macOS Analysis Report
ot-test-app-darwin-x64-1.0.1.zip

Overview

General Information

Sample name:	ot-test-app-darwin-x64-1.0.1.zip
Analysis ID:	1430400
MD5:	a620217c7f0feae15053a8978d56b203
SHA1:	1ed14d9429ffd779a4c7af86677d0784e99b68db
SHA256:	bdee2a21d9ab1d86cd1e3d1e10ddfc8a19e03d241c4ce5911d976283307d5532
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false

Signatures

App bundle contains hidden files/directories

Reads hardware related sysctl values

Reads process information of other processes

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Reads the systems OS release and/or type

Reads the systems hostname

Writes HTML files containing JavaScript to disk

Classification

Signatures

Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.193.20:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49419 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /session/new?mobile=1 HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: global traffic	HTTP traffic detected: GET /assets/application-mobile-7ad2940818d75a843437e99a696611a0.css HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: text/css,/;q=0.1Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: text/css,/;q=0.1Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/sessions/new-2e9c6041dec9b53028870dc87a91c0c3.js HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/jquery-1.12.2.min-fixed.js HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/application-mobile-c8b0069e758f0bcce97f62ce5be9b20c.js HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /v6.5/honeybadger.min.js HTTP/1.1Host: js.honeybadger.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: global traffic	HTTP traffic detected: GET /assets/optoro-kite-logo-gray.svg HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: image/webp,image/apng,image/,/*;q=0.8Referer: https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /images/spinner.gif HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: image/webp,image/apng,image/,/*;q=0.8Referer: https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /images/mobile-optiturn-logo-2x.png HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: image/webp,image/apng,image/,/*;q=0.8Referer: https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903

Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: var url = 'http://www.youtube.com/embed/' + equals www.youtube.com (Youtube)
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: return b}vC.H="internal.enableAutoEventOnTimer";var dc=ia(["data-gtm-yt-inspected-"]),xC=["www.youtube.com","www.youtube-nocookie.com"],yC,zC=!1; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: sandbox.optiturn.com

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

Reads from socket in process: data

Jump to behavior

Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://127.0.0.1
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://bassistance.de/jquery-plugins/jquery-plugin-validation/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://crbug.com/26312
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://creativecommons.org/ns#
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: http://crl.apple.com/codesigning.crl0
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://docs.jquery.com/Plugins/Validation
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Article
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/BlogPosting
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Corporation
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/EducationalOrganization
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/GovernmentOrganization
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/ImageObject
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/NGO
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/NewsArticle
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Organization
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Person
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/ScholarlyArticle
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/TechArticle
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp, Info.plist	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: http://www.apple.com/appleca/root.crl0
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: http://www.apple.com/certificateauthority0
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.html5rocks.com/en/tutorials/canvas/hidpi/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.inkscape.org/)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: ot-test-app, 00000625.00000266.1.000000010dc91000.000000010e66b000.r--.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.youtube.com/embed/
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=559258
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=28885
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://chromedevtools.github.io/devtools-protocol/tot/$
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://crbug.com/740629)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://crbug.com/852872):
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developer.chrome.com/devtools/docs/remote-debugging#port-forwarding
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/chrome-developer-tools/docs/remote-debugging
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/accessibility/accessible-styles#color_and_contrast
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtoo
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/performance/rendering/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/performance/user-centric-performance-metrics#user-cen
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/progressive-web-apps#opaque-responses
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/sources?utm_source=devtools&utm_campaign=201
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/lighthouse/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/lighthouse/)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto&display=swap/
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2)
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2wOF2
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu0SC55K5gw.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKKTU1Kvnz.woff2)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/GoogleChrome/devtools-docs/issues/53
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/GoogleChrome/lighthouse/issues/new?
Source: ot-test-app, 00000625.00000266.1.000000010bcdd000.000000010bcf9000.r-x.sdmp	String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac/issues/182
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/WICG/webpackage
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/544
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://goo.gl/ZcZixP
Source: 402c5ed80cf90429_0.266.dr, 63fcd95fbcfe52d8_0.266.dr	String found in binary or memory: https://js.honeybadger.io/v6.5/honeybadger.min.js
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspector/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
Source: 402c5ed80cf90429_0.266.dr, f6a4b760a9c11ff3_0.266.dr, da20b6cbeff987ad_0.266.dr, d90671bec5e9eb37_0.266.dr	String found in binary or memory: https://optiturn.com/
Source: 55278cefcf389f81_0.266.dr	String found in binary or memory: https://optiturn.com/?
Source: a0a94bbe1c33ff23_0.266.dr	String found in binary or memory: https://optiturn.com/i
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: a0a94bbe1c33ff23_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/application-mobile-c8b0069e758f0bcce97f62ce5be9b20c.js
Source: f6a4b760a9c11ff3_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/jquery-1.12.2.min-fixed.js
Source: b542690c1b3a7038_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/optoro-kite-logo-gray.svg
Source: eea7151f88f29c03_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css.reveal-if-acti
Source: 55278cefcf389f81_0.266.dr, 0be797289528155c_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/sessions/new-2e9c6041dec9b53028870dc87a91c0c3.js
Source: 9e8725181fa08ea9_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/images/mobile-optiturn-logo-2x.png
Source: 2dfde53b7dad7403_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/images/spinner.gifGIF89ax
Source: 63fcd95fbcfe52d8_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/session/new?mobile=1
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=datasaver
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://tagassistant.google.com/
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://td.doubleclick.net
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: https://www.apple.com/appleca/0
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629709824032768
Source: d90671bec5e9eb37_0.266.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js(function()
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.google.com
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.googleadservices.com
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.googletagmanager.com
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-1ZXEF3YNKF&cx=c&_slc=1
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 49406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49417
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49416
Source: unknown	Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49370
Source: unknown	Network traffic detected: HTTP traffic on port 49371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49408
Source: unknown	Network traffic detected: HTTP traffic on port 49360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49327
Source: unknown	Network traffic detected: HTTP traffic on port 49364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49404
Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49364
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49360
Source: unknown	Network traffic detected: HTTP traffic on port 49363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 49405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 49416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Writes from socket in process: data	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Writes from socket in process: data	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Writes from socket in process: data	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Writes from socket in process: data	Jump to behavior

Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.193.20:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49419 version: TLS 1.2

Writes HTML files containing JavaScript to disk

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

HTML file containing JavaScript created: /Users/bernard/Library/Application Support/ot-test-app/Cache/63fcd95fbcfe52d8_0

Jump to dropped file

Source: classification engine

Classification label: clean3.macZIP@0/41@5/0

Source: extracted file from submission: ot-test-app.app/Contents/MacOS/ot-test-app

Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Source: extracted file from submission: ot-test-app.app/Contents/MacOS/ot-test-app

Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: extracted file from submission: ot-test-app.app/Contents/MacOS/ot-test-app

Mach-O header: load_dylib -> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Random device file read: /dev/urandom	Jump to behavior
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 661)	Random device file read: /dev/random	Jump to behavior

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

App bundle contains hidden files/directories

Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/.gitignore
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/dist/.renderer-index-template.html
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/@optoro/otis/src/otis/elements/.keep
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.coveralls.yml
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.eslintrc
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.npmignore
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.travis.yml
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.eslintrc
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.jsfmtrc
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.npmignore
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.travis.yml
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/jquery/src/.eslintrc.json

Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	Binary or memory string: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAFwklEQVR4XuVb208cVRgftYm+eYkv3hofjMY3fdPEGB/8E4wmJkoL0pLWWIha8GnbIixFWrvEitxauRQpsLDLZUHALnR3Z8ultaa4zOyKxoTEB6NpKrNnZ84wx/Ptw6SlLOzlnNmZcJJfstmZPXN+33znfNcVeA5CyAOhNbI/KunviTJ2i7LuE+P6zbCs/SVKGgpL2iYAPsN3cA3uicRxvZjQ311MGM8JDhtA+sGIrL1JSTSLcbxGSZGCIOHf6DyeqKS9AXPblri4YjwRies1lPjvmciwEAZ9RnXoT/K4bYgvS+RJSrqRqrICBKxAOK5tiDJuAKEXjXgwSPbRt3GMEr8NBIoCWftXlPWPBwh5yFLyUdl4mRJYoiB2AH0R18KrxkuWkKcPK4VTGwjYCektKOslXFVelPF5IGBngPVhviWCf5BHREkfAwJOAPgSsGZm5COSPm0ScI4QpmDtBau9+eadiZGCtoO5550MGZ/Lj3xcLzMJOByRhP5Bznaer6mz3kQuxIwXs9/3/J0c6yHp0azMI7i3PAkEf8Wk66pGzoyr5NRwCpD+3B3SyBy9xtljPLJrYMPLt59dwcQ9qpIDrUnyYcv2OEivNdB7rqxgXkHUPztGkhDV8SB/OaqR8nYEJLPC4Q5EBq5hXp5iXcZ4nkdI2xfRyIHvgFhugN/0iRoHIWj/UQfpse32fg1r8oGbmJSZKp87ytqSJPAL5uElfn5fGotHJqemHwGRgvBFP+JgFnHinvQa5PBYkx9ewkCACXxLmL0QEtrrdx9+zawfcHpUZSaAxjGVvUmU8VkzdW1mbxmisgcxE0BVD+JgEbAkwIC8PQ9zU9rGgrx5GPLxC1aNpwUoWvCYvCSj6cvLJPLyCd6BkNfNY/JDHey2wKFOxMk9xrUCpI94TF79AzsB1FxGvGIDrwD1OB6TfzPNzgp8O63yihBvCFCU5DH5zC1MDjI4ByBAmuUXHK0LPBMfZyYK14KzkyrPRElSgPI0rweEJB1seN7kP+1FdJFcM0WbXAUAmKVb4ZOu3IVQ2Y1M1ecqACtyf5DpOTmcypo8ZInmYtiSXKF5CFoB7yImrqEUHGz3kQbP8QS95s0Q+PA6BE0zaCVgX/uXMSQ80vBfx+nvirCO66YjtCch6UMQCtfvRfKmKwzdWHuRvBkMQSvaXhXAfMx4SoAB3VeWSFzWyfQtnE5x9Ysa6Qmlkf48sozT7nPEMguAY3cVQrGHOVmK8Z8xab+iknpfilT1IjB/Wfn+cG+dP0XagyqZuMHLLOImUwDQhMjqDUMRxE0XX3GBXThc0YnonCoZiGJ4Bhs3Pa69dk9aHPKChbi7nikVFgoEuAIE2/yjSn4qwE0OyzgOudCthZHqnF3cGIaIz1RtKwGeI0SK86t5aepnwtYBRUPowMySPKijqebFxJGLiAwu5KIN2p3lNfJoppaYhizIw8FmJj3tAFhL55yatfOzY8MztJ/uRL47rJESIGAzwJouRbRdLJP2t1kYzQTovd2puaHczPbaD1BWn4vtWBQ9LOw2oI0kHNcXMqg+ELAxMm8Fyimc9f8NoPEY8mVbJgH7bncBQE1y254AMWG8kGOPoF6ydSKX1/4COOVNbacB7+fZGY6bHS8AcHnzHXAeQMLEsQKQ9UHY94V3isv6lMMEAMFYIBA3HmbWMQ6Nx04RALx5JuS3bgdqBa7aXQANfiXI9T9Ebl/qfFnrhmE34rCm0/6kR7BiNE/ityt7lDt2IV/Vm7z99Qx+S7ByuAjZV+dDfeVtxdOG8g5l80tfqttU+WKgZRI97/KiMKigdequGCeH0bwnaDwr2GWcm0nurx1Rx45e3NB4ET96QVFrh5P+llnjGVv/ebppQv3INYSWYcEFk/5eSbkG0WJTAJWaaSwnwRNQX20YRU0nhlDoeF9qvbI7qVR0KHppqwKJjDTgM3x3rEtRjl9C63Cvewx91TiuvsKbwP/OVp2D40M/7QAAAABJRU5ErkJggg==) 1x,
Source: ot-test-app, 00000625.00000266.1.000000010c2a4000.000000010c2aa000.r--.sdmp	Binary or memory string: framework.vmnet
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	Binary or memory string: <img id="offline-resources-1x" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNEAAABEBAMAAABdZr6uAAAAGFBMVEUAAAD////a2tr/9/e6urpTU1P39/e5ubkY2m5RAAAAAXRSTlMAQObYZgAACRdJREFUeAHt3cFuo0gQBuDCvWiu1IG7lSdAQtxzmAcAWbVvkJzntq+/cfPDFHGB29gdcNK/Zj3tKgIJ+bYBJ2boeyUlJSUl40kKCsnh5UiBYWuTGHARUkDquhrHrq7pagOxGy8vL8ujqwvQkFciyqU9P7ZEItKSfMQXc/80l34kJIJFcqFcsNxt4TExqxFSyiQdXQl2czA1tjZZ9J6kCyggTuREQxqR6moDsRv4/NdKo8NUGkB5VAJB8OXhQVquRj9NWiafUlzd+uHo9zoFhYWNTXYD8iKoACqjFSfQtdRwNSHTBsgcL0bnQNEQ1UBHj7Q0grReENE4k1H/xDe8r3YcCVHe3g5NEI5bRQR54JSGdNe2fsC3I560AoVsrTTUqwVphjmtCLE6n9fxz2+iiRvBSFppMYmRz3nUhktL0m46VWMRtqQVgJUR8adC1kFaWfjCOmkOI0savBhTGkYBkxph9Psjr8pN/vfA2epj5nDapmrrpMkYjl8lGRNNmr11JQ27ep20rAOsssiEp4XSF/xJWl9YAFVXq6Qd6T5pGBtzmkcGadRfJkCa7/rBvdL4Bj18S5UtacwPlfbvnDRCmT8fNI5AhyWZrDCz+lglrZTCb5vPw25a0NJ8YV6ak1OANFejgUDXJbQjRirgZVE7YPSqpMHS4EswGhegXNX2Jq3sLGmoPkzaW6C0w9F8sSOCtOKKNBSrJWkOH1pFl9bCDaa0QVoupjQ0tjt6bijtPeToiR2ucpw9RqJ8Sa2AtGwqTRVwOH2AtKbCCA2DF0aQhpEKdC1cHrz2J/stpLWkLkAvpOnG1tI2OHq+f+QN2hakYT7TeTneKi3rIK0slLRpgX2B75bm5GRKO9Ld0tSk9oeI8un5l4i0HhSJ4AHEziM8w+tpP+iK4IPYOR9/vV2RRpc5YjlLGguk6ebUEaShcF1aXf0F5SpIQ2Mbab/oz69AaUna+zCnvS9JOxxfDGuHL5XW0wGo5lRBGhqKoC3N1RfQjhhBGkY6kKZe1tXUMKdFyLeUhiPnv4vSXojsbwQWY3uf4PE+aXgxw8sariQdnk8aIDgjrZHq8dJ+/Uc3JEl7uyptLvdLk2vSnFcyyqpsabphSjsPHi7tv4/8oclxUKTFKBf/H8Z6mbG0uCTGxl71ub+6gTSZl8Y+16AJ97ko4697pGlQtXJT2Y1FaXBivrBxxGgaOpgveeADMacFSkvSZDtp2ZNLw7Wn9pPLOJT8rxmaBrrM8cUy7+/WDwiZY1R1lLMI0uytL0DT4cUypImazajU0jDEo6yV5qqvkuavPS0bkCZJ2rbSugywCsoGWCiM0sr10hrPqv6qOS26tHfx0jJWhxkiFo5SJSFEK/MtK1hDcas0e+vz4T4yBM/JLI/SCkjrxt+R46EwSCv6+hpptf8j8hXSxp97SvAZl20yN5bEmncqLeMhhSGNx2worWPqpXExSOvGwiiNGLPeemkVVfGlLemiNr8+pxlXB6TKLUEacznuTCI4iVAl9aUoaX2bFS81LDvmQtljU9oYSDO3jtx7EMXJGSayggjDYigoaYRZb0lavSTtRO7kpdXxpL2+vv5QaeOHScespSGCMOufRvm8xZeGCQxbHqV1PBQAb5TGxbI0H1vaqa4IL7JJPGn//O5xzJ1xBUojkdaURiJnaYLvHQIncaokYrzCwaIWBq/JsFP2xJQm70iPwNx6ODXgnC2rszMlTRdKLa2gBWluWRpRfGn+d26JRMTWFfB6GgJoekkQlp1KK2UcG9JkDKRNE19axj0s4nIqDQWQkxBp1ARIoyb+nBZf2uR7x3ASqUoioqDRKO0iXamkXYSXpVlbD5eGsF3n4PdG+dJ1aW5ZmvNzGhaKeJ4WOzGlJWlFiDRqFqU1H43q/CBRrz2/Rhqiz+cjVUkmoT4wYaZjk1qANBXmYGn2R7AqB0vrWBWGS8waoGrpHyoih4YpzcmpkVpOrq6j/YQ9SXt2aTSRhgDTMCZCEw0QvJBG5AabEaTRBtLIhyNVLWnL1Loi4/JuaRQWnn2ZlxGi+6VVTo0hTTegzpAGm1tIS9LsuyXsThqcgEqjxl4anrhGc7SlVRHeRxA9BgmOXCVTmk0N0miBGs/dAYbXSQtYdp00aAIVB2d1BWmqgRaGWhoa30Max66SCW29NPOuVsbWt5cGRHWtJzGkUQ0QxFBLQyPCu/A2oMbRq2RKM6l1cGNTYx+aC6+UxhRJGtX13zfb4UqSENUAQQyVtKjvYU/S9iYt/l2tFMHm+0gzru3jV0lDs6jh5VoMCqLP1JjHQdhX9XhpxFwMB+6wwop7DblaSwu7AwyGGhpILdwBZhtpSVq8rLqrFa4Wot3VahNqzHGriAHNa5q+tNGnQFdTY2Ik9KsKDQvTzqThdC3anfp+sDTmsuM5aR2z8I+S5pt1Ffnuo/GjjlwswhxaZRzYdJWD1gBqdCmtxC8IeWkGG2w1WI7aenCY9ifNNVKpRoQ7Kv8saRlDWpGVWLe51TA6OJ3D1gV5TmmkpUW6S3z86DNhFg6v4sA2pRa4hl7ZpTR/f4uC5qQxETM4r/uq4ie+tAj5YdIoG6VN1o1AWh9K0p5XGuMhrGqEmUPXQEKWNGYuu4LmpAHYTdKYkrTZJGmILS08Iknabo+ewqFVO4FrIBE8GAfQInDVK7+q7aU5DapabFjSKtp7krScto1zHlTjrVT972qfLhrk0DCkofHMGd8ZHlo1s7SGgOAMbWHV4RExtr5xmkbGqcudBDOUbvQE0XBamm7ET5L23HGu/khFAHXOpwYIwldFbnwXnmqEJCXFaStNpRuK4Lnh8M9+NpWrdSMoKS
Source: ot-test-app, 00000625.00000266.1.000000010c2a4000.000000010c2aa000.r--.sdmp	Binary or memory string: framework.vmnet$
Source: ot-test-app, 00000625.00000266.1.000000010be23000.000000010c0a5000.r-x.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

Sysctl read request: kern.safeboot (1.66)

Jump to behavior

Reads hardware related sysctl values

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior

Reads process information of other processes

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.proc.pid (1.14.1) only found for 1.14.1.628 -> queries PID 628			Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.proc.pid (1.14.1) only found for 1.14.1.629 -> queries PID 629			Jump to behavior

Reads the systems OS release and/or type

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior

Reads the systems hostname

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl requested: kern.hostname (1.10)	Jump to behavior

Source: /usr/bin/open (PID: 621)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/open (PID: 624)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.3.6	unknown	United States	54113	FASTLYUS	false
34.120.41.26	sandbox.optiturn.com	United States	15169	GOOGLEUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false
143.244.49.177	honeybadger-js.b-cdn.net	United States	174	COGENT-174US	false

Contacted Domains

Name	IP	Active
honeybadger-js.b-cdn.net	143.244.49.177	true
apis.apple.map.fastly.net	151.101.131.6	true
sandbox.optiturn.com	34.120.41.26	true
js.honeybadger.io	unknown	unknown
updates.cdn-apple.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.css	false	high
https://sandbox.optiturn.com/assets/optoro-kite-logo-gray.svg	false	high
https://sandbox.optiturn.com/session/new?mobile=1	false	high
https://sandbox.optiturn.com/assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css	false	high
https://sandbox.optiturn.com/assets/sessions/new-2e9c6041dec9b53028870dc87a91c0c3.js	false	high
https://sandbox.optiturn.com/images/spinner.gif	false	high
https://sandbox.optiturn.com/images/mobile-optiturn-logo-2x.png	false	high
https://sandbox.optiturn.com/assets/jquery-1.12.2.min-fixed.js	false	high
https://js.honeybadger.io/v6.5/honeybadger.min.js	false	high
https://sandbox.optiturn.com/assets/application-mobile-c8b0069e758f0bcce97f62ce5be9b20c.js	false	high

Name	Type	MD5	SHA1	SHA256
/Users/bernard/Library/Application Support/ot-test-app/.com.electron.ot-test-app.qSVAxM	JSON data	78BFCECB05ED1904EDCE3B60CB5C7E62	BF77A7461DE9D41D12AA88FBA056BA758793D9CE	C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
/Users/bernard/Library/Application Support/ot-test-app/000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
/Users/bernard/Library/Application Support/ot-test-app/000002.dbtmp	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
/Users/bernard/Library/Application Support/ot-test-app/Cache/0be797289528155c_0	data	7DD3B13A79886C86DA85B3DEACC606BA	4C0342F040659EE77AD1956F417542F868963487	E0376608158347143004AEE3FDA95273D8AF866D01077687089DADFD1BE133A2
/Users/bernard/Library/Application Support/ot-test-app/Cache/2940195bd9870d6e_0	data	9F51611BA3EF583AD06F57F8B0E1272E	747F82E23D7A0FF9C13856569C8D9098DB2E24C8	45F073743CB2253E8856B889232C88FD75EB2841089BCAD2CA9DCD47EF868C95
/Users/bernard/Library/Application Support/ot-test-app/Cache/2dfde53b7dad7403_0	data	A798296F84DAB3F6CC16E444868FAD0B	46015DEF6F305AACE0F5A30998185F51ADC43E91	AB088D46801F8AD95CC627282C20A1843A23C81D2E61ECA116C70C84C0376852
/Users/bernard/Library/Application Support/ot-test-app/Cache/2f577e369a332ade_0	data	3212F74C5BAA85CA238144CCBA180E98	B84BB32CE44A22058DBADD80D19AD2B8E3A0EC0F	E70DCD9251F4B5846E7A23EBAFEB3458D91A3A69EA9BF37C1CD0CE7F7CA3D6AA
/Users/bernard/Library/Application Support/ot-test-app/Cache/478ad7214b5adf30_0	data	42EF25DAB6983E46187B7C7396B7E596	9C305907096252E172EC3D0B7886D7C3E08D417E	C7FC65610BF391F5D758638143859032F1D6C670ED38FA474B7D5160F5537187
/Users/bernard/Library/Application Support/ot-test-app/Cache/62577db59fc9ecfa_0	data	0BDD4B11DB0C24911B3D8227566DB62D	0C2D686530FC9127933FC914A650AB390130712A	53AB9EC95BA0F41A8DC2D91E87935CAF24156E54688CF5938BD5A1AE01EE7AE2
/Users/bernard/Library/Application Support/ot-test-app/Cache/63fcd95fbcfe52d8_0	data	69DEA866911DA7064DD402C965C0D104	351315FF1AFD1A6D810CA69222652AD88F690BC3	4A6E0F28D084E9528B6F364E9B64F3FFFC86373E5565167DF73769E2039794B2
/Users/bernard/Library/Application Support/ot-test-app/Cache/64a158b52d8d7f13_0	data	3F13A14703AC382949C0A7F730C1DC1E	FD8D71F017756DEA1CCC769916BACB993D2FFA0B	FA25EDFB247E2CCB56CAEBBEAC446695716DE8D50A2517739EA9E9E826DCFF9B
/Users/bernard/Library/Application Support/ot-test-app/Cache/72153b705d2b0ca1_0	data	140D05B4F9C61911BB5AD87152DF89E8	8B34DDC76C4A0B35A2308156E51A725F94432638	E36AE3748D05F0243626F68857E09374302AD1F10328F58A68E0FB2C5EB4BC9D
/Users/bernard/Library/Application Support/ot-test-app/Cache/9e8725181fa08ea9_0	data	AF529F214C6D2F01FA85ECF3E44C6025	2C940CE3CCF772B9D198592B1493EF0377A76A78	FEF17816FF57F9D0604B5E32FF94B8635264A5FAE90510EDD6F297B2AA98EF2A
/Users/bernard/Library/Application Support/ot-test-app/Cache/a8afd1f866157e03_0	data	02CABF8F83D803B87187DE23ED98506B	1E116E8874E48FBCE72A7C31E5EB5348DF60B824	C746F4E2AF1E6052C5D0F4D93B283D6CFAC8C6ECC7DD4F7A06EBEA611D290616
/Users/bernard/Library/Application Support/ot-test-app/Cache/b542690c1b3a7038_0	data	E8F0EFE666E2249EBC8443EA6F25158C	3683326487901954CDB60C2FED7F5C8D1280E4BB	AA6F73399D36AF77277824CCBC420BD3F92A109FD68DB09B5258ADDE5D9B3F44
/Users/bernard/Library/Application Support/ot-test-app/Cache/eea7151f88f29c03_0	data	0C169C2CC287CFA68DED4574768BC0F7	6855F65E32C6E0CFF3D91DBC368A57AD0327495C	E21B582462DE171C58EE408931156B252611A959386183A04D0994887078EEDD
/Users/bernard/Library/Application Support/ot-test-app/Cache/fb27a8b3cedb4d00_0	data	125A60AC437BDA60FCBF66D57EE9FF8F	E144F390B3AE929C1E0E3251673C527C3FF79F9E	DB33E2B3BDE72E29B4C0D8B514CF42DD60EBE78D332F4144042596B44473FDDE
/Users/bernard/Library/Application Support/ot-test-app/Cache/fbcc112b005136fb_0	data	9B9292F19CD9730B5916E090742393C8	374B25E505CBDC9A0D9800DE4794006C0785A68F	FB8F6F74794F53D319D02E8671AB802D2F710DEEE3348FCF9F11A0FA3A35CE02
/Users/bernard/Library/Application Support/ot-test-app/Cache/index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
/Users/bernard/Library/Application Support/ot-test-app/Cache/index-dir/temp-index	data	9D1D6D45548BDE19BAE3E215CCA16469	130AB88AB8E51045394C8E14463E003D88D81F3F	A28260B2DBF211C5CE53D3FBE383EE108659B24D8D0B52712BF846EC3F8F1198
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/402c5ed80cf90429_0	data	4E6FD7F35EEBAA484E0D862CB6677B4B	E01F09C070D83C80C7ADD20C614D74BB1273DD8A	F505BC3B6FF48BFFC533D384E4867845CFD3BC1FC29642FCBFB455D82DEAC3E3
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/55278cefcf389f81_0	data	899C5B856771DE746044C705E81FFF05	5446330B68AED417C4BE328E45BA67E395F8F1FF	C2D7B2F7FB54CE5E7345C380FE39FD6E79DED7D310E80AFD1E86AC07DBF07D83
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/a0a94bbe1c33ff23_0	data	50BC03A570888F8D838BE81A18561C9E	3983DCE6EC1B63AAB2E2BE436C1773300C8AF756	D250BBD634198980DE97FF5582CD3322087B48D3F0B544FAE44659B43CF603A9
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/d90671bec5e9eb37_0	data	C5ACA62D3327C7487525A0CEC49729E0	F51C3028149E6B9370BEE7D8E8ED6FCF5E3EF280	70E17B7B3673246E27B14E78E4F2B3E0C35CECB56D679334268A423FFB381D45
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/da20b6cbeff987ad_0	data	E6D2736249902C27E14CDE85896D36CF	F290505BC26949E4D80B7B111331A818C9B327A4	03AC0C31CA6D849B8DBD8B265E6ED8902FA7997D4129A80C3B0EA8FB585CD082
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/f6a4b760a9c11ff3_0	data	905666A92589D3875EDD678494AFA352	77A0DC62F92087816A4A0919CEA41DAD2BBAFAAF	0E60524D336F88618CFBB99615AE43684F3E32DF376E1E273888964C67A330A5
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
/Users/bernard/Library/Application Support/ot-test-app/Code Cache/js/index-dir/temp-index	data	9FCFBDBA0C6DC4BF23BDF8D133363307	FA74BCFA5AB94B6C5BC2DF3ADA789C99066F97AA	2A7039A5A43920EF7679873477DF88EBFC514674EA674BCC56301BA2B5D41B07
/Users/bernard/Library/Application Support/ot-test-app/Cookies	SQLite 3.x database, last written using SQLite version 3027001, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1	AEA890F7029CB449F58D22006D8CA275	FEA547525BEFBFEDC5F539F53E0BAECC849E8064	FA83DB868B2BB69A05744C011B88D88A0593380ECB7CD0C6DB396499410341C6
/Users/bernard/Library/Application Support/ot-test-app/Cookies-journal	data	79AFEA6B0F5E471847DD365031944ED2	5A833EE7E3A90DE61E1CD527864130510AAB1683	F5EDE7C9FDC84375015BBA473C89CD1BB6BC8398695C58E0A40E2C8D13AB0A6D
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_1	data	16C8E059885DEB6902766CB6CD8EDAAE	EEC7CA81A9B975BD6A396A75A8363437C55BE779	AC13860C69F1AC63FEAB5E926599A8E99D5552300EC097EB755D11768F427A03
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
/Users/bernard/Library/Application Support/ot-test-app/GPUCache/index	data	AB62B3EA277FD9252832BB4004CC773C	5951CF8720B0EF5ED78F17C9C5701A489FA11554	976D22932B19DFA0DEC5ABF404F783EA3C6B1B26111F96E2BF9EE19136E735B4
/Users/bernard/Library/Application Support/ot-test-app/LOG	ASCII text	A95274A6B01E2BACDC47ED22916C8AD6	E83B86BEE76995775E92BB477C3F6662611E25FD	12703611FE60F4A08A140208AC35472023865F78B059B984EB31814266E522A9
/Users/bernard/Library/Application Support/ot-test-app/MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
/Users/bernard/Library/Application Support/ot-test-app/MANIFEST-000002	MPEG-4 LOAS	22BF0E81636B1B45051B138F48B3D148	56755D203579AB356E5620CE7E85519AD69D614A	E292F241DAAFC3DF90F3E2D339C61C6E2787A0D0739AAC764E1EA9BB8544EE97
/dev/null	ASCII text	52DA13081F282F1DA83FCE71D6899BAC	15FD2AE9EA01B934FA85C01DB540164883446139	D1B7A6F55380B53AF3C70B371AA8A269D2E75628758ADBA36E50991C026D97F7
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsDirectory.db_	Mac OS X Keychain File	0E4A0D1CEB2AF6F0F8D0167CE77BE2D3	414BA4C1DC5FC8BF53D550E296FD6F5AD669918C	CCA093BCFC65E25DD77C849866E110DF72526DFFBE29D76E11E29C7D888A4030
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/mds/mdsObject.db_	Mac OS X Keychain File	D3A1859E6EC593505CC882E6DEF48FC8	F8E6728E3E9DE477A75706FAA95CEAD9CE13CB32	3EBAFA97782204A4A1D75CFEC22E15FCDEAB45B65BAB3B3E65508707E034A16C

Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.193.20:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49419 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.16
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.17
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.193.20
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /session/new?mobile=1 HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: global traffic	HTTP traffic detected: GET /assets/application-mobile-7ad2940818d75a843437e99a696611a0.css HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: text/css,/;q=0.1Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: text/css,/;q=0.1Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/sessions/new-2e9c6041dec9b53028870dc87a91c0c3.js HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/jquery-1.12.2.min-fixed.js HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /assets/application-mobile-c8b0069e758f0bcce97f62ce5be9b20c.js HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/session/new?mobile=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /v6.5/honeybadger.min.js HTTP/1.1Host: js.honeybadger.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: /Referer: https://sandbox.optiturn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: global traffic	HTTP traffic detected: GET /assets/optoro-kite-logo-gray.svg HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: image/webp,image/apng,image/,/*;q=0.8Referer: https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /images/spinner.gif HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: image/webp,image/apng,image/,/*;q=0.8Referer: https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903
Source: global traffic	HTTP traffic detected: GET /images/mobile-optiturn-logo-2x.png HTTP/1.1Host: sandbox.optiturn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) ot-test-app/1.0.1 Chrome/73.0.3683.121 Electron/5.0.6 Safari/537.36Accept: image/webp,image/apng,image/,/*;q=0.8Referer: https://sandbox.optiturn.com/assets/application-mobile-7ad2940818d75a843437e99a696611a0.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GBCookie: _inventory_session=a1edacd959b06521fb3a0cdc25eb8903

Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: var url = 'http://www.youtube.com/embed/' + equals www.youtube.com (Youtube)
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: return b}vC.H="internal.enableAutoEventOnTimer";var dc=ia(["data-gtm-yt-inspected-"]),xC=["www.youtube.com","www.youtube-nocookie.com"],yC,zC=!1; equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: sandbox.optiturn.com

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

Reads from socket in process: data

Jump to behavior

Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://127.0.0.1
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://bassistance.de/jquery-plugins/jquery-plugin-validation/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://crbug.com/26312
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://creativecommons.org/ns#
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: http://crl.apple.com/codesigning.crl0
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://docs.jquery.com/Plugins/Validation
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Article
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/BlogPosting
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Corporation
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/EducationalOrganization
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/GovernmentOrganization
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/ImageObject
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/NGO
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/NewsArticle
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Organization
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/Person
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/ScholarlyArticle
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://schema.org/TechArticle
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp, Info.plist	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: http://www.apple.com/appleca/root.crl0
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: http://www.apple.com/certificateauthority0
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.html5rocks.com/en/tutorials/canvas/hidpi/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.inkscape.org/)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: fbcc112b005136fb_0.266.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: ot-test-app, 00000625.00000266.1.000000010dc91000.000000010e66b000.r--.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: http://www.youtube.com/embed/
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=559258
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=28885
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://chromedevtools.github.io/devtools-protocol/tot/$
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://crbug.com/740629)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://crbug.com/852872):
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developer.chrome.com/devtools/docs/remote-debugging#port-forwarding
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/chrome-developer-tools/docs/remote-debugging
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/accessibility/accessible-styles#color_and_contrast
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/engage-and-retain/web-app-manifest/?utm_source=devtoo
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/performance/rendering/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/fundamentals/performance/user-centric-performance-metrics#user-cen
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/evaluate-performance/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/progressive-web-apps#opaque-responses
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/chrome-devtools/sources?utm_source=devtools&utm_campaign=201
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/lighthouse/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://developers.google.com/web/tools/lighthouse/)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLSchz2FdcQ-rRllzl8BbhWaTRRY-12BpPjW6Hr9e1-BpCA083w/viewform
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto&display=swap/
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2)
Source: 64a158b52d8d7f13_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2wOF2
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu0SC55K5gw.woff2)
Source: 72153b705d2b0ca1_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu0SC55K5gw.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKKTU1Kvnz.woff2)
Source: 2f577e369a332ade_0.266.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKKTU1Kvnz.woff2)
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/GoogleChrome/devtools-docs/issues/53
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/GoogleChrome/lighthouse/issues/new?
Source: ot-test-app, 00000625.00000266.1.000000010bcdd000.000000010bcf9000.r-x.sdmp	String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac/issues/182
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/WICG/webpackage
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/544
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://goo.gl/ZcZixP
Source: 402c5ed80cf90429_0.266.dr, 63fcd95fbcfe52d8_0.266.dr	String found in binary or memory: https://js.honeybadger.io/v6.5/honeybadger.min.js
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://nodejs.org/en/docs/inspector/
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://nodejs.org/static/images/logos/nodejs-new-pantone-black.png
Source: 402c5ed80cf90429_0.266.dr, f6a4b760a9c11ff3_0.266.dr, da20b6cbeff987ad_0.266.dr, d90671bec5e9eb37_0.266.dr	String found in binary or memory: https://optiturn.com/
Source: 55278cefcf389f81_0.266.dr	String found in binary or memory: https://optiturn.com/?
Source: a0a94bbe1c33ff23_0.266.dr	String found in binary or memory: https://optiturn.com/i
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: a0a94bbe1c33ff23_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/application-mobile-c8b0069e758f0bcce97f62ce5be9b20c.js
Source: f6a4b760a9c11ff3_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/jquery-1.12.2.min-fixed.js
Source: b542690c1b3a7038_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/optoro-kite-logo-gray.svg
Source: eea7151f88f29c03_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/sessions/new-1b275320ca2943fe0ec5714da5973003.css.reveal-if-acti
Source: 55278cefcf389f81_0.266.dr, 0be797289528155c_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/assets/sessions/new-2e9c6041dec9b53028870dc87a91c0c3.js
Source: 9e8725181fa08ea9_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/images/mobile-optiturn-logo-2x.png
Source: 2dfde53b7dad7403_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/images/spinner.gifGIF89ax
Source: 63fcd95fbcfe52d8_0.266.dr	String found in binary or memory: https://sandbox.optiturn.com/session/new?mobile=1
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=datasaver
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://tagassistant.google.com/
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://td.doubleclick.net
Source: ot-test-app, 00000625.00000266.1.0000000110246000.000000011026f000.r--.sdmp	String found in binary or memory: https://www.apple.com/appleca/0
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629709824032768
Source: d90671bec5e9eb37_0.266.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js(function()
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.google.com
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.googleadservices.com
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.googletagmanager.com
Source: 2940195bd9870d6e_0.266.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-1ZXEF3YNKF&cx=c&_slc=1
Source: a8afd1f866157e03_0.266.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 49406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49417
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49416
Source: unknown	Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49370
Source: unknown	Network traffic detected: HTTP traffic on port 49371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49408
Source: unknown	Network traffic detected: HTTP traffic on port 49360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49327
Source: unknown	Network traffic detected: HTTP traffic on port 49364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49404
Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49367
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49364
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49363
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49362
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49360
Source: unknown	Network traffic detected: HTTP traffic on port 49363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 49405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 49416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Writes from socket in process: data	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Writes from socket in process: data	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Writes from socket in process: data	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Writes from socket in process: data	Jump to behavior

Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.193.20:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49405 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49406 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49407 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49408 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49419 version: TLS 1.2

Writes HTML files containing JavaScript to disk

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

HTML file containing JavaScript created: /Users/bernard/Library/Application Support/ot-test-app/Cache/63fcd95fbcfe52d8_0

Jump to dropped file

Source: classification engine

Classification label: clean3.macZIP@0/41@5/0

Source: extracted file from submission: ot-test-app.app/Contents/MacOS/ot-test-app

Mach-O header: load_dylib -> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

Source: extracted file from submission: ot-test-app.app/Contents/MacOS/ot-test-app

Mach-O header: load_dylib -> /System/Library/Frameworks/Security.framework/Versions/A/Security

Source: extracted file from submission: ot-test-app.app/Contents/MacOS/ot-test-app

Mach-O header: load_dylib -> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Random device file read: /dev/urandom	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Random device file read: /dev/urandom	Jump to behavior
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 661)	Random device file read: /dev/random	Jump to behavior

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

App bundle contains hidden files/directories

Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/.gitignore
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/dist/.renderer-index-template.html
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/@optoro/otis/src/otis/elements/.keep
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.coveralls.yml
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.eslintrc
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.npmignore
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/debug/.travis.yml
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.eslintrc
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.jsfmtrc
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.npmignore
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/electron-squirrel-startup/.travis.yml
Source: archive file from ZIP submission	Hidden file : ot-test-app.app/Contents/Resources/app/node_modules/jquery/src/.eslintrc.json

Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	Binary or memory string: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAFwklEQVR4XuVb208cVRgftYm+eYkv3hofjMY3fdPEGB/8E4wmJkoL0pLWWIha8GnbIixFWrvEitxauRQpsLDLZUHALnR3Z8ultaa4zOyKxoTEB6NpKrNnZ84wx/Ptw6SlLOzlnNmZcJJfstmZPXN+33znfNcVeA5CyAOhNbI/KunviTJ2i7LuE+P6zbCs/SVKGgpL2iYAPsN3cA3uicRxvZjQ311MGM8JDhtA+sGIrL1JSTSLcbxGSZGCIOHf6DyeqKS9AXPblri4YjwRies1lPjvmciwEAZ9RnXoT/K4bYgvS+RJSrqRqrICBKxAOK5tiDJuAKEXjXgwSPbRt3GMEr8NBIoCWftXlPWPBwh5yFLyUdl4mRJYoiB2AH0R18KrxkuWkKcPK4VTGwjYCektKOslXFVelPF5IGBngPVhviWCf5BHREkfAwJOAPgSsGZm5COSPm0ScI4QpmDtBau9+eadiZGCtoO5550MGZ/Lj3xcLzMJOByRhP5Bznaer6mz3kQuxIwXs9/3/J0c6yHp0azMI7i3PAkEf8Wk66pGzoyr5NRwCpD+3B3SyBy9xtljPLJrYMPLt59dwcQ9qpIDrUnyYcv2OEivNdB7rqxgXkHUPztGkhDV8SB/OaqR8nYEJLPC4Q5EBq5hXp5iXcZ4nkdI2xfRyIHvgFhugN/0iRoHIWj/UQfpse32fg1r8oGbmJSZKp87ytqSJPAL5uElfn5fGotHJqemHwGRgvBFP+JgFnHinvQa5PBYkx9ewkCACXxLmL0QEtrrdx9+zawfcHpUZSaAxjGVvUmU8VkzdW1mbxmisgcxE0BVD+JgEbAkwIC8PQ9zU9rGgrx5GPLxC1aNpwUoWvCYvCSj6cvLJPLyCd6BkNfNY/JDHey2wKFOxMk9xrUCpI94TF79AzsB1FxGvGIDrwD1OB6TfzPNzgp8O63yihBvCFCU5DH5zC1MDjI4ByBAmuUXHK0LPBMfZyYK14KzkyrPRElSgPI0rweEJB1seN7kP+1FdJFcM0WbXAUAmKVb4ZOu3IVQ2Y1M1ecqACtyf5DpOTmcypo8ZInmYtiSXKF5CFoB7yImrqEUHGz3kQbP8QS95s0Q+PA6BE0zaCVgX/uXMSQ80vBfx+nvirCO66YjtCch6UMQCtfvRfKmKwzdWHuRvBkMQSvaXhXAfMx4SoAB3VeWSFzWyfQtnE5x9Ysa6Qmlkf48sozT7nPEMguAY3cVQrGHOVmK8Z8xab+iknpfilT1IjB/Wfn+cG+dP0XagyqZuMHLLOImUwDQhMjqDUMRxE0XX3GBXThc0YnonCoZiGJ4Bhs3Pa69dk9aHPKChbi7nikVFgoEuAIE2/yjSn4qwE0OyzgOudCthZHqnF3cGIaIz1RtKwGeI0SK86t5aepnwtYBRUPowMySPKijqebFxJGLiAwu5KIN2p3lNfJoppaYhizIw8FmJj3tAFhL55yatfOzY8MztJ/uRL47rJESIGAzwJouRbRdLJP2t1kYzQTovd2puaHczPbaD1BWn4vtWBQ9LOw2oI0kHNcXMqg+ELAxMm8Fyimc9f8NoPEY8mVbJgH7bncBQE1y254AMWG8kGOPoF6ydSKX1/4COOVNbacB7+fZGY6bHS8AcHnzHXAeQMLEsQKQ9UHY94V3isv6lMMEAMFYIBA3HmbWMQ6Nx04RALx5JuS3bgdqBa7aXQANfiXI9T9Ebl/qfFnrhmE34rCm0/6kR7BiNE/ityt7lDt2IV/Vm7z99Qx+S7ByuAjZV+dDfeVtxdOG8g5l80tfqttU+WKgZRI97/KiMKigdequGCeH0bwnaDwr2GWcm0nurx1Rx45e3NB4ET96QVFrh5P+llnjGVv/ebppQv3INYSWYcEFk/5eSbkG0WJTAJWaaSwnwRNQX20YRU0nhlDoeF9qvbI7qVR0KHppqwKJjDTgM3x3rEtRjl9C63Cvewx91TiuvsKbwP/OVp2D40M/7QAAAABJRU5ErkJggg==) 1x,
Source: ot-test-app, 00000625.00000266.1.000000010c2a4000.000000010c2aa000.r--.sdmp	Binary or memory string: framework.vmnet
Source: ot-test-app, 00000625.00000266.1.000000010f5cb000.000000010fddc000.r--.sdmp	Binary or memory string: <img id="offline-resources-1x" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNEAAABEBAMAAABdZr6uAAAAGFBMVEUAAAD////a2tr/9/e6urpTU1P39/e5ubkY2m5RAAAAAXRSTlMAQObYZgAACRdJREFUeAHt3cFuo0gQBuDCvWiu1IG7lSdAQtxzmAcAWbVvkJzntq+/cfPDFHGB29gdcNK/Zj3tKgIJ+bYBJ2boeyUlJSUl40kKCsnh5UiBYWuTGHARUkDquhrHrq7pagOxGy8vL8ujqwvQkFciyqU9P7ZEItKSfMQXc/80l34kJIJFcqFcsNxt4TExqxFSyiQdXQl2czA1tjZZ9J6kCyggTuREQxqR6moDsRv4/NdKo8NUGkB5VAJB8OXhQVquRj9NWiafUlzd+uHo9zoFhYWNTXYD8iKoACqjFSfQtdRwNSHTBsgcL0bnQNEQ1UBHj7Q0grReENE4k1H/xDe8r3YcCVHe3g5NEI5bRQR54JSGdNe2fsC3I560AoVsrTTUqwVphjmtCLE6n9fxz2+iiRvBSFppMYmRz3nUhktL0m46VWMRtqQVgJUR8adC1kFaWfjCOmkOI0savBhTGkYBkxph9Psjr8pN/vfA2epj5nDapmrrpMkYjl8lGRNNmr11JQ27ep20rAOsssiEp4XSF/xJWl9YAFVXq6Qd6T5pGBtzmkcGadRfJkCa7/rBvdL4Bj18S5UtacwPlfbvnDRCmT8fNI5AhyWZrDCz+lglrZTCb5vPw25a0NJ8YV6ak1OANFejgUDXJbQjRirgZVE7YPSqpMHS4EswGhegXNX2Jq3sLGmoPkzaW6C0w9F8sSOCtOKKNBSrJWkOH1pFl9bCDaa0QVoupjQ0tjt6bijtPeToiR2ucpw9RqJ8Sa2AtGwqTRVwOH2AtKbCCA2DF0aQhpEKdC1cHrz2J/stpLWkLkAvpOnG1tI2OHq+f+QN2hakYT7TeTneKi3rIK0slLRpgX2B75bm5GRKO9Ld0tSk9oeI8un5l4i0HhSJ4AHEziM8w+tpP+iK4IPYOR9/vV2RRpc5YjlLGguk6ebUEaShcF1aXf0F5SpIQ2Mbab/oz69AaUna+zCnvS9JOxxfDGuHL5XW0wGo5lRBGhqKoC3N1RfQjhhBGkY6kKZe1tXUMKdFyLeUhiPnv4vSXojsbwQWY3uf4PE+aXgxw8sariQdnk8aIDgjrZHq8dJ+/Uc3JEl7uyptLvdLk2vSnFcyyqpsabphSjsPHi7tv4/8oclxUKTFKBf/H8Z6mbG0uCTGxl71ub+6gTSZl8Y+16AJ97ko4697pGlQtXJT2Y1FaXBivrBxxGgaOpgveeADMacFSkvSZDtp2ZNLw7Wn9pPLOJT8rxmaBrrM8cUy7+/WDwiZY1R1lLMI0uytL0DT4cUypImazajU0jDEo6yV5qqvkuavPS0bkCZJ2rbSugywCsoGWCiM0sr10hrPqv6qOS26tHfx0jJWhxkiFo5SJSFEK/MtK1hDcas0e+vz4T4yBM/JLI/SCkjrxt+R46EwSCv6+hpptf8j8hXSxp97SvAZl20yN5bEmncqLeMhhSGNx2worWPqpXExSOvGwiiNGLPeemkVVfGlLemiNr8+pxlXB6TKLUEacznuTCI4iVAl9aUoaX2bFS81LDvmQtljU9oYSDO3jtx7EMXJGSayggjDYigoaYRZb0lavSTtRO7kpdXxpL2+vv5QaeOHScespSGCMOufRvm8xZeGCQxbHqV1PBQAb5TGxbI0H1vaqa4IL7JJPGn//O5xzJ1xBUojkdaURiJnaYLvHQIncaokYrzCwaIWBq/JsFP2xJQm70iPwNx6ODXgnC2rszMlTRdKLa2gBWluWRpRfGn+d26JRMTWFfB6GgJoekkQlp1KK2UcG9JkDKRNE19axj0s4nIqDQWQkxBp1ARIoyb+nBZf2uR7x3ASqUoioqDRKO0iXamkXYSXpVlbD5eGsF3n4PdG+dJ1aW5ZmvNzGhaKeJ4WOzGlJWlFiDRqFqU1H43q/CBRrz2/Rhqiz+cjVUkmoT4wYaZjk1qANBXmYGn2R7AqB0vrWBWGS8waoGrpHyoih4YpzcmpkVpOrq6j/YQ9SXt2aTSRhgDTMCZCEw0QvJBG5AabEaTRBtLIhyNVLWnL1Loi4/JuaRQWnn2ZlxGi+6VVTo0hTTegzpAGm1tIS9LsuyXsThqcgEqjxl4anrhGc7SlVRHeRxA9BgmOXCVTmk0N0miBGs/dAYbXSQtYdp00aAIVB2d1BWmqgRaGWhoa30Max66SCW29NPOuVsbWt5cGRHWtJzGkUQ0QxFBLQyPCu/A2oMbRq2RKM6l1cGNTYx+aC6+UxhRJGtX13zfb4UqSENUAQQyVtKjvYU/S9iYt/l2tFMHm+0gzru3jV0lDs6jh5VoMCqLP1JjHQdhX9XhpxFwMB+6wwop7DblaSwu7AwyGGhpILdwBZhtpSVq8rLqrFa4Wot3VahNqzHGriAHNa5q+tNGnQFdTY2Ik9KsKDQvTzqThdC3anfp+sDTmsuM5aR2z8I+S5pt1Ffnuo/GjjlwswhxaZRzYdJWD1gBqdCmtxC8IeWkGG2w1WI7aenCY9ifNNVKpRoQ7Kv8saRlDWpGVWLe51TA6OJ3D1gV5TmmkpUW6S3z86DNhFg6v4sA2pRa4hl7ZpTR/f4uC5qQxETM4r/uq4ie+tAj5YdIoG6VN1o1AWh9K0p5XGuMhrGqEmUPXQEKWNGYuu4LmpAHYTdKYkrTZJGmILS08Iknabo+ewqFVO4FrIBE8GAfQInDVK7+q7aU5DapabFjSKtp7krScto1zHlTjrVT972qfLhrk0DCkofHMGd8ZHlo1s7SGgOAMbWHV4RExtr5xmkbGqcudBDOUbvQE0XBamm7ET5L23HGu/khFAHXOpwYIwldFbnwXnmqEJCXFaStNpRuK4Lnh8M9+NpWrdSMoKS
Source: ot-test-app, 00000625.00000266.1.000000010c2a4000.000000010c2aa000.r--.sdmp	Binary or memory string: framework.vmnet$
Source: ot-test-app, 00000625.00000266.1.000000010be23000.000000010c0a5000.r-x.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)

Sysctl read request: kern.safeboot (1.66)

Jump to behavior

Reads hardware related sysctl values

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl read request: hw.availcpu (6.25)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl read request: hw.ncpu (6.3)	Jump to behavior

Reads process information of other processes

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.proc.pid (1.14.1) only found for 1.14.1.628 -> queries PID 628			Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.proc.pid (1.14.1) only found for 1.14.1.629 -> queries PID 629			Jump to behavior

Reads the systems OS release and/or type

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl requested: kern.ostype (1.1)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl requested: kern.osrelease (1.2)	Jump to behavior

Reads the systems hostname

Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	Sysctl requested: kern.hostname (1.10)	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	Sysctl requested: kern.hostname (1.10)	Jump to behavior

Source: /usr/bin/open (PID: 621)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /usr/bin/open (PID: 624)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/MacOS/ot-test-app (PID: 625)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 627)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 628)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior
Source: /Users/bernard/Desktop/unpack/ot-test-app.app/Contents/Frameworks/ot-test-app Helper.app/Contents/MacOS/ot-test-app Helper (PID: 629)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist	Jump to behavior

ID:	1430400
Product:	CloudBasic
Start time:	16:07:59
Start date:	23.04.2024
Sample:	ot-test-app-darwin-x64-1.0.1.zip
Cookbook:	defaultmacfilecookbook.jbs
System description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Architecture:	MAC
MD5:	a620217c7f0feae15053a8978d56b203
SHA1:	1ed14d9429ffd779a4c7af86677d0784e99b68db
SHA256:	bdee2a21d9ab1d86cd1e3d1e10ddfc8a19e03d241c4ce5911d976283307d5532
Filetype:	Mac OS X Application Bundle (12004/1) 59.99%

macOS Analysis Report
ot-test-app-darwin-x64-1.0.1.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

macOS Analysis Report ot-test-app-darwin-x64-1.0.1.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

macOS Analysis Report
ot-test-app-darwin-x64-1.0.1.zip