macOS
Analysis Report
CorelDRAW
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 1797574 |
Start date and time: | 2022-03-28 12:12:09 +02:00 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 3m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | CorelDRAW |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Mac Mini, Big Sur (Office 2019 16.55, Java 1.8.0_311) |
Run name: | Potential for more IOCs and behavior |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal64.troj.evad.mac@0/14@2/0 |
- Excluded IPs from analysis (whitelisted): 172.217.168.74, 172.217.168.67
- Excluded domains from analysis (whitelisted): oauth2.googleapis.com, ocsp.pki.goog
Command: | /Users/drew/Desktop/CorelDRAW |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: | /Library/LaunchDaemons/com.CorelDRAW.va.plist: Could not find specified service Unload failed: 113: Could not find specified service |
- System is mac-bigsur
- mono-sgen64 New Fork (PID: 1612, Parent: 1569)
- sh New Fork (PID: 1613, Parent: 1612)
- bash New Fork (PID: 1614, Parent: 1613)
- bash New Fork (PID: 1615, Parent: 1613)
- bash New Fork (PID: 1616, Parent: 1613)
- bash New Fork (PID: 1617, Parent: 1613)
- bash New Fork (PID: 1618, Parent: 1613)
- bash New Fork (PID: 1619, Parent: 1613)
- sh New Fork (PID: 1620, Parent: 1612)
- bash New Fork (PID: 1621, Parent: 1620)
- bash New Fork (PID: 1622, Parent: 1620)
- bash New Fork (PID: 1623, Parent: 1620)
- bash New Fork (PID: 1624, Parent: 1620)
- bash New Fork (PID: 1625, Parent: 1620)
- bash New Fork (PID: 1626, Parent: 1620)
- sh New Fork (PID: 1627, Parent: 1612)
- sh New Fork (PID: 1628, Parent: 1612)
- sh New Fork (PID: 1629, Parent: 1612)
- xpcproxy New Fork (PID: 1630, Parent: 1)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GIMMICK | Yara detected GIMMICK | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GIMMICK | Yara detected GIMMICK | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GIMMICK | Yara detected GIMMICK | Joe Security | ||
JoeSecurity_GIMMICK | Yara detected GIMMICK | Joe Security | ||
JoeSecurity_GIMMICK | Yara detected GIMMICK | Joe Security |
Click to jump to signature section
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Classification label: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: | ||
Source: | Mach-O symbol: |
Persistence and Installation Behavior |
---|
Source: | FAT Mach-O written to unusual path: | Jump to dropped file |
Source: | Process image deleted: | Jump to behavior |
Source: | Code Signing Info: |
Source: | Launch agent/daemon unloaded: | Jump to behavior |
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior | ||
Source: | Grep executable: | Jump to behavior |
Source: | Ps executable: | Jump to behavior | ||
Source: | Ps executable: | Jump to behavior |
Source: | Mach-O header: |
Source: | File header: |
Source: | Launch agent/daemon loaded: | Jump to behavior |
Source: | Launch agent/daemon created with StartInterval and/or StartCalendarInterval, file moved: | Jump to behavior |
Source: | CFNetwork info plist opened: | Jump to behavior | ||
Source: | CFNetwork info plist opened: | Jump to behavior |
Source: | Permissions modified for written FAT Mach-O /private/var/root/Library/Preferences/CorelDRAW/CorelDRAW: | Jump to dropped file |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | File written: | Jump to dropped file |
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: |
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: |
Source: | Awk executable: | Jump to behavior | ||
Source: | Awk executable: | Jump to behavior |
Source: | XML plist file created: | Jump to dropped file |
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: |
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: | ||
Source: | Mach-O header: |
Source: | Random device file read: | Jump to behavior |
Source: | Stderr: /Library/LaunchDaemons/com.CorelDRAW.va.plist: Could not find specified serviceUnload failed: 113: Could not find specified service: |
Source: | CodeSign Info: |
Boot Survival |
---|
Source: | Launch daemon created from hidden file: | Jump to behavior |
Source: | Launch daemon created File moved: | Jump to behavior |
Source: | Launch agent/daemon created with KeepAlive and/or RunAtLoad, file moved: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | Sysctl read request: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | System or server version plist file read: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | 1 LC_LOAD_DYLIB Addition | 1 LC_LOAD_DYLIB Addition | 1 Masquerading | 1 GUI Input Capture | 11 Security Software Discovery | Remote Services | 1 GUI Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Scripting | 3 Launch Agent | 3 Launch Agent | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Launchctl | 14 Launch Daemon | 14 Launch Daemon | 1 Scripting | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | 1 Plist Modification | 1 Plist Modification | 1 Hidden Files and Directories | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 11 Invalid Code Signature | LSA Secrets | 21 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 11 Code Signing | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 2 File Deletion | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
pki-goog.l.google.com | 172.217.168.67 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Samplename | Analysis ID | SHA256 | Similarity |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
pki-goog.l.google.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | /Users/drew/Desktop/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 582 |
Entropy (8bit): | 5.131006203834412 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/4o+tJCc4EyfdUdBRECcgVvMVX/C1iXnvT+M6AGJav9svEq7EgJ1AYj6RA7:TMHdgo+tJVEdQiCXFM560vPV6EuC/kn |
MD5: | 93B1FBA1725A0553AE1C33B7E9F507D3 |
SHA1: | 4EAEF620D7C09BAAFA96D6EE7D40CC5C8925FE23 |
SHA-256: | 3FFF484073E2DCB8E724BB6527BCEA19AFEB9408BC179B358B299E369B7B0937 |
SHA-512: | 5D3A52B8B513354409FC1793D89B3CC51863CDCE732A06F3A01C66944DB4832ACB4C9E6DFFC30FF05CB6FB5CA438326BDFF5149ECCC10BE8A8ADB57A728AFF24 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | /bin/cp |
File Type: | |
Category: | dropped |
Size (bytes): | 730896 |
Entropy (8bit): | 5.80386227119502 |
Encrypted: | false |
SSDEEP: | 6144:0RDkTCDC628O+i5Npv56/SfQ7WXIRPeTqiKjBAaIeuLkN04b1Z2O/a0csN2oGA8s:q5o657MOPhKCuo64b//nPpA/OGg2Y5 |
MD5: | 23699799F496B8E872D05F19D2B397F8 |
SHA1: | FE3A3E65B86D2B07654F9A6104C8CB392C88B7E8 |
SHA-256: | 2A9296AC999E78F6C0BEE8ACA8BFA4D4638AA30D9C8CCC65124B1CBFC9CAAB5F |
SHA-512: | F347C47AFE06ED7EF2A71B7E40AC0103F4F33E26250661173775B349BBA7452EA458E5D4137A57B34801556959BCA14093A9F693D59C147061F63F2B78614288 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 576 |
Entropy (8bit): | 7.663922691714716 |
Encrypted: | false |
SSDEEP: | 12:M54V1Uirejq+im9KO11fYPOl+0+vbf9fDqtvpAgWfabNFN+Bk6soqDZaJYJsD:71bK2+RKa1fYP4+0+zf9fDWvpWIzNZ6r |
MD5: | 20134EBEA260D8147E0973D909C5EC76 |
SHA1: | F5F3AF403C8490A928917B96D027D00BF531A2D1 |
SHA-256: | 227DC0ED1D597D9346FA0F2879D3107A85DC56B6F1E072F2D7D6848B7061E169 |
SHA-512: | B9041FA31FC5FE6E96A48FCED220C6EB124ECCAAF31D51947BC9B62E341BDBE3B8DB83EC34EB2D4B2328740A27F3DE7D38A154569293D4D5D32E151BD11B8D91 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 160 |
Entropy (8bit): | 6.837492001110321 |
Encrypted: | false |
SSDEEP: | 3:OZQN+uyps0LmtuzJEg10e0C/zIcqidOE7lcaMjYrr6D/rFz6Q/3iqra7n:2QI9p3Laub1x0C/zI+dOE7bMjyr6D/RC |
MD5: | 21C624CBE49EE68BD5D57F7A70D24829 |
SHA1: | 3ED80F487583C7607E72B5A71072C8E6A56C1FEF |
SHA-256: | 390390FFBE3E23E80B2922A11725DF064CE25AD39F7079166DEE564331CA8C0B |
SHA-512: | 83828EE8490A88859635C08BFC5795E81B8282F8113E62CA9D091CE84C37F384B61D3495653591E0A0912AB099175AF86DF0D8455307589960B4C5E4C8212A98 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 3.719739433770471 |
Encrypted: | false |
SSDEEP: | 3:K9S7IkZnAUX:K9SM8AUX |
MD5: | 8CA9A1D07D3ADD7CB574C0FFE89AE580 |
SHA1: | 2E8232F8238564D4A803603EF768BE7771FCC504 |
SHA-256: | CBD9437B6DCDDB06AE0E9193DAC3934235EDC0054E645603609EFCA0AE6C205E |
SHA-512: | 1F222FAB485F89E833A4E263881768170F1987D1256A82F59CF5F9F831ABF1C8540526A9447CD5885AF674A937E96BC0929C8C5EAF593B9DAE7FD88AC3AA7F7D |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.80386227119502 |
TrID: |
|
File name: | CorelDRAW |
File size: | 730896 |
MD5: | 23699799f496b8e872d05f19d2b397f8 |
SHA1: | fe3a3e65b86d2b07654f9a6104c8cb392c88b7e8 |
SHA256: | 2a9296ac999e78f6c0bee8aca8bfa4d4638aa30d9c8ccc65124b1cbfc9caab5f |
SHA512: | f347c47afe06ed7ef2a71b7e40ac0103f4f33e26250661173775b349bba7452ea458e5d4137a57b34801556959bca14093a9f693d59c147061f63f2b78614288 |
SSDEEP: | 6144:0RDkTCDC628O+i5Npv56/SfQ7WXIRPeTqiKjBAaIeuLkN04b1Z2O/a0csN2oGA8s:q5o657MOPhKCuo64b//nPpA/OGg2Y5 |
File Content Preview: | ..................@...h...................g.................................................................................................................................................................................................................... |
|
General Information for header 1 | |
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x3C000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x3C000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x10003C000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x10000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x3C000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x10000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x10004C000 |
vmsize | 0xC000 |
fileoff | 0x4C000 |
filesize | 0xA810 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
Name | Value |
---|---|
rebase_off | 311296 |
rebase_size | 1432 |
bind_off | 312728 |
bind_size | 3304 |
weak_bind_off | 316032 |
weak_bind_size | 72 |
lazy_bind_off | 316104 |
lazy_bind_size | 4280 |
export_off | 320384 |
export_size | 32 |
Name | Value |
---|---|
symoff | 321696 |
nsyms | 264 |
stroff | 327440 |
strsize | 5608 |
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 1 |
iextdefsym | 1 |
nextdefsym | 1 |
iundefsym | 2 |
nundefsym | 262 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 325920 |
nindirectsyms | 379 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
Name | Value |
---|---|
name | 12 |
Datas |
Name | Value |
---|---|
uuid | b'\\\xd8\xdf\x8d\x99\x11?~\x80D\x1e/fjg\x87' |
Name | Value |
---|---|
version | 658688 |
sdk | 721152 |
Name | Value |
---|---|
version | 0 |
Name | Value |
---|---|
entryoff | 8464 |
stacksize | 0 |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1770.255.0 |
compatibility_version | 300.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 228.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 904.4.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1292.60.1 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 2022.20.117 |
compatibility_version | 45.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1209.1.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1770.255.0 |
compatibility_version | 150.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1122.11.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 275.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 59754.60.13 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1109.60.2 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
dataoff | 320416 |
datasize | 1272 |
Name | Value |
---|---|
dataoff | 321688 |
datasize | 8 |
Name | Value |
---|---|
dataoff | 333056 |
datasize | 21264 |
_CCCrypt |
_CFArrayCreate |
_CFRelease |
_CFRetain |
_CFRunLoopGetMain |
_CFStringTransform |
_CFUUIDCreate |
_CFUUIDCreateString |
_IOObjectRelease |
_IORegistryEntryCreateCFProperty |
_IOServiceGetMatchingService |
_IOServiceMatching |
_NSCalendarIdentifierGregorian |
_NSClassFromString |
_NSDefaultRunLoopMode |
_NSFileCreationDate |
_NSFileSize |
_NSFoundationVersionNumber |
_NSGenericException |
_NSKeyValueChangeNewKey |
_NSLocalizedDescriptionKey |
_NSLocalizedFailureReasonErrorKey |
_NSLog |
_NSRunLoopCommonModes |
_NSSearchPathForDirectoriesInDomains |
_NSSelectorFromString |
_NSStringFromClass |
_NSStringFromSelector |
_NSURLAuthenticationMethodServerTrust |
_NSURLErrorFailingURLErrorKey |
_NSURLNameKey |
_NSURLSessionTransferSizeUnknown |
_NSUnderlyingErrorKey |
_NSUserName |
_OBJC_CLASS_$_NSArray |
_OBJC_CLASS_$_NSBitmapImageRep |
_OBJC_CLASS_$_NSBundle |
_OBJC_CLASS_$_NSCalendar |
_OBJC_CLASS_$_NSCharacterSet |
_OBJC_CLASS_$_NSData |
_OBJC_CLASS_$_NSDate |
_OBJC_CLASS_$_NSDateFormatter |
_OBJC_CLASS_$_NSDecimalNumber |
_OBJC_CLASS_$_NSDictionary |
_OBJC_CLASS_$_NSError |
_OBJC_CLASS_$_NSException |
_OBJC_CLASS_$_NSFileManager |
_OBJC_CLASS_$_NSHTTPURLResponse |
_OBJC_CLASS_$_NSImage |
_OBJC_CLASS_$_NSIndexSet |
_OBJC_CLASS_$_NSInputStream |
_OBJC_CLASS_$_NSJSONSerialization |
_OBJC_CLASS_$_NSLocale |
_OBJC_CLASS_$_NSLock |
_OBJC_CLASS_$_NSMutableArray |
_OBJC_CLASS_$_NSMutableData |
_OBJC_CLASS_$_NSMutableDictionary |
_OBJC_CLASS_$_NSMutableSet |
_OBJC_CLASS_$_NSMutableString |
_OBJC_CLASS_$_NSMutableURLRequest |
_OBJC_CLASS_$_NSNotificationCenter |
_OBJC_CLASS_$_NSNull |
_OBJC_CLASS_$_NSNumber |
_OBJC_CLASS_$_NSNumberFormatter |
_OBJC_CLASS_$_NSObject |
_OBJC_CLASS_$_NSOperationQueue |
_OBJC_CLASS_$_NSOutputStream |
_OBJC_CLASS_$_NSProcessInfo |
_OBJC_CLASS_$_NSProgress |
_OBJC_CLASS_$_NSPropertyListSerialization |
_OBJC_CLASS_$_NSRecursiveLock |
_OBJC_CLASS_$_NSRunLoop |
_OBJC_CLASS_$_NSSet |
_OBJC_CLASS_$_NSSortDescriptor |
_OBJC_CLASS_$_NSString |
_OBJC_CLASS_$_NSThread |
_OBJC_CLASS_$_NSURL |
_OBJC_CLASS_$_NSURLCredential |
_OBJC_CLASS_$_NSURLSession |
_OBJC_CLASS_$_NSURLSessionConfiguration |
_OBJC_CLASS_$_NSXMLDocument |
_OBJC_CLASS_$_NSXMLParser |
_OBJC_METACLASS_$_NSInputStream |
_OBJC_METACLASS_$_NSMutableArray |
_OBJC_METACLASS_$_NSObject |
_SCNetworkReachabilityCreateWithAddress |
_SCNetworkReachabilityCreateWithName |
_SCNetworkReachabilityGetFlags |
_SCNetworkReachabilityScheduleWithRunLoop |
_SCNetworkReachabilitySetCallback |
_SCNetworkReachabilityUnscheduleFromRunLoop |
_SecCertificateCopyData |
_SecCertificateCreateWithData |
_SecItemExport |
_SecPolicyCreateBasicX509 |
_SecPolicyCreateSSL |
_SecTrustCopyPublicKey |
_SecTrustCreateWithCertificates |
_SecTrustEvaluate |
_SecTrustGetCertificateAtIndex |
_SecTrustGetCertificateCount |
_SecTrustSetAnchorCertificates |
_SecTrustSetPolicies |
_UTTypeCopyPreferredTagWithClass |
_UTTypeCreatePreferredIdentifierForTag |
__Block_copy |
__Block_object_assign |
__Block_object_dispose |
__Block_release |
__NSConcreteGlobalBlock |
__NSConcreteStackBlock |
__Unwind_Resume |
__ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEmmPKcm |
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc |
__ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_ |
__ZSt9terminatev |
__ZdlPv |
__Znam |
__Znwm |
___CFConstantStringClassReference |
___bzero |
___cxa_begin_catch |
___darwin_check_fd_set_overflow |
___gxx_personality_v0 |
___memcpy_chk |
___objc_personality_v0 |
___sprintf_chk |
___stack_chk_fail |
___stack_chk_guard |
___stderrp |
___stdoutp |
___strncpy_chk |
__dispatch_main_q |
__dispatch_queue_attr_concurrent |
__dispatch_source_type_timer |
__mh_execute_header |
__objc_empty_cache |
_access |
_arc4random |
_atoi |
_class_addMethod |
_class_getInstanceMethod |
_close |
_closedir |
_dispatch_async |
_dispatch_barrier_async |
_dispatch_get_global_queue |
_dispatch_group_async |
_dispatch_group_create |
_dispatch_once |
_dispatch_queue_create |
_dispatch_resume |
_dispatch_semaphore_create |
_dispatch_semaphore_signal |
_dispatch_semaphore_wait |
_dispatch_source_cancel |
_dispatch_source_create |
_dispatch_source_set_event_handler |
_dispatch_source_set_timer |
_dispatch_sync |
_dispatch_time |
_dispatch_walltime |
_dup2 |
_execvp |
_exit |
_fclose |
_feof |
_fgets |
_fopen |
_fork |
_fread |
_free |
_freeifaddrs |
_freopen |
_fseek |
_ftell |
_getcwd |
_getifaddrs |
_getuid |
_grantpt |
_host_page_size |
_host_statistics64 |
_if_nametoindex |
_inet_addr |
_inet_ntoa |
_ioctl |
_kCFAllocatorDefault |
_kCFBundleExecutableKey |
_kCFBundleIdentifierKey |
_kCFBundleVersionKey |
_kCFRunLoopCommonModes |
_kCFStreamPropertyHTTPProxyHost |
_kCFStreamPropertyHTTPProxyPort |
_kCFStreamPropertyHTTPSProxyHost |
_kCFStreamPropertyHTTPSProxyPort |
_kIOMasterPortDefault |
_kUTTagClassFilenameExtension |
_kUTTagClassMIMEType |
_kill |
_mach_host_self |
_malloc |
_memcpy |
_method_exchangeImplementations |
_method_getImplementation |
_method_getTypeEncoding |
_objc_alloc |
_objc_autorelease |
_objc_autoreleaseReturnValue |
_objc_copyWeak |
_objc_destroyWeak |
_objc_enumerationMutation |
_objc_exception_throw |
_objc_getProperty |
_objc_initWeak |
_objc_loadWeakRetained |
_objc_msgSend |
_objc_msgSendSuper2 |
_objc_msgSend_stret |
_objc_release |
_objc_retain |
_objc_retainAutorelease |
_objc_retainAutoreleaseReturnValue |
_objc_retainAutoreleasedReturnValue |
_objc_retainBlock |
_objc_setProperty_atomic_copy |
_objc_setProperty_nonatomic_copy |
_objc_storeStrong |
_objc_storeWeak |
_objc_unsafeClaimAutoreleasedReturnValue |
_open |
_opendir$INODE64 |
_pclose |
_popen |
_printf |
_pthread_create |
_pthread_join |
_puts |
_read |
_readdir$INODE64 |
_rename |
_rindex |
_select$1050 |
_signal |
_sleep |
_snprintf |
_sprintf |
_stat$INODE64 |
_statfs$INODE64 |
_strchr |
_strcmp |
_strcpy |
_strlen |
_strstr |
_strtol |
_sysctl |
_sysctlbyname |
_system |
_unlink |
_unlockpt |
_waitpid |
_write |
dyld_stub_binder |
radr://5614542 |
_CCCrypt |
_CFArrayCreate |
_CFRelease |
_CFRetain |
_CFRunLoopGetMain |
_CFStringTransform |
_CFUUIDCreate |
_CFUUIDCreateString |
_IOObjectRelease |
_IORegistryEntryCreateCFProperty |
_IOServiceGetMatchingService |
_IOServiceMatching |
_NSClassFromString |
_NSLog |
_NSSearchPathForDirectoriesInDomains |
_NSSelectorFromString |
_NSStringFromClass |
_NSStringFromSelector |
_NSUserName |
_SCNetworkReachabilityCreateWithAddress |
_SCNetworkReachabilityCreateWithName |
_SCNetworkReachabilityGetFlags |
_SCNetworkReachabilityScheduleWithRunLoop |
_SCNetworkReachabilitySetCallback |
_SCNetworkReachabilityUnscheduleFromRunLoop |
_SecCertificateCopyData |
_SecCertificateCreateWithData |
_SecItemExport |
_SecPolicyCreateBasicX509 |
_SecPolicyCreateSSL |
_SecTrustCopyPublicKey |
_SecTrustCreateWithCertificates |
_SecTrustEvaluate |
_SecTrustGetCertificateAtIndex |
_SecTrustGetCertificateCount |
_SecTrustSetAnchorCertificates |
_SecTrustSetPolicies |
_UTTypeCopyPreferredTagWithClass |
_UTTypeCreatePreferredIdentifierForTag |
__Block_copy |
__Block_object_assign |
__Block_object_dispose |
__Block_release |
__Unwind_Resume |
__ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEmmPKcm |
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc |
__ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_ |
__ZSt9terminatev |
___bzero |
___cxa_begin_catch |
___darwin_check_fd_set_overflow |
___memcpy_chk |
___sprintf_chk |
___stack_chk_fail |
___strncpy_chk |
_access |
_arc4random |
_atoi |
_class_addMethod |
_class_getInstanceMethod |
_close |
_closedir |
_dispatch_async |
_dispatch_barrier_async |
_dispatch_get_global_queue |
_dispatch_group_async |
_dispatch_group_create |
_dispatch_once |
_dispatch_queue_create |
_dispatch_resume |
_dispatch_semaphore_create |
_dispatch_semaphore_signal |
_dispatch_semaphore_wait |
_dispatch_source_cancel |
_dispatch_source_create |
_dispatch_source_set_event_handler |
_dispatch_source_set_timer |
_dispatch_sync |
_dispatch_time |
_dispatch_walltime |
_dup2 |
_execvp |
_exit |
_fclose |
_feof |
_fgets |
_fopen |
_fork |
_fread |
_free |
_freeifaddrs |
_freopen |
_fseek |
_ftell |
_getcwd |
_getifaddrs |
_getuid |
_grantpt |
_host_page_size |
_host_statistics64 |
_if_nametoindex |
_inet_addr |
_inet_ntoa |
_ioctl |
_kill |
_mach_host_self |
_malloc |
_memcpy |
_method_exchangeImplementations |
_method_getImplementation |
_method_getTypeEncoding |
_objc_alloc |
_objc_autorelease |
_objc_autoreleaseReturnValue |
_objc_copyWeak |
_objc_destroyWeak |
_objc_enumerationMutation |
_objc_exception_throw |
_objc_getProperty |
_objc_initWeak |
_objc_loadWeakRetained |
_objc_msgSendSuper2 |
_objc_msgSend_stret |
_objc_retainAutorelease |
_objc_retainAutoreleaseReturnValue |
_objc_retainAutoreleasedReturnValue |
_objc_retainBlock |
_objc_setProperty_atomic_copy |
_objc_setProperty_nonatomic_copy |
_objc_storeStrong |
_objc_storeWeak |
_objc_unsafeClaimAutoreleasedReturnValue |
_open |
_opendir$INODE64 |
_pclose |
_popen |
_printf |
_pthread_create |
_pthread_join |
_puts |
_read |
_readdir$INODE64 |
_rename |
_rindex |
_select$1050 |
_signal |
_sleep |
_snprintf |
_sprintf |
_stat$INODE64 |
_statfs$INODE64 |
_strchr |
_strcmp |
_strcpy |
_strlen |
_strstr |
_strtol |
_sysctl |
_sysctlbyname |
_system |
_unlink |
_unlockpt |
_waitpid |
_write |
General Information for header 2 | |
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0x100000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100000000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x40000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x40000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 13 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA_CONST | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100040000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x4000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x40000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x4000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 8 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x10 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __DATA | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmaddr | 0x100044000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
vmsize | 0x8000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
fileoff | 0x44000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
filesize | 0x8000 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
maxprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
initprot | 0x3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
nsects | 11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
flags | 0x0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0x10004C000 |
vmsize | 0xC000 |
fileoff | 0x4C000 |
filesize | 0xA710 |
maxprot | 0x1 |
initprot | 0x1 |
nsects | 0 |
flags | 0x0 |
Name | Value |
---|---|
rebase_off | 311296 |
rebase_size | 1296 |
bind_off | 312592 |
bind_size | 3240 |
weak_bind_off | 315832 |
weak_bind_size | 72 |
lazy_bind_off | 315904 |
lazy_bind_size | 4264 |
export_off | 320168 |
export_size | 32 |
Name | Value |
---|---|
symoff | 321480 |
nsyms | 264 |
stroff | 327224 |
strsize | 5568 |
Name | Value |
---|---|
ilocalsym | 0 |
nlocalsym | 1 |
iextdefsym | 1 |
nextdefsym | 1 |
iundefsym | 2 |
nundefsym | 262 |
tocoff | 0 |
ntoc | 0 |
modtaboff | 0 |
nmodtab | 0 |
extrefsymoff | 0 |
nextrefsyms | 0 |
indirectsymoff | 325704 |
nindirectsyms | 379 |
extreloff | 0 |
nextrel | 0 |
locreloff | 0 |
nlocrel | 0 |
Name | Value |
---|---|
name | 12 |
Datas |
Name | Value |
---|---|
uuid | b'\xf9\xd2\xf6\xdbz\xc2:\xae\xa9<\xadO=p~\xc4' |
Name | Value |
---|---|
platform | 1 |
minos | 720896 |
sdk | 721152 |
ntools | 1 |
Datas |
Name | Value |
---|---|
version | 0 |
Name | Value |
---|---|
entryoff | 19260 |
stacksize | 0 |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1770.255.0 |
compatibility_version | 300.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 228.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 904.4.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1292.60.1 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 2022.20.117 |
compatibility_version | 45.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1209.1.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1770.255.0 |
compatibility_version | 150.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1122.11.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 275.0.0 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 59754.60.13 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
name | 24 |
timestamp | Thu Jan 1 01:00:02 1970 |
current_version | 1109.60.2 |
compatibility_version | 1.0.0 |
Datas |
Name | Value |
---|---|
dataoff | 320200 |
datasize | 1280 |
Name | Value |
---|---|
dataoff | 321480 |
datasize | 0 |
Name | Value |
---|---|
dataoff | 332800 |
datasize | 21264 |
_CCCrypt |
_CFArrayCreate |
_CFRelease |
_CFRetain |
_CFRunLoopGetMain |
_CFStringTransform |
_CFUUIDCreate |
_CFUUIDCreateString |
_IOObjectRelease |
_IORegistryEntryCreateCFProperty |
_IOServiceGetMatchingService |
_IOServiceMatching |
_NSCalendarIdentifierGregorian |
_NSClassFromString |
_NSDefaultRunLoopMode |
_NSFileCreationDate |
_NSFileSize |
_NSFoundationVersionNumber |
_NSGenericException |
_NSKeyValueChangeNewKey |
_NSLocalizedDescriptionKey |
_NSLocalizedFailureReasonErrorKey |
_NSLog |
_NSRunLoopCommonModes |
_NSSearchPathForDirectoriesInDomains |
_NSSelectorFromString |
_NSStringFromClass |
_NSStringFromSelector |
_NSURLAuthenticationMethodServerTrust |
_NSURLErrorFailingURLErrorKey |
_NSURLNameKey |
_NSURLSessionTransferSizeUnknown |
_NSUnderlyingErrorKey |
_NSUserName |
_OBJC_CLASS_$_NSArray |
_OBJC_CLASS_$_NSBitmapImageRep |
_OBJC_CLASS_$_NSBundle |
_OBJC_CLASS_$_NSCalendar |
_OBJC_CLASS_$_NSCharacterSet |
_OBJC_CLASS_$_NSData |
_OBJC_CLASS_$_NSDate |
_OBJC_CLASS_$_NSDateFormatter |
_OBJC_CLASS_$_NSDecimalNumber |
_OBJC_CLASS_$_NSDictionary |
_OBJC_CLASS_$_NSError |
_OBJC_CLASS_$_NSException |
_OBJC_CLASS_$_NSFileManager |
_OBJC_CLASS_$_NSHTTPURLResponse |
_OBJC_CLASS_$_NSImage |
_OBJC_CLASS_$_NSIndexSet |
_OBJC_CLASS_$_NSInputStream |
_OBJC_CLASS_$_NSJSONSerialization |
_OBJC_CLASS_$_NSLocale |
_OBJC_CLASS_$_NSLock |
_OBJC_CLASS_$_NSMutableArray |
_OBJC_CLASS_$_NSMutableData |
_OBJC_CLASS_$_NSMutableDictionary |
_OBJC_CLASS_$_NSMutableSet |
_OBJC_CLASS_$_NSMutableString |
_OBJC_CLASS_$_NSMutableURLRequest |
_OBJC_CLASS_$_NSNotificationCenter |
_OBJC_CLASS_$_NSNull |
_OBJC_CLASS_$_NSNumber |
_OBJC_CLASS_$_NSNumberFormatter |
_OBJC_CLASS_$_NSObject |
_OBJC_CLASS_$_NSOperationQueue |
_OBJC_CLASS_$_NSOutputStream |
_OBJC_CLASS_$_NSProcessInfo |
_OBJC_CLASS_$_NSProgress |
_OBJC_CLASS_$_NSPropertyListSerialization |
_OBJC_CLASS_$_NSRecursiveLock |
_OBJC_CLASS_$_NSRunLoop |
_OBJC_CLASS_$_NSSet |
_OBJC_CLASS_$_NSSortDescriptor |
_OBJC_CLASS_$_NSString |
_OBJC_CLASS_$_NSThread |
_OBJC_CLASS_$_NSURL |
_OBJC_CLASS_$_NSURLCredential |
_OBJC_CLASS_$_NSURLSession |
_OBJC_CLASS_$_NSURLSessionConfiguration |
_OBJC_CLASS_$_NSXMLDocument |
_OBJC_CLASS_$_NSXMLParser |
_OBJC_METACLASS_$_NSInputStream |
_OBJC_METACLASS_$_NSMutableArray |
_OBJC_METACLASS_$_NSObject |
_SCNetworkReachabilityCreateWithAddress |
_SCNetworkReachabilityCreateWithName |
_SCNetworkReachabilityGetFlags |
_SCNetworkReachabilityScheduleWithRunLoop |
_SCNetworkReachabilitySetCallback |
_SCNetworkReachabilityUnscheduleFromRunLoop |
_SecCertificateCopyData |
_SecCertificateCreateWithData |
_SecItemExport |
_SecPolicyCreateBasicX509 |
_SecPolicyCreateSSL |
_SecTrustCopyPublicKey |
_SecTrustCreateWithCertificates |
_SecTrustEvaluate |
_SecTrustGetCertificateAtIndex |
_SecTrustGetCertificateCount |
_SecTrustSetAnchorCertificates |
_SecTrustSetPolicies |
_UTTypeCopyPreferredTagWithClass |
_UTTypeCreatePreferredIdentifierForTag |
__Block_copy |
__Block_object_assign |
__Block_object_dispose |
__Block_release |
__NSConcreteGlobalBlock |
__NSConcreteStackBlock |
__Unwind_Resume |
__ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEmmPKcm |
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc |
__ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_ |
__ZSt9terminatev |
__ZdlPv |
__Znam |
__Znwm |
___CFConstantStringClassReference |
___chkstk_darwin |
___cxa_begin_catch |
___darwin_check_fd_set_overflow |
___gxx_personality_v0 |
___memcpy_chk |
___objc_personality_v0 |
___sprintf_chk |
___stack_chk_fail |
___stack_chk_guard |
___stderrp |
___stdoutp |
___strncpy_chk |
__dispatch_main_q |
__dispatch_queue_attr_concurrent |
__dispatch_source_type_timer |
__mh_execute_header |
__objc_empty_cache |
_access |
_arc4random |
_atoi |
_bzero |
_class_addMethod |
_class_getInstanceMethod |
_close |
_closedir |
_dispatch_async |
_dispatch_barrier_async |
_dispatch_get_global_queue |
_dispatch_group_async |
_dispatch_group_create |
_dispatch_once |
_dispatch_queue_create |
_dispatch_resume |
_dispatch_semaphore_create |
_dispatch_semaphore_signal |
_dispatch_semaphore_wait |
_dispatch_source_cancel |
_dispatch_source_create |
_dispatch_source_set_event_handler |
_dispatch_source_set_timer |
_dispatch_sync |
_dispatch_time |
_dispatch_walltime |
_dup2 |
_execvp |
_exit |
_fclose |
_feof |
_fgets |
_fopen |
_fork |
_fread |
_free |
_freeifaddrs |
_freopen |
_fseek |
_ftell |
_getcwd |
_getifaddrs |
_getuid |
_grantpt |
_host_page_size |
_host_statistics64 |
_if_nametoindex |
_inet_addr |
_inet_ntoa |
_ioctl |
_kCFAllocatorDefault |
_kCFBundleExecutableKey |
_kCFBundleIdentifierKey |
_kCFBundleVersionKey |
_kCFRunLoopCommonModes |
_kCFStreamPropertyHTTPProxyHost |
_kCFStreamPropertyHTTPProxyPort |
_kCFStreamPropertyHTTPSProxyHost |
_kCFStreamPropertyHTTPSProxyPort |
_kIOMasterPortDefault |
_kUTTagClassFilenameExtension |
_kUTTagClassMIMEType |
_kill |
_mach_host_self |
_malloc |
_memcpy |
_method_exchangeImplementations |
_method_getImplementation |
_method_getTypeEncoding |
_objc_alloc |
_objc_autorelease |
_objc_autoreleaseReturnValue |
_objc_copyWeak |
_objc_destroyWeak |
_objc_enumerationMutation |
_objc_exception_throw |
_objc_getProperty |
_objc_initWeak |
_objc_loadWeakRetained |
_objc_msgSend |
_objc_msgSendSuper2 |
_objc_release |
_objc_retain |
_objc_retainAutorelease |
_objc_retainAutoreleaseReturnValue |
_objc_retainAutoreleasedReturnValue |
_objc_retainBlock |
_objc_setProperty_atomic_copy |
_objc_setProperty_nonatomic_copy |
_objc_storeStrong |
_objc_storeWeak |
_objc_unsafeClaimAutoreleasedReturnValue |
_open |
_opendir |
_pclose |
_popen |
_printf |
_pthread_create |
_pthread_join |
_puts |
_read |
_readdir |
_rename |
_rindex |
_select |
_signal |
_sleep |
_snprintf |
_sprintf |
_stat |
_statfs |
_strchr |
_strcmp |
_strcpy |
_strlen |
_strstr |
_strtol |
_sysctl |
_sysctlbyname |
_system |
_unlink |
_unlockpt |
_waitpid |
_write |
dyld_stub_binder |
radr://5614542 |
_CCCrypt |
_CFArrayCreate |
_CFRelease |
_CFRetain |
_CFRunLoopGetMain |
_CFStringTransform |
_CFUUIDCreate |
_CFUUIDCreateString |
_IOObjectRelease |
_IORegistryEntryCreateCFProperty |
_IOServiceGetMatchingService |
_IOServiceMatching |
_NSClassFromString |
_NSLog |
_NSSearchPathForDirectoriesInDomains |
_NSSelectorFromString |
_NSStringFromClass |
_NSStringFromSelector |
_NSUserName |
_SCNetworkReachabilityCreateWithAddress |
_SCNetworkReachabilityCreateWithName |
_SCNetworkReachabilityGetFlags |
_SCNetworkReachabilityScheduleWithRunLoop |
_SCNetworkReachabilitySetCallback |
_SCNetworkReachabilityUnscheduleFromRunLoop |
_SecCertificateCopyData |
_SecCertificateCreateWithData |
_SecItemExport |
_SecPolicyCreateBasicX509 |
_SecPolicyCreateSSL |
_SecTrustCopyPublicKey |
_SecTrustCreateWithCertificates |
_SecTrustEvaluate |
_SecTrustGetCertificateAtIndex |
_SecTrustGetCertificateCount |
_SecTrustSetAnchorCertificates |
_SecTrustSetPolicies |
_UTTypeCopyPreferredTagWithClass |
_UTTypeCreatePreferredIdentifierForTag |
__Block_copy |
__Block_object_assign |
__Block_object_dispose |
__Block_release |
__Unwind_Resume |
__ZNKSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7compareEmmPKcm |
__ZNKSt3__121__basic_string_commonILb1EE20__throw_length_errorEv |
__ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc |
__ZNSt3__1plIcNS_11char_traitsIcEENS_9allocatorIcEEEENS_12basic_stringIT_T0_T1_EEPKS6_RKS9_ |
__ZSt9terminatev |
___cxa_begin_catch |
___darwin_check_fd_set_overflow |
___memcpy_chk |
___sprintf_chk |
___stack_chk_fail |
___strncpy_chk |
_access |
_arc4random |
_atoi |
_bzero |
_class_addMethod |
_class_getInstanceMethod |
_close |
_closedir |
_dispatch_async |
_dispatch_barrier_async |
_dispatch_get_global_queue |
_dispatch_group_async |
_dispatch_group_create |
_dispatch_once |
_dispatch_queue_create |
_dispatch_resume |
_dispatch_semaphore_create |
_dispatch_semaphore_signal |
_dispatch_semaphore_wait |
_dispatch_source_cancel |
_dispatch_source_create |
_dispatch_source_set_event_handler |
_dispatch_source_set_timer |
_dispatch_sync |
_dispatch_time |
_dispatch_walltime |
_dup2 |
_execvp |
_exit |
_fclose |
_feof |
_fgets |
_fopen |
_fork |
_fread |
_free |
_freeifaddrs |
_freopen |
_fseek |
_ftell |
_getcwd |
_getifaddrs |
_getuid |
_grantpt |
_host_page_size |
_host_statistics64 |
_if_nametoindex |
_inet_addr |
_inet_ntoa |
_ioctl |
_kill |
_mach_host_self |
_malloc |
_memcpy |
_method_exchangeImplementations |
_method_getImplementation |
_method_getTypeEncoding |
_objc_alloc |
_objc_autorelease |
_objc_autoreleaseReturnValue |
_objc_copyWeak |
_objc_destroyWeak |
_objc_enumerationMutation |
_objc_exception_throw |
_objc_getProperty |
_objc_initWeak |
_objc_loadWeakRetained |
_objc_msgSend |
_objc_msgSendSuper2 |
_objc_release |
_objc_retain |
_objc_retainAutorelease |
_objc_retainAutoreleaseReturnValue |
_objc_retainAutoreleasedReturnValue |
_objc_retainBlock |
_objc_setProperty_atomic_copy |
_objc_setProperty_nonatomic_copy |
_objc_storeStrong |
_objc_storeWeak |
_objc_unsafeClaimAutoreleasedReturnValue |
_open |
_opendir |
_pclose |
_popen |
_printf |
_pthread_create |
_pthread_join |
_puts |
_read |
_readdir |
_rename |
_rindex |
_select |
_signal |
_sleep |
_snprintf |
_sprintf |
_stat |
_statfs |
_strchr |
_strcmp |
_strcpy |
_strlen |
_strstr |
_strtol |
_sysctl |
_sysctlbyname |
_system |
_unlink |
_unlockpt |
_waitpid |
_write |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2022 14:12:48.311383963 CEST | 49302 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670630932 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670660973 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670681000 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670686007 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670691013 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670840979 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670845985 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670850039 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670854092 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670857906 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670953035 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670958042 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670962095 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.670967102 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671062946 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671067953 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671072006 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671076059 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671081066 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671156883 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671164036 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671170950 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671175957 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671180964 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671185017 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671190023 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671194077 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671339035 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671343088 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671417952 CEST | 138 | 138 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671422958 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671427965 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671432018 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671436071 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671439886 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671516895 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671521902 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671525955 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671530008 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671534061 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671539068 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671542883 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671621084 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671626091 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671629906 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671633959 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671638012 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671643019 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671736002 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671741009 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671745062 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671749115 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671753883 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671757936 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671889067 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671894073 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671897888 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:48.671901941 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061182976 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061280966 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061376095 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061381102 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061549902 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061553955 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061558008 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061685085 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061693907 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061698914 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061903954 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061909914 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061913967 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.061918020 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062041998 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062046051 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062050104 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062134981 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062139034 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062144041 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062292099 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062295914 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062299967 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062457085 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062551022 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062555075 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062558889 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.062721968 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813153028 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813345909 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813352108 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813357115 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813360929 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813493013 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813498020 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813626051 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813637972 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813760042 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813766956 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813771009 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813960075 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813963890 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.813968897 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814049006 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814201117 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814204931 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814208984 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814352989 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814357996 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814362049 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814366102 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814443111 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814446926 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814450979 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814590931 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814598083 CEST | 137 | 137 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:49.814604044 CEST | 138 | 138 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:52.819813967 CEST | 138 | 138 | 192.168.0.52 | 192.168.0.255 |
Mar 28, 2022 14:12:54.330102921 CEST | 53 | 56495 | 8.8.8.8 | 192.168.0.52 |
Mar 28, 2022 14:12:54.691968918 CEST | 61483 | 53 | 192.168.0.52 | 8.8.8.8 |
Mar 28, 2022 14:12:54.692070007 CEST | 57359 | 53 | 192.168.0.52 | 8.8.8.8 |
Mar 28, 2022 14:12:54.710969925 CEST | 53 | 57359 | 8.8.8.8 | 192.168.0.52 |
Mar 28, 2022 14:12:54.711069107 CEST | 53 | 61483 | 8.8.8.8 | 192.168.0.52 |
Mar 28, 2022 14:14:14.195482969 CEST | 53 | 50470 | 8.8.8.8 | 192.168.0.52 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Mar 28, 2022 14:12:54.691968918 CEST | 192.168.0.52 | 8.8.8.8 | 0x9fc3 | Standard query (0) | 65 | IN (0x0001) | |
Mar 28, 2022 14:12:54.692070007 CEST | 192.168.0.52 | 8.8.8.8 | 0xf745 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Mar 28, 2022 14:12:54.702195883 CEST | 8.8.8.8 | 192.168.0.52 | 0xe3e | No error (0) | 172.217.168.67 | A (IP address) | IN (0x0001) | ||
Mar 28, 2022 14:12:54.710969925 CEST | 8.8.8.8 | 192.168.0.52 | 0xf745 | No error (0) | 172.217.168.67 | A (IP address) | IN (0x0001) |
System Behavior
Start time: | 14:12:32 |
Start date: | 28/03/2022 |
Path: | /Library/Frameworks/Mono.framework/Versions/6.12.0/bin/mono-sgen64 |
Arguments: | n/a |
File size: | 4699168 bytes |
MD5 hash: | 98f65da8c6a62423d3f4cda359f06a87 |
Start time: | 14:12:32 |
Start date: | 28/03/2022 |
Path: | /Users/drew/Desktop/CorelDRAW |
Arguments: | /Users/drew/Desktop/CorelDRAW |
File size: | 730896 bytes |
MD5 hash: | 23699799f496b8e872d05f19d2b397f8 |
Start time: | 14:12:32 |
Start date: | 28/03/2022 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 120912 bytes |
MD5 hash: | 8356936fbf1eeb3548896b9206a685a0 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | sh -c ps -ef |grep CorelDRAW |grep -v /Users/drew/Desktop/CorelDRAW |grep -v 'CorelDRAW\s*Graphics\s*Suite' |awk '{print $2}' |xargs kill -9 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/ps |
Arguments: | ps -ef |
File size: | 173728 bytes |
MD5 hash: | 5441fc94a247a54e76339a9e5b8c2b45 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/grep |
Arguments: | grep CorelDRAW |
File size: | 140304 bytes |
MD5 hash: | 501a6e2ee4b55292be9321ece0fa2a93 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/grep |
Arguments: | grep -v /Users/drew/Desktop/CorelDRAW |
File size: | 140304 bytes |
MD5 hash: | 501a6e2ee4b55292be9321ece0fa2a93 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/grep |
Arguments: | grep -v CorelDRAW\s*Graphics\s*Suite |
File size: | 140304 bytes |
MD5 hash: | 501a6e2ee4b55292be9321ece0fa2a93 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/awk |
Arguments: | awk {print $2} |
File size: | 305504 bytes |
MD5 hash: | 1780ae04585c36f7b86aaec7523fceb6 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/xargs |
Arguments: | xargs kill -9 |
File size: | 139200 bytes |
MD5 hash: | e5109f0c83efadc46f840033d8c89901 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 120912 bytes |
MD5 hash: | 8356936fbf1eeb3548896b9206a685a0 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | sh -c ps -ef |grep CorelDRAW |grep -v /Users/drew/Desktop/CorelDRAW |grep -v 'CorelDRAW\s*Graphics\s*Suite' |awk '{print $2}' |xargs kill -9 |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/ps |
Arguments: | ps -ef |
File size: | 173728 bytes |
MD5 hash: | 5441fc94a247a54e76339a9e5b8c2b45 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/grep |
Arguments: | grep CorelDRAW |
File size: | 140304 bytes |
MD5 hash: | 501a6e2ee4b55292be9321ece0fa2a93 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/grep |
Arguments: | grep -v /Users/drew/Desktop/CorelDRAW |
File size: | 140304 bytes |
MD5 hash: | 501a6e2ee4b55292be9321ece0fa2a93 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/grep |
Arguments: | grep -v CorelDRAW\s*Graphics\s*Suite |
File size: | 140304 bytes |
MD5 hash: | 501a6e2ee4b55292be9321ece0fa2a93 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/awk |
Arguments: | awk {print $2} |
File size: | 305504 bytes |
MD5 hash: | 1780ae04585c36f7b86aaec7523fceb6 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/bin/xargs |
Arguments: | xargs kill -9 |
File size: | 139200 bytes |
MD5 hash: | e5109f0c83efadc46f840033d8c89901 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 120912 bytes |
MD5 hash: | 8356936fbf1eeb3548896b9206a685a0 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | sh -c cp /Users/drew/Desktop/CorelDRAW /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/cp |
Arguments: | cp /Users/drew/Desktop/CorelDRAW /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File size: | 123264 bytes |
MD5 hash: | 9007c6e0352122c17fbcea99739b716e |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 120912 bytes |
MD5 hash: | 8356936fbf1eeb3548896b9206a685a0 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | sh -c launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/launchctl |
Arguments: | launchctl unload -w /Library/LaunchDaemons/com.CorelDRAW.va.plist |
File size: | 329344 bytes |
MD5 hash: | a9ce661111e6db7d90923d46f790e5c7 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 120912 bytes |
MD5 hash: | 8356936fbf1eeb3548896b9206a685a0 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/bash |
Arguments: | sh -c launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist |
File size: | 1296704 bytes |
MD5 hash: | c1edb59ec6a40884fc3c4e201d31b1d5 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /bin/launchctl |
Arguments: | launchctl load -w /Library/LaunchDaemons/com.CorelDRAW.va.plist |
File size: | 329344 bytes |
MD5 hash: | a9ce661111e6db7d90923d46f790e5c7 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 196720 bytes |
MD5 hash: | 395c4370ee6c31ff7061018e365ee7b9 |
Start time: | 14:12:33 |
Start date: | 28/03/2022 |
Path: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
Arguments: | /var/root/Library/Preferences/CorelDRAW/CorelDRAW |
File size: | 730896 bytes |
MD5 hash: | 23699799f496b8e872d05f19d2b397f8 |