Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
-
|
||
|
/Users/bernard/Desktop/V6QED2Q1WBYVOPE
|
/Users/bernard/Desktop/V6QED2Q1WBYVOPE
|
||
|
/usr/libexec/xpcproxy
|
-
|
||
|
/usr/libexec/firmwarecheckers/eficheck/eficheck
|
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
appledownload.map.fastly.net
|
151.101.67.8
|
||
|
h3.apis.apple.map.fastly.net
|
151.101.131.6
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
151.101.67.8
|
appledownload.map.fastly.net
|
United States
|
||
|
23.199.49.152
|
unknown
|
United States
|
||
|
151.101.131.6
|
h3.apis.apple.map.fastly.net
|
United States
|
||
|
23.46.224.247
|
unknown
|
United States
|
||
|
151.101.67.6
|
unknown
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1101b0000
|
page read and write
|
|||
|
10f89f000
|
page read and write
|
|||
|
11a772000
|
page readonly
|
|||
|
1101af000
|
page readonly
|
|||
|
11a6ba000
|
page execute read
|
|||
|
11a739000
|
page read and write
|
|||
|
10f89e000
|
page execute read
|
|||
|
11a73e000
|
page read and write
|