Analysis Report x03hxefIsS
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Classification
Startup |
---|
|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_OceanLotus | Yara detected OceanLotus | Joe Security |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Persistence and Installation Behavior: |
---|
Explicitly modifies time stamps using the "touch" command | Show sources |
Source: | Touch executable uses timestamp modification options: | Jump to behavior |
Sample file contains a Mach-O with an entry point into CFstrings (probably to hamper static analysis) | Show sources |
Source: | Entry point in __cfstring: |
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior | ||
Source: | Shell command executed: | Jump to behavior |
Source: | Grep executable: | Jump to behavior |
Source: | Sysctl executable: | Jump to behavior |
Source: | Touch executable: | Jump to behavior |
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior | ||
Source: | Shell process: | Jump to behavior |
Source: | Launchservices plist file read: | Jump to behavior |
Source: | Awk executable: | Jump to behavior | ||
Source: | Awk executable: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Denies being traced/debugged (via ptrace PT_DENY_ATTACH) | Show sources |
Source: | PTRACE system call (PT_DENY_ATTACH): | Jump to behavior |
Source: | Hidden flag set: | Jump to behavior | ||
Source: | Hidden flag set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Likely queries the I/O Kit registry to detect VMs (based on "IOPlatformExpertDevice" class) | Show sources |
Source: | IOreg executable: | Jump to behavior |
Queries the Boot ROM version of the machine (might be used for detecting native machines, i.e. VM presence) | Show sources |
Source: | Boot ROM Version keywords found in command: | Jump to behavior | ||
Source: | Boot ROM Version keywords found in command: | Jump to behavior |
Queries the Manufacturer of the machine (might be used for detecting VM presence) | Show sources |
Source: | Manufacturer keyword found in command: | Jump to behavior | ||
Source: | Manufacturer keyword found in command: | Jump to behavior |
Source: | Sleep executable: | Jump to behavior | ||
Source: | Sleep executable: | Jump to behavior |
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior |
Language, Device and Operating System Detection: |
---|
Executes the "ioreg" command used to gather hardware information (I/O kit registry) | Show sources |
Source: | IOreg executable: | Jump to behavior | ||
Source: | IOreg executable: | Jump to behavior |
Queries the unique Apple serial number of the machine | Show sources |
Source: | IOPlatformSerialNumber keyword found in command: | Jump to behavior | ||
Source: | IOPlatformSerialNumber keyword found in command: | Jump to behavior |
Source: | sw_vers executed: | Jump to behavior | ||
Source: | sw_vers executed: | Jump to behavior |
Source: | Sysctl read request: | Jump to behavior | ||
Source: | Sysctl read request: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior | ||
Source: | Sysctl requested: | Jump to behavior |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Detected macOS OceanLotus | Show sources |
Source: | IOC file dropped: | Jump to dropped file |
Yara detected OceanLotus | Show sources |
Source: | File source: |
Source: | System_profiler executable: | Jump to behavior | ||
Source: | System_profiler executable: | Jump to behavior |
Source: | Uname executable: | Jump to behavior | ||
Source: | Uname executable: | Jump to behavior |
Remote Access Functionality: |
---|
Detected macOS OceanLotus | Show sources |
Source: | IOC file dropped: | Jump to dropped file |
Yara detected OceanLotus | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter11 | Path Interception | Path Interception | Disable or Modify Tools1 | OS Credential Dumping | Security Software Discovery31 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Remote Access Software1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion31 | LSASS Memory | Virtualization/Sandbox Evasion31 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Scripting1 | Security Account Manager | System Information Discovery591 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Timestomp1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | OSX/OceanLotus.bldbf |
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious | ||
---|---|---|---|---|---|---|---|
17.253.57.207 | Domain: | unknown | United States | 6185 | APPLE-AUSTINUS | false | |
2.20.85.115 | Domain: | unknown | European Union | 16625 | AKAMAI-ASUS | false |
General Information |
---|
Joe Sandbox Version: | 30.0.0 Red Diamond |
Analysis ID: | 114942 |
Start date: | 14.10.2020 |
Start time: | 10:54:51 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 4m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | x03hxefIsS |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Mac Mini, High Sierra 10.13.2 (MS Office 16.9, Java 1.8.0_25) |
Detection: | MAL |
Classification: | mal96.troj.spyw.evad.mac@0/4@0/0 |
Warnings: | Show All
|
Signature Similarity |
---|
Samplename | Analysis ID | SHA256 | Similarity |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AKAMAI-ASUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Runtime Messages |
---|
Command: | /Users/henry/Desktop/x03hxefIsS |
Exit Code: | |
Exit Code Info: | |
Killed: | True |
Standard Output: | |
Standard Error: |
Created / dropped Files |
---|
Process: | /Users/henry/Desktop/x03hxefIsS |
File Type: | |
Category: | dropped |
Size (bytes): | 32 |
Entropy (8bit): | 4.9375 |
Encrypted: | false |
SSDEEP: | 3:TxMSpzX2nJ:mSpzK |
MD5: | CC0E85A2E563F6E55B9DBB7704AB4AD0 |
SHA1: | 717CFFE17D5793732F9A0C41B7EF243D84E84CFD |
SHA-256: | 5E4F3F442ECE2BC618F0B8A9CFAE9DC98193CDF3778B9D2D74E10CC1A31E5E5F |
SHA-512: | 4EEC26FC3B7C28F7AA21A74AA125C5D5FA151F47A693A6A65E3723D3477A633FDFE60AA3DA38545B9EFEDC68A4CD2B1CF448F3279FAE38866AD56EAA2A9DA55C |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /bin/sh |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.118275160770976 |
Encrypted: | false |
SSDEEP: | 3:oDfFDglaWtdAJ:GglaM+ |
MD5: | 743629BD6877C2D528CE71AAFA775EA9 |
SHA1: | CD4081863E79EA75F8CA39CE69B8E9FF572A401E |
SHA-256: | 576E59B31CCD9CF25DDB602222C9FF691B3A54D05E4370DDFF557B66B967B085 |
SHA-512: | B94E5E4E7C9DF57AC2FFDCCD1E4B6D7E67C1E0511DAF9459C4AB1C1B6872A7A23FBDD2E1F6CA82CB0775765E8F86DFDE49BA15D346EEEE339686B8F1F3C37CAD |
Malicious: | true |
Reputation: | low |
Preview: |
|
Process: | /Users/henry/Desktop/x03hxefIsS |
File Type: | |
Category: | dropped |
Size (bytes): | 108184 |
Entropy (8bit): | 7.740162603183254 |
Encrypted: | false |
SSDEEP: | 3072:Ux/yo3A+mUf6/i8kMKDx/yo3A+mUf6/i8kMKs:j+ry/i2Kk+ry/i2Ks |
MD5: | EFB6827A24009EC26E8E988F1D3573BA |
SHA1: | 8DFC8DB340D77A32DD8BB5140B94E45D9DC6FB07 |
SHA-256: | 26463E27BB9654D0FA1D75FA9B6D211822891A6F22E731FFE8BF21056B962729 |
SHA-512: | 4FAAC58A33CB10377A2BBA9C80C1F9C14A12B5BEFBC602C9586C12E7EA8F3EA7A91888675C1E742EEE71AA8FD4FBAD46D47F52F61B21064B9E6DA9840D7C59B4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.519905462932771 |
TrID: | |
File name: | x03hxefIsS |
File size: | 47944 |
MD5: | 06334cb14c1512bf2794af8dae5ab357 |
SHA1: | e615632c9998e4d3e5acd8851864ed09b02c77d2 |
SHA256: | e94781e3da02c7f1426fd23cbd0a375cceac8766fe79c8bc4d4458d6fe64697c |
SHA512: | c0d4f17a15cba1cd97e75598ade0e8f7acee9f77db22c891081b6d5e55552337ab8adc05d639a0128e2ed1c38157b289fa925bd54c6453c29823c4ae422af082 |
SSDEEP: | 768:TmVQsnZgS+zTFDWF51Fc/AaIf2Ozprbs120mhhK7n0LTneAHJ/8lJh:TSQs+NzB+Hc/At+OVrNLe0LiWkD |
File Content Preview: | ....................................H...__PAGEZERO..............................................................__TEXT..........................................................__cfstring......__TEXT......................................................... |
Static Mach Info |
---|
General Information for header 1 | |
---|---|
Endian: | |
Size: | |
Architecture: | |
Filetype: | |
Nbr. of load commands: | |
Entry point: |
segment_command_64 aggregated: 3 |
---|
Name | Value |
---|---|
segname | __PAGEZERO |
vmaddr | 0x0 |
vmsize | 0xF0000000 |
fileoff | 0x0 |
filesize | 0x0 |
maxprot | 0x0 |
initprot | 0x0 |
nsects | 0 |
flags | 0x0 |
Name | Value | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
segname | __TEXT | ||||||||||||||||||
vmaddr | 0xF0000000 | ||||||||||||||||||
vmsize | 0xB000 | ||||||||||||||||||
fileoff | 0x0 | ||||||||||||||||||
filesize | 0xB000 | ||||||||||||||||||
maxprot | 0x7 | ||||||||||||||||||
initprot | 0x5 | ||||||||||||||||||
nsects | 1 | ||||||||||||||||||
flags | 0x0 | ||||||||||||||||||
Datas |
|
Name | Value |
---|---|
segname | __LINKEDIT |
vmaddr | 0xF000B000 |
vmsize | 0x1000 |
fileoff | 0xB000 |
filesize | 0xB48 |
maxprot | 0x7 |
initprot | 0x5 |
nsects | 0 |
flags | 0x0 |
version_min_command aggregated: 1 |
---|
Name | Value |
---|---|
version | 656896 |
sdk | 656896 |
thread_command aggregated: 1 |
---|
Name | Value |
---|---|
flavor | 4 |
count | 42 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2020 10:55:52.626899958 CEST | 49236 | 80 | 192.168.0.50 | 17.253.57.207 |
Oct 14, 2020 10:55:52.627125025 CEST | 49237 | 80 | 192.168.0.50 | 2.20.85.115 |
Oct 14, 2020 10:55:52.635431051 CEST | 80 | 49236 | 17.253.57.207 | 192.168.0.50 |
Oct 14, 2020 10:55:52.635894060 CEST | 49236 | 80 | 192.168.0.50 | 17.253.57.207 |
Oct 14, 2020 10:55:52.647068977 CEST | 80 | 49237 | 2.20.85.115 | 192.168.0.50 |
Oct 14, 2020 10:55:52.647546053 CEST | 49237 | 80 | 192.168.0.50 | 2.20.85.115 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2020 10:57:15.720314980 CEST | 51908 | 53 | 192.168.0.50 | 8.8.8.8 |
Oct 14, 2020 10:57:15.735826015 CEST | 53 | 51908 | 8.8.8.8 | 192.168.0.50 |
System Behavior |
---|
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | n/a |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /Users/henry/Desktop/x03hxefIsS |
Arguments: | /Users/henry/Desktop/x03hxefIsS |
File size: | 47944 bytes |
MD5 hash: | 06334cb14c1512bf2794af8dae5ab357 |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /usr/sbin/system_profiler |
Arguments: | system_profiler SPHardwareDataType |
File size: | 45472 bytes |
MD5 hash: | 28bae8e36d2b8a65b50a54ee327298b8 |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /usr/sbin/system_profiler |
Arguments: | n/a |
File size: | 45472 bytes |
MD5 hash: | 28bae8e36d2b8a65b50a54ee327298b8 |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:28 |
Start date: | 14/10/2020 |
Path: | /usr/bin/awk |
Arguments: | awk /Boot ROM Version/ {split($0, line, ':') printf('%s', line[2]) } |
File size: | 112592 bytes |
MD5 hash: | fa9db7f6c4a0287ceb78a3bd34524ada |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /usr/sbin/ioreg |
Arguments: | ioreg -l |
File size: | 45040 bytes |
MD5 hash: | c728ee7d6c0e4941de5ab855a856f473 |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /usr/bin/grep |
Arguments: | grep -e Manufacturer |
File size: | 33936 bytes |
MD5 hash: | 2b3efb273296881708ea2914c612e0eb |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:29 |
Start date: | 14/10/2020 |
Path: | /bin/sleep |
Arguments: | sleep 2 |
File size: | 18080 bytes |
MD5 hash: | cd4336ba78cb5b78f50d0f935036c332 |
General |
---|
Start time: | 10:55:31 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:31 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:31 |
Start date: | 14/10/2020 |
Path: | /usr/sbin/sysctl |
Arguments: | sysctl hw.model |
File size: | 60608 bytes |
MD5 hash: | dc0558d3d932acb68af969ace5df58cc |
General |
---|
Start time: | 10:55:31 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:31 |
Start date: | 14/10/2020 |
Path: | /bin/sleep |
Arguments: | sleep 2 |
File size: | 18080 bytes |
MD5 hash: | cd4336ba78cb5b78f50d0f935036c332 |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /usr/sbin/ioreg |
Arguments: | ioreg -rd1 -c IOPlatformExpertDevice |
File size: | 45040 bytes |
MD5 hash: | c728ee7d6c0e4941de5ab855a856f473 |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /usr/bin/awk |
Arguments: | awk /IOPlatformSerialNumber/ { split($0, line, '\'') printf('%s', line[4]) } |
File size: | 112592 bytes |
MD5 hash: | fa9db7f6c4a0287ceb78a3bd34524ada |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /usr/bin/touch |
Arguments: | touch -t 1504231000 /Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e/pivtoken.appex |
File size: | 23376 bytes |
MD5 hash: | 4aacabad02929f18b00a9b6ef85e0605 |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /usr/bin/sw_vers |
Arguments: | sw_vers -productVersion |
File size: | 18848 bytes |
MD5 hash: | d33f7f9efd4158694d0d58879b54f89d |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:33 |
Start date: | 14/10/2020 |
Path: | /usr/bin/uname |
Arguments: | uname -m |
File size: | 18416 bytes |
MD5 hash: | b1c1eadf36eaaad76210c21573f65b47 |
General |
---|
Start time: | 10:55:49 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:49 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:49 |
Start date: | 14/10/2020 |
Path: | /usr/bin/sw_vers |
Arguments: | sw_vers -productVersion |
File size: | 18848 bytes |
MD5 hash: | d33f7f9efd4158694d0d58879b54f89d |
General |
---|
Start time: | 10:55:49 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:49 |
Start date: | 14/10/2020 |
Path: | /bin/sh |
Arguments: | n/a |
File size: | 618512 bytes |
MD5 hash: | 8aa60b22a5d30418a002b340989384dc |
General |
---|
Start time: | 10:55:49 |
Start date: | 14/10/2020 |
Path: | /usr/bin/uname |
Arguments: | uname -m |
File size: | 18416 bytes |
MD5 hash: | b1c1eadf36eaaad76210c21573f65b47 |