Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

macOS Analysis Report
pwm_3.3.1.1_x86-64.dmg

Overview

General Information

Sample Name:pwm_3.3.1.1_x86-64.dmg
Analysis ID:752916
MD5:26e236876eb64279f77d118fbac3f06d
SHA1:5519ff231aedc7394c5dd350b0b6058f253874c7
SHA256:bd03a05dc21fa6ed0a3b35165df535896966f0f28279e07e7934d5e9e9ade8d8
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false

Signatures

Reads the systems hostname
Reads hardware related sysctl values
Creates hidden files, links and/or directories
Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)
Reads the systems OS release and/or type
Reads launchservices plist files

Classification

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:752916
Start date and time:2022-11-24 01:26:02 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 17s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:pwm_3.3.1.1_x86-64.dmg
Cookbook file name:defaultmacfilecookbook.jbs
Analysis system description:Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:default
Detection:CLEAN
Classification:clean3.macDMG@0/24@2/0

Warnings

  • Excluded domains from analysis (whitelisted): local

Runtime Messages

Command:open "/Volumes/PWMinder_3.3.1.1/PWMinder.app"
PID:900
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • System is macvm-highsierra
  • open (MD5: 40ed6d8f35c9f20484b97582d296398f) Arguments:
  • PWMinder (MD5: 98e481ba3862913413a1ac1b7c00b45c) Arguments: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
  • cleanup

Yara Signatures

No yara matches

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownDNS traffic detected: queries for: etappservices.appspot.com
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Writes from socket in process: dataJump to behavior
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.15.202
Source: unknownTCP traffic detected without corresponding DNS query: 88.221.168.210
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.15.202
Source: unknownTCP traffic detected without corresponding DNS query: 88.221.168.210
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownHTTP traffic detected: POST /expiryCheck HTTP/1.1Content-Type: application/x-www-form-urlencodedContent-Length: 168Host: etappservices.appspot.comConnection: Keep-AliveUser-Agent: Apache-HttpClient/4.5.13 (Java/17.0.5)Accept-Encoding: gzip,deflateData Raw: 61 70 70 6c 69 63 61 74 69 6f 6e 49 64 3d 30 26 61 70 70 6c 69 63 61 74 69 6f 6e 56 65 72 69 6f 6e 3d 33 2e 33 2e 31 26 6f 70 65 72 61 74 69 6e 67 53 79 73 74 65 6d 3d 4d 61 63 2b 4f 53 2b 58 2b 25 32 38 31 30 2e 31 33 2e 32 25 32 39 26 6d 61 63 68 69 6e 65 55 69 64 3d 66 30 34 32 63 64 35 37 31 61 39 65 62 35 66 39 63 34 62 31 65 36 39 34 64 63 61 31 38 64 36 66 26 65 78 70 69 72 79 54 69 6d 65 73 74 61 6d 70 3d 31 36 37 31 38 34 35 32 38 35 33 39 36 26 61 73 73 75 6d 65 64 46 74 75 3d 74 72 75 65 Data Ascii: applicationId=0&applicationVerion=3.3.1&operatingSystem=Mac+OS+X+%2810.13.2%29&machineUid=f042cd571a9eb5f9c4b1e694dca18d6f&expiryTimestamp=1671845285396&assumedFtu=true
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Reads from socket in process: dataJump to behavior
Source: classification engineClassification label: clean3.macDMG@0/24@2/0
Source: pwm_3.3.1.1_x86-64.dmgBinary or memory string: !eL.VbP
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Hidden Directory created: /Users/berri/.pwminder -> /Users/berri/.pwminderJump to behavior
Source: /usr/bin/open (PID: 900)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plistJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Random device file read: /dev/urandomJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Random device file read: /dev/urandomJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Random device file read: /dev/randomJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Log file created: /Users/berri/.pwminder/log/PWMinder.logJump to dropped file
Source: submissionCodeSign Info: Executable=/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl read request: kern.safeboot (1.66)Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl requested: kern.hostname (1.10)Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl read request: hw.ncpu (6.3)Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl read request: hw.memsize (6.24)Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl read request: hw.availcpu (6.25)Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl requested: kern.ostype (1.1)Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)Sysctl requested: kern.osrelease (1.2)Jump to behavior
Source: /usr/bin/open (PID: 900)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Invalid Code Signature		OS Credential Dumping51
System Information Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
Non-Application Layer Protocol		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Code Signing		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Hidden Files and Directories		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


cam-macmac-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
pwm_3.3.1.1_x86-64.dmg0%VirustotalBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
etappservices.appspot.com
142.250.186.148
truefalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    88.221.168.210
    		unknownEuropean Union
    		16625AKAMAI-ASUSfalse
    142.250.186.148
    		etappservices.appspot.comUnited States
    		15169GOOGLEUSfalse

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
    88.221.168.210Agreement#7176.htmlGet hashmaliciousBrowse
      https://go.findservice.xyzGet hashmaliciousBrowse
        https://fmovies.toGet hashmaliciousBrowse
          Zotero-6.0.18.dmgGet hashmaliciousBrowse
            https://tastelesstrees.comGet hashmaliciousBrowse
              https://view-resolution.constantcontactsites.com/?&=https://www.paypal.com/us/smarthelpGet hashmaliciousBrowse
                hpYM7cGC0h.zipGet hashmaliciousBrowse
                  http://wazusoft.comGet hashmaliciousBrowse
                    https://frameboxxindore.com/linux/how-do-i-find-my-linux-shell-name.htmlGet hashmaliciousBrowse
                      .crowdstrike_checkGet hashmaliciousBrowse
                        https://downloads-mystream.com/en_us/unlock-content-now?&subid=5b05730c-37b5-4b29-9436-7d163f42520b&networkid=200347&publisher=39f60e66&isNewTr=1&stream=Get hashmaliciousBrowse
                          http://sti.listeningvoice.homes#RWILLIAM@CO.MONMOUTH.NJ.USGet hashmaliciousBrowse
                            WormholeInstaller.dmgGet hashmaliciousBrowse
                              VCxm8QutNAGet hashmaliciousBrowse
                                https://paper.li/41i0IyhsDU2LHUTTqmDaP/story/ap-ausdredge-VBjAsEzkfIUV7miNpzaCiGet hashmaliciousBrowse
                                  https://us03.bizGet hashmaliciousBrowse
                                    https://packaddranew.com/rqCYGet hashmaliciousBrowse
                                      ag8uJdXEiiGet hashmaliciousBrowse
                                        NUqbJaMswgGet hashmaliciousBrowse

                                          Domains

                                          No context

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          AKAMAI-ASUSsmShnU1y9O.elfGet hashmaliciousBrowse
                                          • 92.122.166.219
                                          3y849k7eIG.elfGet hashmaliciousBrowse
                                          • 23.64.208.90
                                          http://scan.cyberessentials.online/usersc/testfiles/macro/CEPlus.xlsmGet hashmaliciousBrowse
                                          • 88.221.168.226
                                          5Aa4A98Heg.elfGet hashmaliciousBrowse
                                          • 184.31.203.165
                                          tmpl.dllGet hashmaliciousBrowse
                                          • 88.221.168.226
                                          file.exeGet hashmaliciousBrowse
                                          • 23.79.157.152
                                          awloxssfqq.exeGet hashmaliciousBrowse
                                          • 88.221.168.226
                                          PSlc8imSQa.elfGet hashmaliciousBrowse
                                          • 95.101.248.38
                                          https://adobe-com-sign-doc-auth-doc27239922-corpora.myportfolio.com/Get hashmaliciousBrowse
                                          • 2.19.126.198
                                          https://cardinalbuildinggroupnet-my.sharepoint.com/:o:/g/personal/rmontoya_cardinalbuildinggroup_net/Eu8Tq7NK5ORIirWkb0cktjIBewplLifSVgUojRtM-A6Orw?e=BmVKipGet hashmaliciousBrowse
                                          • 88.221.169.199
                                          https://www.asap-utilities.com/Get hashmaliciousBrowse
                                          • 88.221.168.226
                                          https://cavalierford-my.sharepoint.com/:f:/p/kpribesh/EhvWT8zYVaFHm1c0KFcGoj4Bj5O3fHHWe3QHIHgVB_ewUA?e=phLikDGet hashmaliciousBrowse
                                          • 88.221.169.199
                                          file.exeGet hashmaliciousBrowse
                                          • 92.122.38.31
                                          file.exeGet hashmaliciousBrowse
                                          • 2.19.147.45
                                          OSKO.HTMLGet hashmaliciousBrowse
                                          • 88.221.168.245
                                          Agreement#7176.htmlGet hashmaliciousBrowse
                                          • 88.221.168.210
                                          1REffCATuE.exeGet hashmaliciousBrowse
                                          • 23.211.4.90
                                          01z4dXu6Nk.elfGet hashmaliciousBrowse
                                          • 23.33.77.103
                                          bh9DbiHRvz.elfGet hashmaliciousBrowse
                                          • 104.101.138.184
                                          ibdo3Uz0Kc.elfGet hashmaliciousBrowse
                                          • 104.81.131.160

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          /Users/berri/.pwminder/log/PWMinder.log

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):2330
                                          Entropy (8bit):4.226110881195929
                                          Encrypted:false
                                          SSDEEP:24:VmPpK43I2o4mBVLMKML0Op6ZoStz3BtV6tL:VmxrI77BVAlL0Op6Z/tXVGL
                                          MD5:9FA50D77023B581571559014E07D0ECF
                                          SHA1:4D82EA3E2395C964A1B0F1959F935F3D14F4A6D5
                                          SHA-256:6AB1E0EB70B3EF28A355872C03598DA925D33DF3B3DCCFF051058DDC4417EC15
                                          SHA-512:143DCF274CA740D7BA929E737FC3DE8D8DD75DFB22B5A1EDF9EF8186531F5F9BD77C25DB00DFC2697D5F79B415D1FE6C8050FB243089115A2D1CE1FFDF957871
                                          Malicious:false
                                          Reputation:low
                                          Preview:2022-11-24 02:28:03.639 CET INFO ca.ewert.pwMinder.MainProgram(main:2189).Message: "Starting PWMinder version: 3.3.1, build: 3.3.1.1".-------------------------------------------------------------------------------.2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2190).Message: "Operating System: Mac OS X (10.13.2)".-------------------------------------------------------------------------------.2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2191).Message: "Java JRE Version: 17.0.5".-------------------------------------------------------------------------------.2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2192).Message: "Java JRE Vendor: Azul Systems, Inc.".-------------------------------------------------------------------------------.2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2193).Message: "Java JRE Home: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/runtime/Contents/Home".--------------

                                          /dev/null

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):1554
                                          Entropy (8bit):5.387669698088783
                                          Encrypted:false
                                          SSDEEP:24:CFLymPp4u3I0bi4mYisiLMnAiL0NWpknUKz3BtV6txV+6Ac:CBymx4iICi7YisiAAiL0Qpu7XVGxI4
                                          MD5:CCFCB0B67D8546EE6284AA9FCD6BB116
                                          SHA1:AB0F40DFDE13EAA0626F05D60336F3D13A121B79
                                          SHA-256:98061827B4A4B51922A620D0BCD46CDFDDDD3CC83BC0C98DB8B9A05FD13063B9
                                          SHA-512:7B589A9FF4F442CC1A6802A3A7CC96C781AB91DC2ABDAA9D6B5013BD471C16235B9F2A415032FDD623BAE8F875EA7A3C18B01F98E03D78C3109C6FF2C7CBA132
                                          Malicious:false
                                          Reputation:low
                                          Preview:Using default level from log configuration file..2022-11-24 02:28:03.639 CET INFO ca.ewert.pwMinder.MainProgram(main:2189) > "Starting PWMinder version: 3.3.1, build: 3.3.1.1".2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2190) > "Operating System: Mac OS X (10.13.2)".2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2191) > "Java JRE Version: 17.0.5".2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2192) > "Java JRE Vendor: Azul Systems, Inc.".2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2193) > "Java JRE Home: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/runtime/Contents/Home".2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2194) > "Java JRE Arch: x86_64".2022-11-24 02:28:03.673 CET INFO ca.ewert.pwMinder.MainProgram(main:2195) > "sun.java2d.d3d value: null".2022-11-24 02:28:03.679 CET INFO ca.ewert.pwMinder.MainProgram(main:2196) > "Locale: English (Switzerland)".202

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/hsperfdata_berri/901

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:7DEA362B3FAC8E00956A4952A3D4F474
                                          SHA1:05FE405753166F125559E7C9AC558654F107C7E9
                                          SHA-256:AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC
                                          SHA-512:1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:........

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10219926841058769522.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):135
                                          Entropy (8bit):6.0085163543859865
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlmqQyYs3zkHc3YiT6+BYyJ1xi7yRDoRe:NluXDjAqes36cf+nyJ1xBmRe
                                          MD5:973E211C65BC4D1B913ABE1EFC0FDA87
                                          SHA1:85855CE98B94F4CD0E341F1161435C23CFB11FE4
                                          SHA-256:9C28AE36A99253ACFF1B773C167CB37F86B7FB1C3F7EA336A564283046A49F77
                                          SHA-512:15710F614E5971B8D40050C2E7A192D95197B984BAECCCC7F90877C0C130E6F00A2057938458ADB458562DD0B0645C7E54C5C232F1C833FAE9BCB4C94AAA5B77
                                          Malicious:false
                                          Reputation:low
                                          Preview:GIF89a . ................!.......,.... . ...Y.............=..H......b.."*..MG6..7...d..j.i.c#.J.{.)1..6.Q..*<"9.....W........z...

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10224466244630806701.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):110
                                          Entropy (8bit):5.681584392961769
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlZlseyZBcwyE2iUB:NluXDjKey/cV
                                          MD5:C5B6E97C0A3AD985FAFB4100B3EC7A48
                                          SHA1:F19A7053B2CFB1694542F400ADB39DA6D03B1D76
                                          SHA-256:D256F259A88CCCF3477DB914BC5481CF30448F5F14AF72E98341576985EF46F8
                                          SHA-512:A65DBE271F1EBF5838A8F6DD747224BA37D0002FB9AE71B0E25A0B5F5E11637E93396E2CD6AFE25703939A0D05CD7A43EBE4C3983868980B2EFCE2A37EF084AF
                                          Malicious:false
                                          Reputation:low
                                          Preview:GIF89a . ................!.......,.... . ...@........4.{..Y3.x.'".Y.`9....&).am..^.<...b2..c|i.G.J..E.B...-...

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10459773673903316017.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):167
                                          Entropy (8bit):6.311163868825322
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlGKqJBc5UH6gqjCK7KdSttZ3x0Q2aBd3bsCngPSdfk/:NluXDjgKCBIUFukStt8ZGbsCgqdfk/
                                          MD5:52FD36B0B8FAE96A602EDD5AD182BF75
                                          SHA1:54DF664F7CDFDF7B33845031699081467907C764
                                          SHA-256:0A7393EF1EE4F2969915BAD38B35BDD71980109CA59D835278EA992E8246EFAC
                                          SHA-512:685D77F91BBADC9305FB1E7F0AECEF3E7795CA81F4640E895C5E89125A039411C4E2F4989006613FE5BE9E7F497641C5F5D6D7CE8C1E551013D039CBA649A416
                                          Malicious:false
                                          Reputation:low
                                          Preview:GIF89a . ................!.......,.... . ...y......T.&..[....!Y.id9.(P.....z.....iv.....]p;./x|I8J.S72....L. .F`.....Dej.X.He...~@......u..C2..g........x.hBH.P..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio12938241649503612607.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):93
                                          Entropy (8bit):5.302865421194932
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlo5qQqUVMMl+0lfCW:NluXDjC5q/UPlL0W
                                          MD5:72A7DEDE3D9214D98194E3BB75EB1972
                                          SHA1:5C0E9CEBBD0CCC42D1E618B47A65E278A2A4911C
                                          SHA-256:4F03A03AA0105A88ABD446FB27908787E9B4DC10E7BA6BF7D45BDA8F04E6DF3D
                                          SHA-512:B9D6EEF8935E6D2F61E7CC133F195AABBE01915CD49334345ED996EC5D8C9CAECCF7288E4EA57EF09120BFE32BD45A7B182F89F4BEC9D1F9460B0E08254ECD96
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . .../.............)|.@...*..Z.g............."...

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13412971084950237612.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):110
                                          Entropy (8bit):5.396780054217408
                                          Encrypted:false
                                          SSDEEP:3:Csl8pRD/wlHrvlReIqGDSEJVhdJVEP1H+m/:Nl8jDoqULVXJuP1H+W
                                          MD5:EC99D36A8AC6C648CDABCA70F6A0BC83
                                          SHA1:4093B2B4CE08F507935169D822AC02E555CDFADA
                                          SHA-256:B1B49DECEF7F459CEEAC2D815AFEDF00FF69D2BB31128613A06784AB9BFA0223
                                          SHA-512:37F3DE63B3D3DA9D6336EE877019CE4D70AA8ADF9C8032446D046343D655F77E007DDE50F73335A4A0E20A6A9908456E7FDC9E867ED387F48C1DDD08AC8BDBEC
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...@................(..@j.h.[.........{.S.`.U).2.=.....J....}...

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13578127288510142521.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):196
                                          Entropy (8bit):6.585002497773357
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlR53uqJBc5UH6gqKo4//CO711ENtlEpeQF9xLAHnhWXNtG8ll:NluXDjfBIUFM4/6BEcQF9t2AXW8/
                                          MD5:ED53FC949DDBDF4EADEFD9A87104122D
                                          SHA1:A0FB5F4CE1B159F2E989E7A3A6AE4B987BADAB7C
                                          SHA-256:1A7A76248AC7BB85BEF027B04FFA97190D51B0050D34CEA4AACD8EB15DC59A03
                                          SHA-512:9F4E92F051522879AE897AB9C8C18870FC85B1753D2DFF8104E65270EE12148B1146B33516A2263FA662B5F02A78405AF8AB0690E574713FFAD18FFD34BDCC55
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ..........T.&..[....!Y.id9.(P.....z......4.].Q..m.$..........1MX..........SQ.*t...U.n.vk.....dW....eH..U.%...t......6.g...3.)..(.bRjz..Z....J&[R..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio16244522733088286171.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):126
                                          Entropy (8bit):5.960786272431544
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlpqQqkDlcdoAsmrkhDAXIi224n:NluXDjOQqkDl6oAsmrka8/n
                                          MD5:642565FBC584D7DFD1F3C07A960C13B8
                                          SHA1:EFEC89BEE218E73EAC3601BBD158DC890B5E4CCE
                                          SHA-256:C8661EA4C44231232A9AABE491D76E372C55EE508917199A34E25A1EB70B0B84
                                          SHA-512:FD5D39A2CC4F9DC831AE99689B7BFAA1C1B6DE216D1A6CE8F593E7651E921CDE232D14F09F97015E07B6D4DC420BBE4FD20EDFE696A81AC965C94B187090BA5F
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...P............\x...@....(j.%...k:K...c...p*.....>..rD.@4..X..>-k.3\.....N....

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2086714674483719818.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):110
                                          Entropy (8bit):5.433143690581044
                                          Encrypted:false
                                          SSDEEP:3:Csl8pRD/wlHrvlReIqGDKH0/NFjUPRvepSh2YhPjZn:Nl8jDoqU20FiepSXV
                                          MD5:A218D502A65437F5EC01AB4C53ABA21B
                                          SHA1:657E1A7B42BCE3E7686B7352A3D910B10AC07C5E
                                          SHA-256:9A1563B281587FA7C3521F2EDE91C3B1F3EED931A5002855E660A1F7B1F5A306
                                          SHA-512:DF1EBC9906E7FFED8F31893822CBAEFD633DE09B1E3275FEAEAEE8A4F28AB5AB674E3FA3E7169A15F341EA148D4E493D20C5C02B4E6481D01F693319B67191AE
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...@...................(.[y..j........g6...\Aa.D.......J........

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio216252107100245977.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):119
                                          Entropy (8bit):5.5997507981039
                                          Encrypted:false
                                          SSDEEP:3:CslDae/XExlHrvleeI9a1dFrOdrGuYtObjQF9UHOdn:NlnUgm0dauYt0jQXUHOdn
                                          MD5:00913B549FE9528B8AF912CC7A0603D3
                                          SHA1:9E8782B0C01DCD65DBB7D2D52257683970F7ED2A
                                          SHA-256:DCB1E08CD60160E62454FFEB9F3B034B907EF941DF20E281F2D3CE628E8713DA
                                          SHA-512:AA80B5AAF6C349EC8329A75369B3C39AD2F793EA0CCA222DD6D36D277C3E1C41587FB819D32C7C0FC447FC3406D537D88A3BD2C44E0FFC5A2019E58F025F818C
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...I............`/.t....(..9..........F.....=Hn.,>.. .UC....U.B!.........

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2223170928174613939.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):114
                                          Entropy (8bit):5.485945277378447
                                          Encrypted:false
                                          SSDEEP:3:Csl8pRD/wlHrvl4WDthSBS9//J/OOabbtP8k:Nl8jDgt5nJGOa/D
                                          MD5:80A2A9FD43C81D00DABE8940739A09F9
                                          SHA1:872F19AB0D529168BA418AF53548AE87688FBD83
                                          SHA-256:80573875DA6572ABB6B35B943FB9442F52B1DFBFD7C7926EB0FA064349DA0E06
                                          SHA-512:D4A944BC422B536CCA4C84C0F5072739E07F1D85CDFB9A5BDB2ECC7BC58728400641694130686BF702963884948D6F8AB4D09A1FD8C0954A705431D9149D03EF
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...D...................@...N..j....F&......z!..R.]f.`N8z~.....j.....

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2999633974807869622.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):95
                                          Entropy (8bit):5.372695895024822
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXl2zh+Joi4Cv9nn:NluXDjczgoin
                                          MD5:41C538A5777BB007FF524FBB082EB7EA
                                          SHA1:B43180E06FFA68DA5F18C4F7106FE33B58D6CF8B
                                          SHA-256:18100D5483B6FF5FEDB9780C250F4C1E70E527DCF4CC8C99BB6EDD54DCA0F405
                                          SHA-512:0BEE24FE8D0E221729A695E3C557C3F272A37747E12516ADBE7145BE108DCF67C0CE20812C08BA5E218D853EA6A5DF277E4094D40D129D76D99551316B81358E
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...1............{)....cij.l.W\...8........8(..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio3815422977875359551.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):111
                                          Entropy (8bit):5.7238475101629165
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXluqQVJHtr37neui5mUrH1tc6w:NluXDjYq8JZ3DeRjDc6w
                                          MD5:CD1A29180A36D5315309DADE8891D7B1
                                          SHA1:EAB2138F9175211C6353224FFBBA28844CE7F38A
                                          SHA-256:E6C935C003CA1699B633A91427CA83F35B356E9F10414B2ED52899F53BAA958C
                                          SHA-512:BC58C66A96FCEB04D66EC05CB2D5A1A77B96E650A1CAB81C312F8180E89E0302F8E1FE69FB8043C6E66B385F5AB2A41A49882DCF7BF8B4D6E5F388368439D444
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...A.............&.PH."HN...&p..&b.K..i....CY.A3.":....H.....j!..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5224863052943678154.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):96
                                          Entropy (8bit):5.4498032792428415
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXl11uEYJTLZv15hH0RZ:NluXDjbATL5+RZ
                                          MD5:08C476ADA11D963F548AD67EB0932645
                                          SHA1:B1B7447B421106F8E9DD3D9A2A557DF3B4D426FA
                                          SHA-256:2DC300157DC87449F8B2853350C0BA0342ACD883105D2F835A3D0D7EB7E23F17
                                          SHA-512:38C1B8483E70CD2F9536EEB9FC7CA270A5A3806D4C6979631402693AD0D49AD1606B4844C1F0A2CF900A3ED3F89EDF851EFB2CB98FDAA67E2FD012A42FDD11F6
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...2.............)...._iv.,.p.nt...P.<..........

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5352537162059109128.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):143
                                          Entropy (8bit):6.08215826783237
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlGJ57nRl1LcqEewzDTPW+blOUTcSjT5Dl:NluXDjw37nRzL3KPWklO9+5
                                          MD5:1CE83B1F6B8C7D440F51FCD01C50F0EF
                                          SHA1:C78A3F9C36880ECD6DDA0B620342FD881309BAA6
                                          SHA-256:ECDE79A8A92EEE2026999F4ABBD55C9785DA57809A7CDE42EBC810E645AD3BBD
                                          SHA-512:679F36998223A927B69730D1EB9FA9C56F7C66786AC1280955B67C0E4D211740CE88A8FC986B19744BE20984CB57A2A70041285FF4B4D52B42C3C370F01416FB
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...a...(.<...S....y....Y..........>..Z6..ln.G......!..|V.6*2.>....4.....,.b.....q.>/........_..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6164943713436445280.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 9 x 9
                                          Category:dropped
                                          Size (bytes):286
                                          Entropy (8bit):5.069983861411434
                                          Encrypted:false
                                          SSDEEP:3:CMQRQ/gBEv7TTQQQKIBkta2913yf2CDDm1qslylBxlVgDEsFgICoOZtLf8bF:/QugaTcwICzyf2AKx0saIyTLEbF
                                          MD5:5500729E3245B4BC78ADDFA79EF43984
                                          SHA1:7F8E755B3D26D0100F3DD2057EDDFD02FB97C7D9
                                          SHA-256:BC288BD31CE5BD2013AD7FE24933EA69044BF94FCDED6010977FBF0566E2A922
                                          SHA-512:F25BA74A229CC0CBA0A75A96DB9E40F1CB98F1AF42CDA9EB2C1D2C5B5301F6D42D61A878E1A4BE7ACBA731AC5F4529FF4D245FF54A9E61340C242CA367A0F061
                                          Malicious:false
                                          Preview:GIF89a..........................................................................................................qqq]]]XXX....................................................................................!.....$.,..........<@.D.)n&...!h60....HT!..bA....m...s.`..6....'2..$.....D!..A.

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6359674507834563537.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):120
                                          Entropy (8bit):5.833281532802035
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlrqQEV3t3J+wH075Enl:NluXDj0Qut5zHA5Q
                                          MD5:A05F262CB23CFF803A0E7BDD235B819B
                                          SHA1:4E5E292C1ACAB061A628157D01025BD0C69E52C8
                                          SHA-256:A4858E4EE4C3EAE37C797603CBE4177576EDBDDA1486FA6FF56EABBC08825F1C
                                          SHA-512:6CF7C37EED4D3FC4CF26B86BCAA370427635EA4FB5CC9B800454901C4782705A087841EA22BA91FD1140582A1B05177A96BD5D492327A6B6C46F8DA405F81DF9
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...J............|..r..b ...y..p}@...<.5\.tn.... .....;...z=.Li.D.e;.......D..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6665906469700978227.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):94
                                          Entropy (8bit):5.352724114848712
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXl30QVhAiwAmniq4UU:NluXDjuQVlwdK1
                                          MD5:6D01A4C7AB5AC88FCF97B93217AB25D4
                                          SHA1:CD39486EC73155B3C4E1AB10B20C69262A09ECAB
                                          SHA-256:45CBC2F4469E0294737DDB777BA37C40DECAAB97161A1E421337BDB93B8EEAD6
                                          SHA-512:FF56D564A678283E973238F553576C2EF1A9C85326422EDC0673985A349A7CFAE1F604B6E7763C2202D31EF0AD6AFFF3379364DC9DBFB21CABBC2095DCB29B84
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...0.............(..'.^).%..Y.j.).]............Q..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7103516844854627969.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 9 x 9
                                          Category:dropped
                                          Size (bytes):288
                                          Entropy (8bit):5.004652300322183
                                          Encrypted:false
                                          SSDEEP:3:CMQRZhqE1r/JvSXhhmmyKLFERrQ//35AsOaRH21LylUrtuvExx09zqGkDg8jg3it:/QDThMxTyKOrm3q7rwvExOzqGeg4Akl
                                          MD5:DBEB6AC81C07D0B4E76000859309B1E5
                                          SHA1:69755A6C206C094E91CF5D1086B1D3BF0FC4C7C8
                                          SHA-256:9863E46319CAD2BD1A809C7DFAB7EE0A44667B25A9389543E18F04EA894A055A
                                          SHA-512:D89FF50C1528782D8CF17BEA294C7943D71FB32117B553DAE3349EADFFF7B784DC9B1A39ABEE39DDC3264E3756953B34DF35F0955026C7D20454E99EC68B6687
                                          Malicious:false
                                          Preview:GIF89a...........................................................................................tttsssooo___???"""..........................................................................................!.....#.,..........>....)n..B&RhF2..%.PX)...1.F .mw.y..].......D..T.x..!`|B"! ..A.

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7212544972120051578.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):149
                                          Entropy (8bit):6.200845213320675
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXl7MuIZPZwLfACCGH1hbGUXTpDQNLDO9Nvn:NluXDjJM5PZwJV1hxanOvP
                                          MD5:0F8E2C9B6E60429824D76F1D08F56EB0
                                          SHA1:9B3372A501E04CC847ACB4A0A56FB14F0E27A414
                                          SHA-256:671F63EB768753D4CC6F92F0C1C7405F7998337CD7D5605946C7852EAE06328F
                                          SHA-512:C58038EA614456EFE94D67C92BBE0F523D769518C9B2DFDFDE65204D7A77942723BED03CECEB9E2AC2FD364DE3774DC9976F12665FFE2DBB40A5BB3597C64F4C
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...g..........;...i..Z...x..f..*.....\+......P...g..cBf.8@>..`..V.Z.r6.f.......5^.{k...S..kwf.....(8HHX..

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9716126586112586483.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 32 x 32
                                          Category:dropped
                                          Size (bytes):124
                                          Entropy (8bit):5.837381308239729
                                          Encrypted:false
                                          SSDEEP:3:CslDa3X/7/xlXlPnSnBZ+DIbHgnekrK4r3YZ97dXGyul:NluXDj5XD8HgekZroDwH
                                          MD5:E76C48F0DB9AF83B03C31A5C074F0BE4
                                          SHA1:C3EB6C0B650386AC38716B1F41C48556B4D49855
                                          SHA-256:DCE5C691E91E35286CB27DA1C7BBA3938162184E743A1D6F1BC8EB3B1D925830
                                          SHA-512:B2F2B1256EB882C9586126F34B6645832C967A7505DF0BE347CD1252DF8DFC677096149C398CB8690449E29769C83A078C25808B9C8FF1C10273AE1DCF454976
                                          Malicious:false
                                          Preview:GIF89a . ................!.......,.... . ...N..............}.B7..H.....{.m9O.|{B)....!Q..0...krN2..V.f.&...Y.....N...

                                          /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9745765645810963695.tmp

                                          Download File
                                          Process:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File Type:GIF image data, version 89a, 9 x 9
                                          Category:dropped
                                          Size (bytes):184
                                          Entropy (8bit):5.752289627872439
                                          Encrypted:false
                                          SSDEEP:3:CMJoabQKtnnn8/bGPssFC3hhl8OEJ5trylsxlGqD1H6qX+r203OX8N1l:/m2QuABWCHuOE7tzjGqxas+r3Oyl
                                          MD5:6A3211DBC3E2ABB4208D58DDBAE780BB
                                          SHA1:74D6839C87CEE7D906FA9EAEF2A63FCDC8C24544
                                          SHA-256:7997AFB7530BD0CAB7D3677EE9F9FC9F1959E9246953896B3A4A235D76FA8128
                                          SHA-512:36175E16E4A7B6837A5AA5A4519E44DD829C8C5723E73B234DCCA4472060FAFC4B2943FF786FFCC9EE84CE591FDC23DE4EED17999708ADE08E0084DB034DFDD4
                                          Malicious:false
                                          Preview:GIF89a.....................................................................|||xxxnnnmmmaaaZZZ...............!.......,..........6..\Z.%.YUka.DIO-QS.0[.<.]o...|....h2 .....6$..AQ{8....

                                          Static File Info

                                          General

                                          File type:bzip2 compressed data, block size = 100k
                                          Entropy (8bit):7.999679567252431
                                          TrID:
                                          • Disk Image (Macintosh), bzip2 (12509/2) 80.61%
                                          • bzip2 compressed archive (3009/2) 19.39%
                                          File name:pwm_3.3.1.1_x86-64.dmg
                                          File size:72184045
                                          MD5:26e236876eb64279f77d118fbac3f06d
                                          SHA1:5519ff231aedc7394c5dd350b0b6058f253874c7
                                          SHA256:bd03a05dc21fa6ed0a3b35165df535896966f0f28279e07e7934d5e9e9ade8d8
                                          SHA512:ea476aa68f49632f0a4457b98549b9dbd881d1bc4d720c52734aaf6698176e1bc41f0b253808ee9a698900ae2b4cda07b135fefc9811bc223a3aea031ecd6fb3
                                          SSDEEP:1572864:7WAzO9n33sgIqk/kMl8TtlO1N2o/32H2avNZggwVJsYXZUk:KAIn33E/cMYQ1Mo/zavMHVJ9XZU
                                          TLSH:39F7337DA299A801CD958375E3DF1A264D110F73D5CAB98F167C3633A2F4279202AB37
                                          File Content Preview:BZh11AY&SY.z.V...F .......@.. .1...i...j:\.....N.$(....BZh11AY&SY+/.\.......P.@....BH....... .@... .u.=SA.....i...R..M.4....\g...(.^.d].\.*.....A..B.H.0H+........=.4C.....~.I...A...R.W...)...Y}j.BZh91AY&SY............x.Ib0.@P....@@...!.(..H.$..BL...*.j...

                                          CodeSign Information

                                          ["Executable=/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder","Identifier=ca.ewert.pwMinder","Format=app bundle with Mach-O thin (x86_64)","CodeDirectory v=20500 size=1405 flags=0x10000(???) hashes=35+5 location=embedded","OSPlatform=36","OSSDKVersion=659200","OSVersionMin=658432","Hash type=sha256 size=32","CandidateCDHash sha256=e7ec95472663656b285794f2766dcbf5604c768e","Hash choices=sha256","Page size=4096","CDHash=e7ec95472663656b285794f2766dcbf5604c768e","Signature size=8975","Authority=Developer ID Application: Victor Ewert (E8AGSEF5A4)","Authority=Developer ID Certification Authority","Authority=Apple Root CA","Timestamp=21 Nov 2022 at 19:26:25","Info.plist entries=18","TeamIdentifier=E8AGSEF5A4","Sealed Resources version=2 rules=13 files=170","Internal requirements count=1 size=180"]

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 24, 2022 01:27:06.156575918 CET4929380192.168.11.1117.253.15.202
                                          Nov 24, 2022 01:27:06.156810045 CET4929480192.168.11.1188.221.168.210
                                          Nov 24, 2022 01:27:06.164822102 CET804929317.253.15.202192.168.11.11
                                          Nov 24, 2022 01:27:06.165782928 CET4929380192.168.11.1117.253.15.202
                                          Nov 24, 2022 01:27:06.168482065 CET804929488.221.168.210192.168.11.11
                                          Nov 24, 2022 01:27:06.169320107 CET4929480192.168.11.1188.221.168.210
                                          Nov 24, 2022 01:28:06.725526094 CET4930280192.168.11.11142.250.186.148
                                          Nov 24, 2022 01:28:06.734603882 CET8049302142.250.186.148192.168.11.11
                                          Nov 24, 2022 01:28:06.735496998 CET4930280192.168.11.11142.250.186.148
                                          Nov 24, 2022 01:28:06.741548061 CET4930280192.168.11.11142.250.186.148
                                          Nov 24, 2022 01:28:06.750729084 CET8049302142.250.186.148192.168.11.11
                                          Nov 24, 2022 01:28:07.078432083 CET8049302142.250.186.148192.168.11.11
                                          Nov 24, 2022 01:28:07.079191923 CET4930280192.168.11.11142.250.186.148
                                          Nov 24, 2022 01:28:07.146462917 CET4930280192.168.11.11142.250.186.148
                                          Nov 24, 2022 01:28:07.157661915 CET8049302142.250.186.148192.168.11.11
                                          Nov 24, 2022 01:28:07.158380985 CET4930280192.168.11.11142.250.186.148

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 24, 2022 01:27:25.382214069 CET137137192.168.11.11192.168.11.255
                                          Nov 24, 2022 01:27:26.840518951 CET137137192.168.11.11192.168.11.255
                                          Nov 24, 2022 01:27:26.841058016 CET137137192.168.11.11192.168.11.255
                                          Nov 24, 2022 01:28:03.787105083 CET53606571.1.1.1192.168.11.11
                                          Nov 24, 2022 01:28:06.687371016 CET5564753192.168.11.111.1.1.1
                                          Nov 24, 2022 01:28:06.687822104 CET5158153192.168.11.111.1.1.1
                                          Nov 24, 2022 01:28:06.711705923 CET53556471.1.1.1192.168.11.11
                                          Nov 24, 2022 01:28:06.711785078 CET53515811.1.1.1192.168.11.11

                                          ICMP Packets

                                          TimestampSource IPDest IPChecksumCodeType
                                          Nov 24, 2022 01:28:03.790575027 CET192.168.11.111.1.1.1f6c(Port unreachable)Destination Unreachable

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Nov 24, 2022 01:28:06.687371016 CET192.168.11.111.1.1.10xbb2bStandard query (0)etappservices.appspot.comA (IP address)IN (0x0001)false
                                          Nov 24, 2022 01:28:06.687822104 CET192.168.11.111.1.1.10x3951Standard query (0)etappservices.appspot.com28IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Nov 24, 2022 01:28:06.711705923 CET1.1.1.1192.168.11.110xbb2bNo error (0)etappservices.appspot.com142.250.186.148A (IP address)IN (0x0001)false
                                          Nov 24, 2022 01:28:06.711785078 CET1.1.1.1192.168.11.110x3951No error (0)etappservices.appspot.com28IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • etappservices.appspot.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination Port
                                          0192.168.11.1149302142.250.186.14880
                                          TimestampkBytes transferredDirectionData
                                          Nov 24, 2022 01:28:06.741548061 CET2OUTPOST /expiryCheck HTTP/1.1
                                          Content-Type: application/x-www-form-urlencoded
                                          Content-Length: 168
                                          Host: etappservices.appspot.com
                                          Connection: Keep-Alive
                                          User-Agent: Apache-HttpClient/4.5.13 (Java/17.0.5)
                                          Accept-Encoding: gzip,deflate
                                          Data Raw: 61 70 70 6c 69 63 61 74 69 6f 6e 49 64 3d 30 26 61 70 70 6c 69 63 61 74 69 6f 6e 56 65 72 69 6f 6e 3d 33 2e 33 2e 31 26 6f 70 65 72 61 74 69 6e 67 53 79 73 74 65 6d 3d 4d 61 63 2b 4f 53 2b 58 2b 25 32 38 31 30 2e 31 33 2e 32 25 32 39 26 6d 61 63 68 69 6e 65 55 69 64 3d 66 30 34 32 63 64 35 37 31 61 39 65 62 35 66 39 63 34 62 31 65 36 39 34 64 63 61 31 38 64 36 66 26 65 78 70 69 72 79 54 69 6d 65 73 74 61 6d 70 3d 31 36 37 31 38 34 35 32 38 35 33 39 36 26 61 73 73 75 6d 65 64 46 74 75 3d 74 72 75 65
                                          Data Ascii: applicationId=0&applicationVerion=3.3.1&operatingSystem=Mac+OS+X+%2810.13.2%29&machineUid=f042cd571a9eb5f9c4b1e694dca18d6f&expiryTimestamp=1671845285396&assumedFtu=true
                                          Nov 24, 2022 01:28:07.078432083 CET2INHTTP/1.1 200 OK
                                          Content-Type: application/json;charset=utf-8
                                          X-Cloud-Trace-Context: be22f6daefd9ecbe5d280cd5dbe8f469;o=1
                                          Date: Thu, 24 Nov 2022 00:28:07 GMT
                                          Server: Google Frontend
                                          Content-Length: 112
                                          Data Raw: 7b 22 73 65 72 76 65 72 41 70 70 49 64 22 3a 22 65 74 61 70 70 73 65 72 76 69 63 65 73 22 2c 22 73 65 72 76 65 72 41 70 70 56 65 72 73 69 6f 6e 22 3a 22 31 31 32 22 2c 22 65 78 70 69 72 79 54 69 6d 65 73 74 61 6d 70 22 3a 31 36 36 35 32 35 37 39 34 36 39 34 30 2c 22 75 69 64 41 6c 72 65 61 64 79 45 78 69 73 74 73 22 3a 74 72 75 65 7d
                                          Data Ascii: {"serverAppId":"etappservices","serverAppVersion":"112","expiryTimestamp":1665257946940,"uidAlreadyExists":true}


                                          System Behavior

                                          General

                                          Start time:01:28:01
                                          Start date:24/11/2022
                                          Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
                                          Arguments:n/a
                                          File size:3722408 bytes
                                          MD5 hash:8910349f44a940d8d79318367855b236

                                          Chronological Activities

                                          General

                                          Start time:01:28:01
                                          Start date:24/11/2022
                                          Path:/usr/bin/open
                                          Arguments:
                                          File size:105952 bytes
                                          MD5 hash:40ed6d8f35c9f20484b97582d296398f

                                          Chronological Activities

                                          General

                                          Start time:01:28:01
                                          Start date:24/11/2022
                                          Path:/usr/libexec/xpcproxy
                                          Arguments:n/a
                                          File size:43488 bytes
                                          MD5 hash:d1bb9a4899f0af921e8188218b20d744

                                          Chronological Activities

                                          General

                                          Start time:01:28:01
                                          Start date:24/11/2022
                                          Path:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          Arguments:/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
                                          File size:160464 bytes
                                          MD5 hash:98e481ba3862913413a1ac1b7c00b45c

                                          Chronological Activities