Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pwm_3.3.1.1_x86-64.dmg
|
bzip2 compressed data, block size = 100k
|
initial sample
|
||
|
/Users/berri/.pwminder/log/PWMinder.log
|
ASCII text
|
dropped
|
||
|
/dev/null
|
ASCII text
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/hsperfdata_berri/901
|
data
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10219926841058769522.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10224466244630806701.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10459773673903316017.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio12938241649503612607.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13412971084950237612.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13578127288510142521.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio16244522733088286171.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2086714674483719818.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio216252107100245977.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2223170928174613939.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2999633974807869622.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio3815422977875359551.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5224863052943678154.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5352537162059109128.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6164943713436445280.tmp
|
GIF image data, version 89a, 9 x 9
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6359674507834563537.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6665906469700978227.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7103516844854627969.tmp
|
GIF image data, version 89a, 9 x 9
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7212544972120051578.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9716126586112586483.tmp
|
GIF image data, version 89a, 32 x 32
|
dropped
|
||
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9745765645810963695.tmp
|
GIF image data, version 89a, 9 x 9
|
dropped
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
|
n/a
|
||
|
/usr/bin/open
|
|||
|
/usr/libexec/xpcproxy
|
n/a
|
||
|
/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
|
/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
etappservices.appspot.com
|
142.250.186.148
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
88.221.168.210
|
unknown
|
European Union
|
||
|
142.250.186.148
|
etappservices.appspot.com
|
United States
|