Analysis Report TinkaOTP.dmg
Overview
General Information |
---|
Joe Sandbox Version: | 28.0.0 Lapis Lazuli |
Analysis ID: | 101851 |
Start date: | 06.05.2020 |
Start time: | 15:15:39 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 3m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | TinkaOTP.dmg |
Cookbook file name: | defaultmacfilecookbook.jbs |
Analysis system description: | Mac Mini, Mojave (Java JDK 11.0.4, Adobe Reader 2019.012.20034, Flash 32.0.0.223) |
Run name: | Potential for more IOCs and behavior |
Detection: | MAL |
Classification: | mal60.troj.evad.macDMG@0/4@0/0 |
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Threat | Detection | |
---|---|---|---|---|---|---|---|
Threshold | 60 | 0 - 100 | Report FP / FN | false | Dacls |
Classification Spiderchart |
---|
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Hidden Files and Directories21 | Launch Daemon1 | Masquerading1 | Credential Dumping | System Information Discovery51 | Application Deployment Software | Data from Local System | Data Compressed | Standard Cryptographic Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Replication Through Removable Media | Service Execution | Launch Daemon1 | Plist Modification1 | Hidden Files and Directories21 | Network Sniffing | Application Window Discovery | Remote Services | Data from Removable Media | Exfiltration Over Other Network Medium | Standard Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
External Remote Services | Windows Management Instrumentation | LC_LOAD_DYLIB Addition1 | Path Interception | Scripting1 | Input Capture | Query Registry | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Custom Cryptographic Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Drive-by Compromise | Scheduled Task | Plist Modification1 | DLL Search Order Hijacking | Plist Modification1 | Credentials in Files | System Network Configuration Discovery | Logon Scripts | Input Capture | Data Encrypted | Multiband Communication | SIM Card Swap | Premium SMS Toll Fraud | |
Exploit Public-Facing Application | Command-Line Interface | Launch Agent2 | File System Permissions Weakness | Masquerading | Account Manipulation | Remote System Discovery | Shared Webroot | Data Staged | Scheduled Transfer | Standard Cryptographic Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Signature Overview |
---|
Click to jump to signature section
Networking: |
---|
Connects to IPs without corresponding DNS lookups | Show sources |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: |
Uses HTTPS | Show sources |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
System Summary: |
---|
Classification label | Show sources |
Source: | Classification label: |
Persistence and Installation Behavior: |
---|
Executes hidden files | Show sources |
Source: | Hidden file executed: | Jump to behavior |
Writes Mach-O files to untypical directories | Show sources |
Source: | 64-bit Mach-O written to unusual path: | Jump to dropped file |
Changes permissions of written Mach-O files | Show sources |
Source: | Permissions modified for written 64-bit Mach-O /Users/ben/Library/.mina: | Jump to dropped file |
Creates hidden files, links and/or directories | Show sources |
Source: | Hidden File created: | Jump to behavior |
Executes commands using a shell command-line interpreter | Show sources |
Source: | Shell command executed: | Jump to behavior |
Executes the "chmod" command used to modify permissions | Show sources |
Source: | Chmod executable: | Jump to behavior |
Reads launchservices plist files | Show sources |
Source: | Launchservices plist file read: | Jump to behavior |
Reads user launchservices plist file containing default apps for corresponding file types | Show sources |
Source: | Preferences launchservices plist file read: | Jump to behavior |
Writes 64-bit Mach-O files to disk | Show sources |
Source: | File written: | Jump to dropped file |
Reads data from the local random generator | Show sources |
Source: | Random device file read: | Jump to behavior |
Uses AppleKeyboardLayouts bundle containing keyboard layouts | Show sources |
Source: | AppleKeyboardLayouts info plist opened: | Jump to behavior |
Writes property list (.plist) files to disk | Show sources |
Source: | XML plist file created: | Jump to dropped file |
Boot Survival: |
---|
Creates memory-persistent launch services | Show sources |
Source: | Launch agent/daemon created with KeepAlive and/or RunAtLoad, file created: | Jump to behavior |
Creates user-wide 'launchd' managed services aka launch agents | Show sources |
Source: | Launch agent created File created: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Creates hidden Mach-O files | Show sources |
Source: | Hidden Mach-O file written: | Jump to dropped file |
HIPS / PFW / Operating System Protection Evasion: |
---|
Reads the sysctl safe boot value (probably to check if the system is in safe boot mode) | Show sources |
Source: | Sysctl read request: | Jump to behavior |
Language, Device and Operating System Detection: |
---|
Reads hardware related sysctl values | Show sources |
Source: | Sysctl read request: | Jump to behavior |
Reads the systems hostname | Show sources |
Source: | Sysctl requested: | Jump to behavior |
Reads the system or server version plist file | Show sources |
Source: | System or server version plist file read: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Dacls RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Dacls RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Malware Configuration |
---|
No configs have been found |
---|
Signature Similarity |
---|
Samplename | Analysis ID | SHA256 | Similarity |
---|
Runtime Messages |
---|
Command: | open "/Volumes/TinkaOTP/TinkaOTP.app" --args |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
Behavior Graph |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dacls | Yara detected Dacls RAT | Joe Security |
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dacls | Yara detected Dacls RAT | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
unknown | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | /bin/cp |
File Type: | |
Size (bytes): | 673092 |
Entropy (8bit): | 6.231249849549832 |
Encrypted: | false |
MD5: | F05437D510287448325BAC98A1378DE1 |
SHA1: | FA3DEB60B8A2EAA29A7DCCF14BEE6ADAE81F442F |
SHA-256: | 846D8647D27A0D729DF40B13A644F3BFFDC95F6D0E600F2195C85628D59F1DC6 |
SHA-512: | 466999585E7B09E729DEF6E13C719B656BA7EE9CA43EA32C8FB3A6177DE81A75CAF9BD5EB0C0AC172C2B7FEA3C1AA57D10349FF98AAC472FE2FFAFDE8CD30165 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | /Users/ben/Library/.mina |
File Type: | |
Size (bytes): | 109164 |
Entropy (8bit): | 7.998274026308568 |
Encrypted: | true |
MD5: | 7D8B6456DC5E20AC49C280B784C085D1 |
SHA1: | D95B70DBE4BF55C9CEE6C433FD59187046C1011F |
SHA-256: | 8074471BCF8DAD702F5E0E7D7D112AD08D133E97A64D5CD97AD251AFE5DCE6A2 |
SHA-512: | C51E874A7986B467D7E01DC1891F01D21B3472AB5E442E1BA4D7D3754BEBF5DB7532C2D2FDF82C785AE424ACE40D14238023011D75F79BAB758EB8F9EAF1D59D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Users/ben/Library/.mina |
File Type: | |
Size (bytes): | 439 |
Entropy (8bit): | 5.230362728676761 |
Encrypted: | false |
MD5: | 5E7247AA69F17909F527D4871234F16B |
SHA1: | E50DECA8D0FD1B36620477CD8C1DC6C23836C566 |
SHA-256: | 5012C40ED7D3CE78A0759618FC7AD675CC19FF4A1460CE7B60F27BA85D366E5D |
SHA-512: | D49E5F3FAAA9893A69F5CB5B37D9CEC6AC4A67F546B6764940BF94936509EEA0312268AB10BA8B36E0DF0BB0E994A06BAE40687EBBF87FB406D328BCCCD05F15 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP |
File Type: | |
Size (bytes): | 66 |
Entropy (8bit): | 4.864480437829257 |
Encrypted: | false |
MD5: | 765D5321E46F1D94AB56E6712713C78E |
SHA1: | F7DCEE7B667AC451A5D9A29FF013A2F6C24AAE44 |
SHA-256: | 47263C3026CA7E650DFFC8D27112A3580B97EC52BC332B86E741D6E9D116B797 |
SHA-512: | C3B9E8657A1FBBA24656DB7C676F22D137A91D0C328D8EA765401F58D58CB954EFBFD79873C55D091D30CC124D96B92E0BC19B76D3C5CC61526A1A1A1DA15855 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
185.62.58.207 | Netherlands | 62370 | unknown | false | |
67.43.239.146 | Canada | 36666 | unknown | false |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.994558906989309 |
TrID: |
|
File name: | TinkaOTP.dmg |
File size: | 6462928 |
MD5: | 81f8f0526740b55fe484c42126cd8396 |
SHA1: | fe83d95afce63e935dbe22aef40a164cee34f4e5 |
SHA256: | 899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53 |
SHA512: | 751c2195a47d5e263ccfb860037ce32b5bc3c9ca516b9806a0cf1bae2af9742bcc3c9965218fd938e6c3eaa5a90081ece877aeec56f667477686daa3aeb6d77a |
SSDEEP: | 196608:py41rDVac5C/ohoS4AOPqIsuaB8jA5yqTZb:py4xD4HBASqIsBF |
File Content Preview: | x...!........&..h...h....... x...3X....=<...(...../..&.,&..-."..|^F.......Yy~...A..;uO.u..g..'...J.;... @....... @....... @....... @....... @....... @....... @....... @......uH..x.su.T.p..a``d.a``X....H.y.`7.B+A..P~....U<....<.4.....*...A.^..4 5..y......5 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2020 15:16:25.420222998 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.520539045 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:25.520975113 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.521297932 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.634637117 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:25.634663105 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:25.635191917 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.646831036 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.805166960 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:25.805373907 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.905936003 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:25.906196117 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:25.906235933 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:26.281728983 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:26.382430077 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:26.914593935 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:16:26.915062904 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:26.915129900 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:28.582882881 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:16:28.683532000 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:17:41.155874968 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:17:41.156137943 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:17:41.156182051 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:17:41.156224966 CEST | 49375 | 443 | 192.168.0.51 | 67.43.239.146 |
May 6, 2020 15:17:41.269670010 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:17:41.279517889 CEST | 443 | 49375 | 67.43.239.146 | 192.168.0.51 |
May 6, 2020 15:17:51.189356089 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.234394073 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.234823942 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.235049963 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.270240068 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.270263910 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.270637035 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.281897068 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.306356907 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.306710005 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.322312117 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.322710991 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.322791100 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.338289976 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.338706970 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.338766098 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.368772030 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
May 6, 2020 15:17:51.369188070 CEST | 49379 | 443 | 192.168.0.51 | 185.62.58.207 |
May 6, 2020 15:17:51.399929047 CEST | 443 | 49379 | 185.62.58.207 | 192.168.0.51 |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
May 6, 2020 15:16:25.634637117 CEST | 67.43.239.146 | 443 | 192.168.0.51 | 49375 | CN=uxusbtddbwgsz.org, OU=ZHL Co. Ltd, O=JLR Co. Ltd, L=Sampson, ST=Peoria, C=US | CN=uxusbtddbwgsz.org, OU=ZHL Co. Ltd, O=JLR Co. Ltd, L=Sampson, ST=Peoria, C=US | Sat Mar 21 06:44:21 CET 2020 | Tue Mar 19 06:44:21 CET 2030 | 771,49196-49195-49200-49199-159-158-52393-52392-52394-49191-49187-49192-49188-49162-49161-49172-49171-107-103-57-51-52244-52243-52245,13-11-10-23,25-24-23-21-19-16,0 | f8c52bdcd6feb46ef8a6d31d73ab457f |
May 6, 2020 15:17:51.270240068 CEST | 185.62.58.207 | 443 | 192.168.0.51 | 49379 | CN=bvwaewachdyzpb.org, OU=JPO Co. Ltd, O=VRZ Co. Ltd, L=St. Clair, ST=Manitowoc, C=US | CN=bvwaewachdyzpb.org, OU=JPO Co. Ltd, O=VRZ Co. Ltd, L=St. Clair, ST=Manitowoc, C=US | Sat Mar 21 00:48:59 CET 2020 | Tue Mar 19 00:48:59 CET 2030 | 771,49196-49195-49200-49199-159-158-52393-52392-52394-49191-49187-49192-49188-49162-49161-49172-49171-107-103-57-51-52244-52243-52245,13-11-10-23,25-24-23-21-19-16,0 | f8c52bdcd6feb46ef8a6d31d73ab457f |
System Behavior |
---|
General |
---|
Start time: | 15:16:23 |
Start date: | 06/05/2020 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 44048 bytes |
MD5 hash: | 4782e7ebd2985d32bc84f1f71c8f8fb7 |
General |
---|
Start time: | 15:16:23 |
Start date: | 06/05/2020 |
Path: | /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP |
Arguments: | /Volumes/TinkaOTP/TinkaOTP.app/Contents/MacOS/TinkaOTP |
File size: | 716832 bytes |
MD5 hash: | 02670c82d74d0362a5fafdf3f42904ef |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 618416 bytes |
MD5 hash: | 0313fd399b143fc40cd52a1679018305 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 618416 bytes |
MD5 hash: | 0313fd399b143fc40cd52a1679018305 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /bin/cp |
Arguments: | cp /Volumes/TinkaOTP/TinkaOTP.app/Contents/Resources/Base.lproj/SubMenu.nib /Users/ben/Library/.mina |
File size: | 29024 bytes |
MD5 hash: | b78b44666e242cb82db43e70116add92 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 618416 bytes |
MD5 hash: | 0313fd399b143fc40cd52a1679018305 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /bin/chmod |
Arguments: | chmod +x /Users/ben/Library/.mina |
File size: | 30016 bytes |
MD5 hash: | d7df83ea3a49de5d07e0c1730e910852 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /bin/bash |
Arguments: | n/a |
File size: | 618416 bytes |
MD5 hash: | 0313fd399b143fc40cd52a1679018305 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /Users/ben/Library/.mina |
Arguments: | /Users/ben/Library/.mina |
File size: | 673092 bytes |
MD5 hash: | f05437d510287448325bac98a1378de1 |
General |
---|
Start time: | 15:16:24 |
Start date: | 06/05/2020 |
Path: | /Users/ben/Library/.mina |
Arguments: | n/a |
File size: | 673092 bytes |
MD5 hash: | f05437d510287448325bac98a1378de1 |