDEFINED	LC_SYMTAB	__DATA	0x1000282F8	/usr/lib/libSystem.B.dylib
dyld_stub_binder	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000270C8	/usr/lib/libSystem.B.dylib

General Information for header 2
Endian:	little-endian
Size:	64-bit
Architecture:	arm64
Filetype:	execute
Nbr. of load commands:	18
Entry point:	0x10001C8AC

segment_64 load command - aggregated: 5

Name	Value
segname	__PAGEZERO
vmaddr	0x0
vmsize	0x100000000
fileoff	0x0
filesize	0x0
maxprot	0x0
initprot	0x0
nsects	0
flags	0x0

Name

Value

segname

__TEXT

vmaddr

0x100000000

vmsize

0x24000

fileoff

0x0

filesize

0x24000

maxprot

0x5

initprot

0x5

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__text	__TEXT	0x100001F60	0x1E6D0	0x1F60	6.75606259	2	0x0	0	0x80000400
__stubs	__TEXT	0x100020630	0x4A4	0x20630	3.75604776	2	0x0	0	0x80000400
__stub_helper	__TEXT	0x100020AD4	0x48C	0x20AD4	4.08385098	2	0x0	0	0x80000400
__gcc_except_tab	__TEXT	0x100020F60	0x1850	0x20F60	5.77203712	2	0x0	0	0x0
__const	__TEXT	0x1000227B0	0x14CC	0x227B0	5.21911507	4	0x0	0	0x0
__cstring	__TEXT	0x100023C7C	0x58	0x23C7C	4.05649835	0	0x0	0	0x0
__unwind_info	__TEXT	0x100023CD4	0x328	0x23CD4	5.08149439	2	0x0	0	0x0

Name

Value

segname

__DATA_CONST

vmaddr

0x100024000

vmsize

0x4000

fileoff

0x24000

filesize

0x4000

maxprot

0x3

initprot

0x3

nsects

flags

0x10

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__got	__DATA_CONST	0x100024000	0xD8	0x24000	-0.00000000	3	0x0	0	0x0
__mod_init_func	__DATA_CONST	0x1000240D8	0x8	0x240D8	1.75000000	3	0x0	0	0x0
__const	__DATA_CONST	0x1000240E0	0x248	0x240E0	2.40024276	3	0x0	0	0x0

Name

Value

segname

__DATA

vmaddr

0x100028000

vmsize

0x4000

fileoff

0x28000

filesize

0x4000

maxprot

0x3

initprot

0x3

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__la_symbol_ptr	__DATA	0x100028000	0x2F8	0x28000	2.99669051	3	0x0	0	0x0
__data	__DATA	0x1000282F8	0x56	0x282F8	4.19840955	3	0x0	0	0x0
__bss	__DATA	0x100028350	0x18	0x0	0.00000000	3	0x0	0	0x0
__common	__DATA	0x100028368	0xC8	0x0	0.00000000	3	0x0	0	0x0

Name	Value
segname	__LINKEDIT
vmaddr	0x10002C000
vmsize	0x8000
fileoff	0x2C000
filesize	0x7EB0
maxprot	0x1
initprot	0x1
nsects	0
flags	0x0

dyld_info_only load command - aggregated: 1

Name	Value
rebase_off	180224
rebase_size	32
bind_off	180256
bind_size	1792
weak_bind_off	182048
weak_bind_size	96
lazy_bind_off	182144
lazy_bind_size	3024
export_off	185168
export_size	32

symtab load command - aggregated: 1

Name	Value
symoff	185352
nsyms	140
stroff	188480
strsize	3912

dysymtab load command - aggregated: 1

Name	Value
ilocalsym	0
nlocalsym	1
iextdefsym	1
nextdefsym	1
iundefsym	2
nundefsym	138
tocoff	0
ntoc	0
modtaboff	0
nmodtab	0
extrefsymoff	0
nextrefsyms	0
indirectsymoff	187592
nindirectsyms	221
extreloff	0
nextrel	0
locreloff	0
nlocrel	0

load_dylinker load command - aggregated: 1

Name	Value

uuid load command - aggregated: 1

Name	Value
uuid	73444d6f-a04d-3bcd-8145-b267da36c265

build_version load command - aggregated: 1

Name	Value

source_version load command - aggregated: 1

Name	Value
path	0.0.0.0.0

main load command - aggregated: 1

Name	Value

load_dylib load command - aggregated: 2

Name

Value

compatibility_version

1.0.0

current_version

1700.255.5

timestamp

1970-01-01

Datas

/usr/lib/libc++.1.dylib

Name

Value

compatibility_version

1.0.0

current_version

1345.120.2

timestamp

1970-01-01

Datas

/usr/lib/libSystem.B.dylib

function_starts load command - aggregated: 1

Name	Value
dataoff	185200
datasize	152

data_in_code load command - aggregated: 1

Name	Value
dataoff	185352
datasize	0

code_signature load command - aggregated: 1

Name	Value
dataoff	192400
datasize	20256

Symbols

Name	Category	Origin	Segment Name	Bind Address	Library Name
__mh_execute_header	EXTERNAL	LC_SYMTAB
radr://5614542	LOCAL	LC_SYMTAB
__DefaultRuneLocale	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024000	/usr/lib/libSystem.B.dylib
__Unwind_Resume	UNDEFINED	LC_SYMTAB	__DATA	0x100028000	/usr/lib/libSystem.B.dylib
__ZNKSt3__16locale9has_facetERNS0_2idE	UNDEFINED	LC_SYMTAB	__DATA	0x100028008	/usr/lib/libc++.1.dylib
__ZNKSt3__16locale9use_facetERNS0_2idE	UNDEFINED	LC_SYMTAB	__DATA	0x100028010	/usr/lib/libc++.1.dylib
__ZNKSt3__18ios_base6getlocEv	UNDEFINED	LC_SYMTAB	__DATA	0x100028018	/usr/lib/libc++.1.dylib
__ZNSt11logic_errorC2EPKc	UNDEFINED	LC_SYMTAB	__DATA	0x100028020	/usr/lib/libc++.1.dylib
__ZNSt12length_errorD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024008	/usr/lib/libc++.1.dylib
__ZNSt12out_of_rangeD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024010	/usr/lib/libc++.1.dylib
__ZNSt13runtime_errorC1ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE	UNDEFINED	LC_SYMTAB	__DATA	0x100028028	/usr/lib/libc++.1.dylib
__ZNSt13runtime_errorD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024018	/usr/lib/libc++.1.dylib
__ZNSt20bad_array_new_lengthC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028030	/usr/lib/libc++.1.dylib
__ZNSt20bad_array_new_lengthD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024020	/usr/lib/libc++.1.dylib
__ZNSt3__112__next_primeEm	UNDEFINED	LC_SYMTAB	__DATA	0x100028038	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcm	UNDEFINED	LC_SYMTAB	__DATA	0x100028040	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6insertEmPKcm	UNDEFINED	LC_SYMTAB	__DATA	0x100028048	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7reserveEm	UNDEFINED	LC_SYMTAB	__DATA	0x100028050	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE9push_backEc	UNDEFINED	LC_SYMTAB	__DATA	0x100028058	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024028	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5seekgExNS_8ios_base7seekdirE	UNDEFINED	LC_SYMTAB	__DATA	0x100028060	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEE5tellgEv	UNDEFINED	LC_SYMTAB	__DATA	0x100028068	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000242E0	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000242D8	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028070	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE3putEc	UNDEFINED	LC_SYMTAB	__DATA	0x100028078	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5flushEv	UNDEFINED	LC_SYMTAB	__DATA	0x100028080	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_	UNDEFINED	LC_SYMTAB	__DATA	0x100028088	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028090	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024170	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024168	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028098	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEPNS_15basic_streambufIcS2_EE	UNDEFINED	LC_SYMTAB	__DATA	0x1000280A0	/usr/lib/libc++.1.dylib
__ZNSt3__115__thread_structC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280A8	/usr/lib/libc++.1.dylib
__ZNSt3__115__thread_structD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280B0	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5uflowEv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024218	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsgetnEPcl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024208	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsputnEPKcl	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024228	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9showmanycEv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024200	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280B8	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280C0	/usr/lib/libc++.1.dylib
__ZNSt3__119__thread_local_dataEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000280C8	/usr/lib/libc++.1.dylib
__ZNSt3__120__throw_system_errorEiPKc	UNDEFINED	LC_SYMTAB	__DATA	0x1000280D0	/usr/lib/libc++.1.dylib
__ZNSt3__14cerrE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024030	/usr/lib/libc++.1.dylib
__ZNSt3__14coutE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024038	/usr/lib/libc++.1.dylib
__ZNSt3__15ctypeIcE2idE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024040	/usr/lib/libc++.1.dylib
__ZNSt3__16localeC1ERKS0_	UNDEFINED	LC_SYMTAB	__DATA	0x1000280D8	/usr/lib/libc++.1.dylib
__ZNSt3__16localeD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280E0	/usr/lib/libc++.1.dylib
__ZNSt3__16thread4joinEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000280E8	/usr/lib/libc++.1.dylib
__ZNSt3__16threadD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000280F0	/usr/lib/libc++.1.dylib
__ZNSt3__17codecvtIcc11__mbstate_tE2idE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024048	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000280F8	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base4initEPv	UNDEFINED	LC_SYMTAB	__DATA	0x100028100	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base5clearEj	UNDEFINED	LC_SYMTAB	__DATA	0x100028108	/usr/lib/libc++.1.dylib
__ZNSt3__19basic_iosIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028110	/usr/lib/libc++.1.dylib
__ZNSt3__19to_stringEi	UNDEFINED	LC_SYMTAB	__DATA	0x100028118	/usr/lib/libc++.1.dylib
__ZNSt3__19to_stringEm	UNDEFINED	LC_SYMTAB	__DATA	0x100028120	/usr/lib/libc++.1.dylib
__ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_	UNDEFINED	LC_SYMTAB	__DATA	0x100028128	/usr/lib/libc++.1.dylib
__ZNSt8bad_castC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100028130	/usr/lib/libc++.1.dylib
__ZNSt8bad_castD1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024050	/usr/lib/libc++.1.dylib
__ZSt9terminatev	UNDEFINED	LC_SYMTAB	__DATA	0x100028138	/usr/lib/libc++.1.dylib
__ZTINSt3__113basic_istreamIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024320	/usr/lib/libc++.1.dylib
__ZTINSt3__113basic_ostreamIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000241B0	/usr/lib/libc++.1.dylib
__ZTINSt3__115basic_streambufIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024248	/usr/lib/libc++.1.dylib
__ZTISt12length_error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024058
__ZTISt12out_of_range	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024060
__ZTISt13runtime_error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024068	/usr/lib/libc++.1.dylib
__ZTISt20bad_array_new_length	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024070	/usr/lib/libc++.1.dylib
__ZTISt8bad_cast	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024078	/usr/lib/libc++.1.dylib
__ZTISt9exception	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024080	/usr/lib/libc++.1.dylib
__ZTVN10__cxxabiv120__si_class_type_infoE	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024310	/usr/lib/libc++.1.dylib
__ZTVSt12length_error	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024088	/usr/lib/libc++.1.dylib
__ZTVSt12out_of_range	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024090	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024308	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024300	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024198	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_ostreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024190	/usr/lib/libc++.1.dylib
__ZdaPv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x100024098
__ZdlPv	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240A0
__Znam	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240A8
__Znwm	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240B0
___chkstk_darwin	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240B8	/usr/lib/libSystem.B.dylib
___cxa_allocate_exception	UNDEFINED	LC_SYMTAB	__DATA	0x100028140	/usr/lib/libc++.1.dylib
___cxa_atexit	UNDEFINED	LC_SYMTAB	__DATA	0x100028148	/usr/lib/libSystem.B.dylib
___cxa_begin_catch	UNDEFINED	LC_SYMTAB	__DATA	0x100028150	/usr/lib/libc++.1.dylib
___cxa_end_catch	UNDEFINED	LC_SYMTAB	__DATA	0x100028158	/usr/lib/libc++.1.dylib
___cxa_free_exception	UNDEFINED	LC_SYMTAB	__DATA	0x100028160	/usr/lib/libc++.1.dylib
___cxa_rethrow	UNDEFINED	LC_SYMTAB	__DATA	0x100028168	/usr/lib/libc++.1.dylib
___cxa_throw	UNDEFINED	LC_SYMTAB	__DATA	0x100028170	/usr/lib/libc++.1.dylib
___gxx_personality_v0	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240C0	/usr/lib/libc++.1.dylib
___maskrune	UNDEFINED	LC_SYMTAB	__DATA	0x100028178	/usr/lib/libSystem.B.dylib
___stack_chk_fail	UNDEFINED	LC_SYMTAB	__DATA	0x100028180	/usr/lib/libSystem.B.dylib
___stack_chk_guard	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240C8	/usr/lib/libSystem.B.dylib
_bzero	UNDEFINED	LC_SYMTAB	__DATA	0x100028188	/usr/lib/libSystem.B.dylib
_close	UNDEFINED	LC_SYMTAB	__DATA	0x100028190	/usr/lib/libSystem.B.dylib
_closedir	UNDEFINED	LC_SYMTAB	__DATA	0x100028198	/usr/lib/libSystem.B.dylib
_connect	UNDEFINED	LC_SYMTAB	__DATA	0x1000281A0	/usr/lib/libSystem.B.dylib
_fclose	UNDEFINED	LC_SYMTAB	__DATA	0x1000281A8	/usr/lib/libSystem.B.dylib
_fflush	UNDEFINED	LC_SYMTAB	__DATA	0x1000281B0	/usr/lib/libSystem.B.dylib
_fgets	UNDEFINED	LC_SYMTAB	__DATA	0x1000281B8	/usr/lib/libSystem.B.dylib
_fopen	UNDEFINED	LC_SYMTAB	__DATA	0x1000281C0	/usr/lib/libSystem.B.dylib
_fputs	UNDEFINED	LC_SYMTAB	__DATA	0x1000281C8	/usr/lib/libSystem.B.dylib
_fread	UNDEFINED	LC_SYMTAB	__DATA	0x1000281D0	/usr/lib/libSystem.B.dylib
_fseek	UNDEFINED	LC_SYMTAB	__DATA	0x1000281D8	/usr/lib/libSystem.B.dylib
_fseeko	UNDEFINED	LC_SYMTAB	__DATA	0x1000281E0	/usr/lib/libSystem.B.dylib
_ftello	UNDEFINED	LC_SYMTAB	__DATA	0x1000281E8	/usr/lib/libSystem.B.dylib
_fwrite	UNDEFINED	LC_SYMTAB	__DATA	0x1000281F0	/usr/lib/libSystem.B.dylib
_getenv	UNDEFINED	LC_SYMTAB	__DATA	0x1000281F8	/usr/lib/libSystem.B.dylib
_inet_addr	UNDEFINED	LC_SYMTAB	__DATA	0x100028200	/usr/lib/libSystem.B.dylib
_malloc	UNDEFINED	LC_SYMTAB	__DATA	0x100028208	/usr/lib/libSystem.B.dylib
_memchr	UNDEFINED	LC_SYMTAB	__DATA	0x100028210	/usr/lib/libSystem.B.dylib
_memcmp	UNDEFINED	LC_SYMTAB	__DATA	0x100028218	/usr/lib/libSystem.B.dylib
_memcpy	UNDEFINED	LC_SYMTAB	__DATA	0x100028220	/usr/lib/libSystem.B.dylib
_memmove	UNDEFINED	LC_SYMTAB	__DATA	0x100028228	/usr/lib/libSystem.B.dylib
_memset	UNDEFINED	LC_SYMTAB	__DATA	0x100028230	/usr/lib/libSystem.B.dylib
_open	UNDEFINED	LC_SYMTAB	__DATA	0x100028238	/usr/lib/libSystem.B.dylib
_opendir	UNDEFINED	LC_SYMTAB	__DATA	0x100028240	/usr/lib/libSystem.B.dylib
_pclose	UNDEFINED	LC_SYMTAB	__DATA	0x100028248	/usr/lib/libSystem.B.dylib
_popen	UNDEFINED	LC_SYMTAB	__DATA	0x100028250	/usr/lib/libSystem.B.dylib
_pthread_create	UNDEFINED	LC_SYMTAB	__DATA	0x100028258	/usr/lib/libSystem.B.dylib
_pthread_setspecific	UNDEFINED	LC_SYMTAB	__DATA	0x100028260	/usr/lib/libSystem.B.dylib
_rand	UNDEFINED	LC_SYMTAB	__DATA	0x100028268	/usr/lib/libSystem.B.dylib
_read	UNDEFINED	LC_SYMTAB	__DATA	0x100028270	/usr/lib/libSystem.B.dylib
_readdir	UNDEFINED	LC_SYMTAB	__DATA	0x100028278	/usr/lib/libSystem.B.dylib
_realloc	UNDEFINED	LC_SYMTAB	__DATA	0x100028280	/usr/lib/libSystem.B.dylib
_recv	UNDEFINED	LC_SYMTAB	__DATA	0x100028288	/usr/lib/libSystem.B.dylib
_remove	UNDEFINED	LC_SYMTAB	__DATA	0x100028290	/usr/lib/libSystem.B.dylib
_rmdir	UNDEFINED	LC_SYMTAB	__DATA	0x100028298	/usr/lib/libSystem.B.dylib
_send	UNDEFINED	LC_SYMTAB	__DATA	0x1000282A0	/usr/lib/libSystem.B.dylib
_socket	UNDEFINED	LC_SYMTAB	__DATA	0x1000282A8	/usr/lib/libSystem.B.dylib
_srand	UNDEFINED	LC_SYMTAB	__DATA	0x1000282B0	/usr/lib/libSystem.B.dylib
_stat	UNDEFINED	LC_SYMTAB	__DATA	0x1000282B8	/usr/lib/libSystem.B.dylib
_strcat	UNDEFINED	LC_SYMTAB	__DATA	0x1000282C0	/usr/lib/libSystem.B.dylib
_strcmp	UNDEFINED	LC_SYMTAB	__DATA	0x1000282C8	/usr/lib/libSystem.B.dylib
_strdup	UNDEFINED	LC_SYMTAB	__DATA	0x1000282D0	/usr/lib/libSystem.B.dylib
_strlen	UNDEFINED	LC_SYMTAB	__DATA	0x1000282D8	/usr/lib/libSystem.B.dylib
_system	UNDEFINED	LC_SYMTAB	__DATA	0x1000282E0	/usr/lib/libSystem.B.dylib
_time	UNDEFINED	LC_SYMTAB	__DATA	0x1000282E8	/usr/lib/libSystem.B.dylib
_write	UNDEFINED	LC_SYMTAB	__DATA	0x1000282F0	/usr/lib/libSystem.B.dylib
dyld_stub_binder	UNDEFINED	LC_SYMTAB	__DATA_CONST	0x1000240D0	/usr/lib/libSystem.B.dylib

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 05:32:03.742116928 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:03.757890940 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.759263039 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:03.785911083 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.786212921 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.786235094 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.786350012 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.787434101 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.851996899 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.853934050 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.853991985 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.854038000 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.854079008 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.854109049 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.854139090 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:03.854792118 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:03.854847908 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:03.854891062 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:03.855736971 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.855787039 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.855787039 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.855843067 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:03.855899096 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:03.856050968 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:03.856514931 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.872324944 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.880734921 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.880827904 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.880987883 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.881642103 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.881936073 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.882148981 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.882890940 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.883071899 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.887897968 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.887973070 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.888791084 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.889024973 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.894650936 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.894778967 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.895369053 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.895539045 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.901372910 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.901499987 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.902856112 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.903107882 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.908139944 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.908176899 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.909147978 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.909681082 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.914904118 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.915003061 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.915674925 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.916006088 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.921552896 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.921670914 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.922473907 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.922646046 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.928271055 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.928394079 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:03.928400040 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.928947926 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.929184914 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.970936060 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.970944881 CEST	443	49351	151.101.131.6	192.168.11.12
Oct 25, 2024 05:32:03.971719980 CEST	49351	443	192.168.11.12	151.101.131.6
Oct 25, 2024 05:32:03.977193117 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.977288961 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.978357077 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.978648901 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.980372906 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.980385065 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.981178999 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.981498003 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:03.987162113 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.987173080 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:03.988152027 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:04.024056911 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:04.024821997 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:04.050306082 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:04.145226955 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:04.146068096 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:04.403543949 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:04.498728037 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:05.857944012 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:05.862864017 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:05.952723026 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:05.953418970 CEST	49348	443	192.168.11.12	17.248.199.64
Oct 25, 2024 05:32:05.957060099 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:05.957310915 CEST	443	49348	17.248.199.64	192.168.11.12
Oct 25, 2024 05:32:05.972636938 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:06.051930904 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:06.051980972 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:06.052788973 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:06.052824974 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:06.067142963 CEST	443	49352	17.253.97.206	192.168.11.12
Oct 25, 2024 05:32:06.068169117 CEST	49352	443	192.168.11.12	17.253.97.206
Oct 25, 2024 05:32:38.412098885 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.412188053 CEST	443	49381	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.413045883 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.413919926 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.413980007 CEST	443	49381	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.633835077 CEST	443	49381	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.635070086 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.635071039 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.754091978 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.754292011 CEST	443	49381	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.754764080 CEST	443	49381	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.754885912 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.755354881 CEST	49381	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.793678045 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.793788910 CEST	443	49382	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.794748068 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.795723915 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.795784950 CEST	443	49382	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.993846893 CEST	443	49382	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:38.994903088 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:38.995209932 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.001777887 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.001882076 CEST	443	49382	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.002023935 CEST	443	49382	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.002715111 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.002737999 CEST	49382	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.026909113 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.027019024 CEST	443	49383	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.027643919 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.028753042 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.028805017 CEST	443	49383	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.233138084 CEST	443	49383	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.234011889 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.234011889 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.241214991 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.241463900 CEST	443	49383	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.241904020 CEST	443	49383	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.242044926 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.242383957 CEST	49383	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.261399031 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.261455059 CEST	443	49384	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.262669086 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.263674021 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.263715029 CEST	443	49384	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.313473940 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.313527107 CEST	443	49385	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.314071894 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.315162897 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.315182924 CEST	443	49385	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.461981058 CEST	443	49384	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.464378119 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.464378119 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.472805977 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.472996950 CEST	443	49384	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.473295927 CEST	443	49384	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.473911047 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.473953009 CEST	49384	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.513806105 CEST	443	49385	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.515856028 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.515856981 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.555506945 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.555720091 CEST	443	49385	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.556191921 CEST	443	49385	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.556291103 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.556773901 CEST	49385	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.597203016 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.597316027 CEST	443	49386	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.597939014 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.598762035 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.598817110 CEST	443	49386	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.801872969 CEST	443	49386	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.803447008 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.803505898 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.812556982 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.812796116 CEST	443	49386	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.813245058 CEST	443	49386	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:39.813383102 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:39.813605070 CEST	49386	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.663506031 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.663618088 CEST	443	49390	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:40.664290905 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.665725946 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.665779114 CEST	443	49390	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:40.869151115 CEST	443	49390	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:40.870033979 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.870033979 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.879312992 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.879543066 CEST	443	49390	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:40.880034924 CEST	443	49390	151.101.195.6	192.168.11.12
Oct 25, 2024 05:32:40.880192041 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:32:40.881026983 CEST	49390	443	192.168.11.12	151.101.195.6
Oct 25, 2024 05:33:02.375830889 CEST	49344	80	192.168.11.12	23.46.224.247
Oct 25, 2024 05:33:02.471172094 CEST	80	49344	23.46.224.247	192.168.11.12
Oct 25, 2024 05:33:02.471885920 CEST	49344	80	192.168.11.12	23.46.224.247
Oct 25, 2024 05:34:08.712356091 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.712467909 CEST	443	49398	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:08.713304043 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.714091063 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.714184046 CEST	443	49398	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:08.910573006 CEST	443	49398	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:08.912668943 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.912704945 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.919162989 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.919296980 CEST	443	49398	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:08.919514894 CEST	443	49398	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:08.920105934 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.920422077 CEST	49398	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.932545900 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.932601929 CEST	443	49399	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:08.933218956 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.933845997 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:08.933870077 CEST	443	49399	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.128547907 CEST	443	49399	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.129540920 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.129568100 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.144069910 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.144184113 CEST	443	49399	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.144484043 CEST	443	49399	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.145102024 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.145102024 CEST	49399	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.186927080 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.187017918 CEST	443	49400	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.187819004 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.190119028 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.190190077 CEST	443	49400	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.392891884 CEST	443	49400	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.393625021 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.393682957 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.398680925 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.398910999 CEST	443	49400	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.399348974 CEST	443	49400	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.399499893 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.399872065 CEST	49400	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.424621105 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.424732924 CEST	443	49401	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.425590038 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.426660061 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.426717997 CEST	443	49401	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.630158901 CEST	443	49401	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.631069899 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.631069899 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.648006916 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.648260117 CEST	443	49401	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.648698092 CEST	443	49401	151.101.67.6	192.168.11.12
Oct 25, 2024 05:34:09.649148941 CEST	49401	443	192.168.11.12	151.101.67.6
Oct 25, 2024 05:34:09.649467945 CEST	49401	443	192.168.11.12	151.101.67.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 05:32:26.437009096 CEST	53	56798	1.1.1.1	192.168.11.12
Oct 25, 2024 05:33:43.333565950 CEST	137	137	192.168.11.12	192.168.11.255
Oct 25, 2024 05:33:43.333817959 CEST	137	137	192.168.11.12	192.168.11.255
Oct 25, 2024 05:33:43.334079981 CEST	137	137	192.168.11.12	192.168.11.255
Oct 25, 2024 05:34:08.612658978 CEST	60060	53	192.168.11.12	1.1.1.1
Oct 25, 2024 05:34:08.708412886 CEST	53	60060	1.1.1.1	192.168.11.12

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 05:34:08.612658978 CEST	192.168.11.12	1.1.1.1	0x685e	Standard query (0)	h3.apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 05:34:08.708412886 CEST	1.1.1.1	192.168.11.12	0x685e	No error (0)	h3.apis.apple.map.fastly.net	151.101.131.6	A (IP address)	IN (0x0001)	false
Oct 25, 2024 05:34:08.708412886 CEST	1.1.1.1	192.168.11.12	0x685e	No error (0)	h3.apis.apple.map.fastly.net	151.101.67.6	A (IP address)	IN (0x0001)	false
Oct 25, 2024 05:34:08.708412886 CEST	1.1.1.1	192.168.11.12	0x685e	No error (0)	h3.apis.apple.map.fastly.net	151.101.195.6	A (IP address)	IN (0x0001)	false
Oct 25, 2024 05:34:08.708412886 CEST	1.1.1.1	192.168.11.12	0x685e	No error (0)	h3.apis.apple.map.fastly.net	151.101.3.6	A (IP address)	IN (0x0001)	false

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Oct 25, 2024 05:32:03.854038000 CEST	151.101.131.6	443	192.168.11.12	49351	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 26 15:47:44 CEST 2024 Wed Apr 29 14:54:50 CEST 2020	Thu Dec 19 19:00:57 CET 2024 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Oct 25, 2024 05:32:03.854038000 CEST	151.101.131.6	443	192.168.11.12	49351	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Oct 25, 2024 05:32:03.854847908 CEST	17.253.97.206	443	192.168.11.12	49352	CN=mesu.apple.com, O=Apple Inc., ST=California, C=US C=US, ST=California, O=Apple Inc., CN=Apple Public Server ECC CA 12 - G1	C=US, ST=California, O=Apple Inc., CN=Apple Public Server ECC CA 12 - G1 CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jul 11 20:07:14 CEST 2024 Wed Jun 19 02:00:00 CEST 2019	Thu Apr 10 02:00:00 CEST 2025 Thu Dec 07 00:59:59 CET 2028	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Oct 25, 2024 05:32:03.854847908 CEST	17.253.97.206	443	192.168.11.12	49352	C=US, ST=California, O=Apple Inc., CN=Apple Public Server ECC CA 12 - G1	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Wed Jun 19 02:00:00 CEST 2019	Thu Dec 07 00:59:59 CET 2028		5c118da645babe52f060d0754256a73c

System Behavior

Analysis Process: xpcproxy PID: 611, Parent PID: 1

General

Start time (UTC):	03:32:02
Start date (UTC):	25/10/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Start time (UTC):	03:32:02
Start date (UTC):	25/10/2024
Path:	/usr/libexec/nsurlstoraged
Arguments:	/usr/libexec/nsurlstoraged --privileged
File size:	246624 bytes
MD5 hash:	321b0a40e24b45f0af49ba42742b3f64

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/Users/bernard/Desktop/CalendlyApp
Arguments:	/Users/bernard/Desktop/CalendlyApp
File size:	442032 bytes
MD5 hash:	55c70b5d0cebb28d0ba3e21a6b065884

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/usr/bin/osascript
Arguments:	osascript -e tell application 'Terminal' to set visible of front window to false
File size:	43232 bytes
MD5 hash:	f13b7c85f3c1c08fae3b709a536281a1

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/bin/mkdir
Arguments:	mkdir /Users/root/570944017
File size:	18592 bytes
MD5 hash:	bbbaafd2a4d7dcb9ddd178d814fea708

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/usr/bin/sw_vers
Arguments:	sw_vers
File size:	18848 bytes
MD5 hash:	b1a0821a52f96765ef7bc349eaaa2acf

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/usr/sbin/system_profiler
Arguments:	system_profiler SPHardwareDataType
File size:	45472 bytes
MD5 hash:	271feb2b4c0447da2b7ac523f13a4824

Start time (UTC):	03:32:09
Start date (UTC):	25/10/2024
Path:	/usr/sbin/system_profiler
Arguments:	-
File size:	45472 bytes
MD5 hash:	271feb2b4c0447da2b7ac523f13a4824

Start time (UTC):	03:32:10
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:10
Start date (UTC):	25/10/2024
Path:	/usr/sbin/system_profiler
Arguments:	system_profiler SPDisplaysDataType
File size:	45472 bytes
MD5 hash:	271feb2b4c0447da2b7ac523f13a4824

Start time (UTC):	03:32:10
Start date (UTC):	25/10/2024
Path:	/usr/sbin/system_profiler
Arguments:	-
File size:	45472 bytes
MD5 hash:	271feb2b4c0447da2b7ac523f13a4824

Start time (UTC):	03:32:11
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:11
Start date (UTC):	25/10/2024
Path:	/usr/bin/dscl
Arguments:	dscl /Local/Default -authonly root
File size:	202560 bytes
MD5 hash:	9a2337f2a5a6271e0187153296de3c9f

Start time (UTC):	03:32:11
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:11
Start date (UTC):	25/10/2024
Path:	/usr/bin/osascript
Arguments:	osascript -e display dialog 'To launch the application, you need to update the system settings \n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer
File size:	43232 bytes
MD5 hash:	f13b7c85f3c1c08fae3b709a536281a1

Start time (UTC):	03:32:41
Start date (UTC):	25/10/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	03:32:41
Start date (UTC):	25/10/2024
Path:	/usr/bin/osascript
Arguments:	osascript -e display dialog 'To launch the application, you need to update the system settings You entered an invalid password.\n\nPlease enter your password.' with title 'System Preferences' with icon caution default answer '' giving up after 30 with hidden answer
File size:	43232 bytes
MD5 hash:	f13b7c85f3c1c08fae3b709a536281a1

Start time (UTC):	03:32:12
Start date (UTC):	25/10/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Start time (UTC):	03:32:12
Start date (UTC):	25/10/2024
Path:	/usr/libexec/dirhelper
Arguments:	/usr/libexec/dirhelper
File size:	39376 bytes
MD5 hash:	23edb05ab305e115e8874baa5b1e3004

Start time (UTC):	03:32:48
Start date (UTC):	25/10/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Start time (UTC):	03:32:48
Start date (UTC):	25/10/2024
Path:	/usr/libexec/firmwarecheckers/eficheck/eficheck
Arguments:	/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
File size:	74048 bytes
MD5 hash:	328beb81a2263449258057506bb4987f

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse AppleScript for execution. AppleScript is a macOS scripting language designed to control applications and parts of the OS via inter-application messages called AppleEvents.These AppleEvent messages can be sent independently or easily scripted with AppleScript. These events can locate open windows, send keystrokes, and interact with almost any open application locally or remotely.
Tactics:	Execution
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to mimic features of valid code signatures to increase the chance of deceiving a user, analyst, or tool. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Adversaries can copy the metadata and signature information from a signed program, then use it as a template for an unsigned program. Files with invalid code signatures will fail digital signature validation checks, but they may appear more legitimate to users and security tools may improperly handle these files.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. The certificates used during an operation may be created, acquired, or stolen by the adversary. Unlike Invalid Code Signature , this activity will result in a valid signature.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report CalendlyApp

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/Users/bernard/570944017/Sysinfo.txt

/private/var/root/Library/Saved Application State/com.apple.osascript.savedState/data.data

/private/var/root/Library/Saved Application State/com.apple.osascript.savedState/restorecount.plist

/private/var/root/Library/Saved Application State/com.apple.osascript.savedState/windows.plist

Static File Info

General

CodeSign Information

Static Mach Info

General Information for header 1

Symbols

General Information for header 2

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Connections

System Behavior

Analysis Process: xpcproxy PID: 611, Parent PID: 1

General

Chronological Activities

Analysis Process: nsurlstoraged PID: 611, Parent PID: 1

General

Chronological Activities

Analysis Process: mono-sgen32 PID: 621, Parent PID: 537

General

Chronological Activities

Analysis Process: CalendlyApp PID: 621, Parent PID: 537

macOS Analysis Report
CalendlyApp