Loading Joe Sandbox Report ...

Edit tour

macOS Analysis Report
pwm_3.3.1.1_x86-64.dmg

Overview

General Information

Sample Name:	pwm_3.3.1.1_x86-64.dmg
Analysis ID:	752916
MD5:	26e236876eb64279f77d118fbac3f06d
SHA1:	5519ff231aedc7394c5dd350b0b6058f253874c7
SHA256:	bd03a05dc21fa6ed0a3b35165df535896966f0f28279e07e7934d5e9e9ade8d8
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false

Signatures

Reads the systems hostname

Reads hardware related sysctl values

Creates hidden files, links and/or directories

Reads the sysctl safe boot value (probably to check if the system is in safe boot mode)

Reads the systems OS release and/or type

Reads launchservices plist files

Classification

×

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	752916
Start date and time:	2022-11-24 01:26:02 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 5m 17s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	pwm_3.3.1.1_x86-64.dmg
Cookbook file name:	defaultmacfilecookbook.jbs
Analysis system description:	Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:	default
Detection:	CLEAN
Classification:	clean3.macDMG@0/24@2/0

Warnings

Excluded domains from analysis (whitelisted): local

Runtime Messages

Command:	open "/Volumes/PWMinder_3.3.1.1/PWMinder.app"
PID:	900
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

System is macvm-highsierra

mono-sgen32 New Fork (PID: 900, Parent: 812)

open (MD5: 40ed6d8f35c9f20484b97582d296398f) Arguments:

xpcproxy New Fork (PID: 901, Parent: 1)

PWMinder (MD5: 98e481ba3862913413a1ac1b7c00b45c) Arguments: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

DNS traffic detected: queries for: etappservices.appspot.com

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

Writes from socket in process: data

Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.15.202
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.210
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.15.202
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.210
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

HTTP traffic detected: POST /expiryCheck HTTP/1.1Content-Type: application/x-www-form-urlencodedContent-Length: 168Host: etappservices.appspot.comConnection: Keep-AliveUser-Agent: Apache-HttpClient/4.5.13 (Java/17.0.5)Accept-Encoding: gzip,deflateData Raw: 61 70 70 6c 69 63 61 74 69 6f 6e 49 64 3d 30 26 61 70 70 6c 69 63 61 74 69 6f 6e 56 65 72 69 6f 6e 3d 33 2e 33 2e 31 26 6f 70 65 72 61 74 69 6e 67 53 79 73 74 65 6d 3d 4d 61 63 2b 4f 53 2b 58 2b 25 32 38 31 30 2e 31 33 2e 32 25 32 39 26 6d 61 63 68 69 6e 65 55 69 64 3d 66 30 34 32 63 64 35 37 31 61 39 65 62 35 66 39 63 34 62 31 65 36 39 34 64 63 61 31 38 64 36 66 26 65 78 70 69 72 79 54 69 6d 65 73 74 61 6d 70 3d 31 36 37 31 38 34 35 32 38 35 33 39 36 26 61 73 73 75 6d 65 64 46 74 75 3d 74 72 75 65 Data Ascii: applicationId=0&applicationVerion=3.3.1&operatingSystem=Mac+OS+X+%2810.13.2%29&machineUid=f042cd571a9eb5f9c4b1e694dca18d6f&expiryTimestamp=1671845285396&assumedFtu=true

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

Reads from socket in process: data

Source: classification engine

Classification label: clean3.macDMG@0/24@2/0

Source: pwm_3.3.1.1_x86-64.dmg

Binary or memory string: !eL.VbP

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

Hidden Directory created: /Users/berri/.pwminder -> /Users/berri/.pwminder

Jump to behavior

Source: /usr/bin/open (PID: 900)	Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plist			Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plist			Jump to behavior

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Random device file read: /dev/urandom			Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Random device file read: /dev/urandom			Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Random device file read: /dev/random			Jump to behavior

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

Log file created: /Users/berri/.pwminder/log/PWMinder.log

Jump to dropped file

Source: submission

CodeSign Info: Executable=/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

Sysctl read request: kern.safeboot (1.66)

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)

Sysctl requested: kern.hostname (1.10)

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Sysctl read request: hw.ncpu (6.3)
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Sysctl read request: hw.memsize (6.24)
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Sysctl read request: hw.availcpu (6.25)

Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Sysctl requested: kern.ostype (1.1)
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	Sysctl requested: kern.osrelease (1.2)

Source: /usr/bin/open (PID: 900)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior
Source: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder (PID: 901)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Invalid Code Signature	OS Credential Dumping	51 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Non-Application Layer Protocol	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Code Signing	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
pwm_3.3.1.1_x86-64.dmg	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
etappservices.appspot.com	142.250.186.148	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
88.221.168.210	unknown	European Union		16625	AKAMAI-ASUS	false
142.250.186.148	etappservices.appspot.com	United States		15169	GOOGLEUS	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/Users/berri/.pwminder/log/PWMinder.log

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	ASCII text
Category:	dropped
Size (bytes):	2330
Entropy (8bit):	4.226110881195929
Encrypted:	false
SSDEEP:	24:VmPpK43I2o4mBVLMKML0Op6ZoStz3BtV6tL:VmxrI77BVAlL0Op6Z/tXVGL
MD5:	9FA50D77023B581571559014E07D0ECF
SHA1:	4D82EA3E2395C964A1B0F1959F935F3D14F4A6D5
SHA-256:	6AB1E0EB70B3EF28A355872C03598DA925D33DF3B3DCCFF051058DDC4417EC15
SHA-512:	143DCF274CA740D7BA929E737FC3DE8D8DD75DFB22B5A1EDF9EF8186531F5F9BD77C25DB00DFC2697D5F79B415D1FE6C8050FB243089115A2D1CE1FFDF957871
Malicious:	false
Reputation:	low
Preview:	2022-11-24 02:28:03.639 CET INFO ca.ewert.pwMinder.MainProgram(main:2189).Message: "Starting PWMinder version: 3.3.1, build: 3.3.1.1".-------------------------------------------------------------------------------.2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2190).Message: "Operating System: Mac OS X (10.13.2)".-------------------------------------------------------------------------------.2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2191).Message: "Java JRE Version: 17.0.5".-------------------------------------------------------------------------------.2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2192).Message: "Java JRE Vendor: Azul Systems, Inc.".-------------------------------------------------------------------------------.2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2193).Message: "Java JRE Home: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/runtime/Contents/Home".--------------

/dev/null

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	ASCII text
Category:	dropped
Size (bytes):	1554
Entropy (8bit):	5.387669698088783
Encrypted:	false
SSDEEP:	24:CFLymPp4u3I0bi4mYisiLMnAiL0NWpknUKz3BtV6txV+6Ac:CBymx4iICi7YisiAAiL0Qpu7XVGxI4
MD5:	CCFCB0B67D8546EE6284AA9FCD6BB116
SHA1:	AB0F40DFDE13EAA0626F05D60336F3D13A121B79
SHA-256:	98061827B4A4B51922A620D0BCD46CDFDDDD3CC83BC0C98DB8B9A05FD13063B9
SHA-512:	7B589A9FF4F442CC1A6802A3A7CC96C781AB91DC2ABDAA9D6B5013BD471C16235B9F2A415032FDD623BAE8F875EA7A3C18B01F98E03D78C3109C6FF2C7CBA132
Malicious:	false
Reputation:	low
Preview:	Using default level from log configuration file..2022-11-24 02:28:03.639 CET INFO ca.ewert.pwMinder.MainProgram(main:2189) > "Starting PWMinder version: 3.3.1, build: 3.3.1.1".2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2190) > "Operating System: Mac OS X (10.13.2)".2022-11-24 02:28:03.671 CET INFO ca.ewert.pwMinder.MainProgram(main:2191) > "Java JRE Version: 17.0.5".2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2192) > "Java JRE Vendor: Azul Systems, Inc.".2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2193) > "Java JRE Home: /Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/runtime/Contents/Home".2022-11-24 02:28:03.672 CET INFO ca.ewert.pwMinder.MainProgram(main:2194) > "Java JRE Arch: x86_64".2022-11-24 02:28:03.673 CET INFO ca.ewert.pwMinder.MainProgram(main:2195) > "sun.java2d.d3d value: null".2022-11-24 02:28:03.679 CET INFO ca.ewert.pwMinder.MainProgram(main:2196) > "Locale: English (Switzerland)".202

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/hsperfdata_berri/901

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	7DEA362B3FAC8E00956A4952A3D4F474
SHA1:	05FE405753166F125559E7C9AC558654F107C7E9
SHA-256:	AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC
SHA-512:	1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC47EF0D9E2C924130E5BCC5F0D94937852C42F1B
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10219926841058769522.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	135
Entropy (8bit):	6.0085163543859865
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlmqQyYs3zkHc3YiT6+BYyJ1xi7yRDoRe:NluXDjAqes36cf+nyJ1xBmRe
MD5:	973E211C65BC4D1B913ABE1EFC0FDA87
SHA1:	85855CE98B94F4CD0E341F1161435C23CFB11FE4
SHA-256:	9C28AE36A99253ACFF1B773C167CB37F86B7FB1C3F7EA336A564283046A49F77
SHA-512:	15710F614E5971B8D40050C2E7A192D95197B984BAECCCC7F90877C0C130E6F00A2057938458ADB458562DD0B0645C7E54C5C232F1C833FAE9BCB4C94AAA5B77
Malicious:	false
Reputation:	low
Preview:	GIF89a . ................!.......,.... . ...Y.............=..H......b.."..MG6..7...d..j.i.c#.J.{.)1..6.Q..<"9.....W........z...

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10224466244630806701.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	110
Entropy (8bit):	5.681584392961769
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlZlseyZBcwyE2iUB:NluXDjKey/cV
MD5:	C5B6E97C0A3AD985FAFB4100B3EC7A48
SHA1:	F19A7053B2CFB1694542F400ADB39DA6D03B1D76
SHA-256:	D256F259A88CCCF3477DB914BC5481CF30448F5F14AF72E98341576985EF46F8
SHA-512:	A65DBE271F1EBF5838A8F6DD747224BA37D0002FB9AE71B0E25A0B5F5E11637E93396E2CD6AFE25703939A0D05CD7A43EBE4C3983868980B2EFCE2A37EF084AF
Malicious:	false
Reputation:	low
Preview:	GIF89a . ................!.......,.... . ...@........4.{..Y3.x.'".Y.`9....&).am..^.<...b2..c\|i.G.J..E.B...-...

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio10459773673903316017.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	167
Entropy (8bit):	6.311163868825322
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlGKqJBc5UH6gqjCK7KdSttZ3x0Q2aBd3bsCngPSdfk/:NluXDjgKCBIUFukStt8ZGbsCgqdfk/
MD5:	52FD36B0B8FAE96A602EDD5AD182BF75
SHA1:	54DF664F7CDFDF7B33845031699081467907C764
SHA-256:	0A7393EF1EE4F2969915BAD38B35BDD71980109CA59D835278EA992E8246EFAC
SHA-512:	685D77F91BBADC9305FB1E7F0AECEF3E7795CA81F4640E895C5E89125A039411C4E2F4989006613FE5BE9E7F497641C5F5D6D7CE8C1E551013D039CBA649A416
Malicious:	false
Reputation:	low
Preview:	GIF89a . ................!.......,.... . ...y......T.&..[....!Y.id9.(P.....z.....iv.....]p;./x\|I8J.S72....L. .F`.....Dej.X.He...~@......u..C2..g........x.hBH.P..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio12938241649503612607.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	93
Entropy (8bit):	5.302865421194932
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlo5qQqUVMMl+0lfCW:NluXDjC5q/UPlL0W
MD5:	72A7DEDE3D9214D98194E3BB75EB1972
SHA1:	5C0E9CEBBD0CCC42D1E618B47A65E278A2A4911C
SHA-256:	4F03A03AA0105A88ABD446FB27908787E9B4DC10E7BA6BF7D45BDA8F04E6DF3D
SHA-512:	B9D6EEF8935E6D2F61E7CC133F195AABBE01915CD49334345ED996EC5D8C9CAECCF7288E4EA57EF09120BFE32BD45A7B182F89F4BEC9D1F9460B0E08254ECD96
Malicious:	false
Preview:	GIF89a . ................!.......,.... . .../.............)\|.@...*..Z.g............."...

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13412971084950237612.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	110
Entropy (8bit):	5.396780054217408
Encrypted:	false
SSDEEP:	3:Csl8pRD/wlHrvlReIqGDSEJVhdJVEP1H+m/:Nl8jDoqULVXJuP1H+W
MD5:	EC99D36A8AC6C648CDABCA70F6A0BC83
SHA1:	4093B2B4CE08F507935169D822AC02E555CDFADA
SHA-256:	B1B49DECEF7F459CEEAC2D815AFEDF00FF69D2BB31128613A06784AB9BFA0223
SHA-512:	37F3DE63B3D3DA9D6336EE877019CE4D70AA8ADF9C8032446D046343D655F77E007DDE50F73335A4A0E20A6A9908456E7FDC9E867ED387F48C1DDD08AC8BDBEC
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...@................(..@j.h.[.........{.S.`.U).2.=.....J....}...

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio13578127288510142521.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	196
Entropy (8bit):	6.585002497773357
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlR53uqJBc5UH6gqKo4//CO711ENtlEpeQF9xLAHnhWXNtG8ll:NluXDjfBIUFM4/6BEcQF9t2AXW8/
MD5:	ED53FC949DDBDF4EADEFD9A87104122D
SHA1:	A0FB5F4CE1B159F2E989E7A3A6AE4B987BADAB7C
SHA-256:	1A7A76248AC7BB85BEF027B04FFA97190D51B0050D34CEA4AACD8EB15DC59A03
SHA-512:	9F4E92F051522879AE897AB9C8C18870FC85B1753D2DFF8104E65270EE12148B1146B33516A2263FA662B5F02A78405AF8AB0690E574713FFAD18FFD34BDCC55
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ..........T.&..[....!Y.id9.(P.....z......4.].Q..m.$..........1MX..........SQ.*t...U.n.vk.....dW....eH..U.%...t......6.g...3.)..(.bRjz..Z....J&[R..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio16244522733088286171.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	126
Entropy (8bit):	5.960786272431544
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlpqQqkDlcdoAsmrkhDAXIi224n:NluXDjOQqkDl6oAsmrka8/n
MD5:	642565FBC584D7DFD1F3C07A960C13B8
SHA1:	EFEC89BEE218E73EAC3601BBD158DC890B5E4CCE
SHA-256:	C8661EA4C44231232A9AABE491D76E372C55EE508917199A34E25A1EB70B0B84
SHA-512:	FD5D39A2CC4F9DC831AE99689B7BFAA1C1B6DE216D1A6CE8F593E7651E921CDE232D14F09F97015E07B6D4DC420BBE4FD20EDFE696A81AC965C94B187090BA5F
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...P............\x...@....(j.%...k:K...c...p*.....>..rD.@4..X..>-k.3\.....N....

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2086714674483719818.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	110
Entropy (8bit):	5.433143690581044
Encrypted:	false
SSDEEP:	3:Csl8pRD/wlHrvlReIqGDKH0/NFjUPRvepSh2YhPjZn:Nl8jDoqU20FiepSXV
MD5:	A218D502A65437F5EC01AB4C53ABA21B
SHA1:	657E1A7B42BCE3E7686B7352A3D910B10AC07C5E
SHA-256:	9A1563B281587FA7C3521F2EDE91C3B1F3EED931A5002855E660A1F7B1F5A306
SHA-512:	DF1EBC9906E7FFED8F31893822CBAEFD633DE09B1E3275FEAEAEE8A4F28AB5AB674E3FA3E7169A15F341EA148D4E493D20C5C02B4E6481D01F693319B67191AE
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...@...................(.[y..j........g6...\Aa.D.......J........

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio216252107100245977.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	119
Entropy (8bit):	5.5997507981039
Encrypted:	false
SSDEEP:	3:CslDae/XExlHrvleeI9a1dFrOdrGuYtObjQF9UHOdn:NlnUgm0dauYt0jQXUHOdn
MD5:	00913B549FE9528B8AF912CC7A0603D3
SHA1:	9E8782B0C01DCD65DBB7D2D52257683970F7ED2A
SHA-256:	DCB1E08CD60160E62454FFEB9F3B034B907EF941DF20E281F2D3CE628E8713DA
SHA-512:	AA80B5AAF6C349EC8329A75369B3C39AD2F793EA0CCA222DD6D36D277C3E1C41587FB819D32C7C0FC447FC3406D537D88A3BD2C44E0FFC5A2019E58F025F818C
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...I............`/.t....(..9..........F.....=Hn.,>.. .UC....U.B!.........

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2223170928174613939.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	114
Entropy (8bit):	5.485945277378447
Encrypted:	false
SSDEEP:	3:Csl8pRD/wlHrvl4WDthSBS9//J/OOabbtP8k:Nl8jDgt5nJGOa/D
MD5:	80A2A9FD43C81D00DABE8940739A09F9
SHA1:	872F19AB0D529168BA418AF53548AE87688FBD83
SHA-256:	80573875DA6572ABB6B35B943FB9442F52B1DFBFD7C7926EB0FA064349DA0E06
SHA-512:	D4A944BC422B536CCA4C84C0F5072739E07F1D85CDFB9A5BDB2ECC7BC58728400641694130686BF702963884948D6F8AB4D09A1FD8C0954A705431D9149D03EF
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...D...................@...N..j....F&......z!..R.]f.`N8z~.....j.....

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio2999633974807869622.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	95
Entropy (8bit):	5.372695895024822
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXl2zh+Joi4Cv9nn:NluXDjczgoin
MD5:	41C538A5777BB007FF524FBB082EB7EA
SHA1:	B43180E06FFA68DA5F18C4F7106FE33B58D6CF8B
SHA-256:	18100D5483B6FF5FEDB9780C250F4C1E70E527DCF4CC8C99BB6EDD54DCA0F405
SHA-512:	0BEE24FE8D0E221729A695E3C557C3F272A37747E12516ADBE7145BE108DCF67C0CE20812C08BA5E218D853EA6A5DF277E4094D40D129D76D99551316B81358E
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...1............{)....cij.l.W\...8........8(..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio3815422977875359551.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	111
Entropy (8bit):	5.7238475101629165
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXluqQVJHtr37neui5mUrH1tc6w:NluXDjYq8JZ3DeRjDc6w
MD5:	CD1A29180A36D5315309DADE8891D7B1
SHA1:	EAB2138F9175211C6353224FFBBA28844CE7F38A
SHA-256:	E6C935C003CA1699B633A91427CA83F35B356E9F10414B2ED52899F53BAA958C
SHA-512:	BC58C66A96FCEB04D66EC05CB2D5A1A77B96E650A1CAB81C312F8180E89E0302F8E1FE69FB8043C6E66B385F5AB2A41A49882DCF7BF8B4D6E5F388368439D444
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...A.............&.PH."HN...&p..&b.K..i....CY.A3.":....H.....j!..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5224863052943678154.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	96
Entropy (8bit):	5.4498032792428415
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXl11uEYJTLZv15hH0RZ:NluXDjbATL5+RZ
MD5:	08C476ADA11D963F548AD67EB0932645
SHA1:	B1B7447B421106F8E9DD3D9A2A557DF3B4D426FA
SHA-256:	2DC300157DC87449F8B2853350C0BA0342ACD883105D2F835A3D0D7EB7E23F17
SHA-512:	38C1B8483E70CD2F9536EEB9FC7CA270A5A3806D4C6979631402693AD0D49AD1606B4844C1F0A2CF900A3ED3F89EDF851EFB2CB98FDAA67E2FD012A42FDD11F6
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...2.............)...._iv.,.p.nt...P.<..........

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio5352537162059109128.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	143
Entropy (8bit):	6.08215826783237
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlGJ57nRl1LcqEewzDTPW+blOUTcSjT5Dl:NluXDjw37nRzL3KPWklO9+5
MD5:	1CE83B1F6B8C7D440F51FCD01C50F0EF
SHA1:	C78A3F9C36880ECD6DDA0B620342FD881309BAA6
SHA-256:	ECDE79A8A92EEE2026999F4ABBD55C9785DA57809A7CDE42EBC810E645AD3BBD
SHA-512:	679F36998223A927B69730D1EB9FA9C56F7C66786AC1280955B67C0E4D211740CE88A8FC986B19744BE20984CB57A2A70041285FF4B4D52B42C3C370F01416FB
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...a...(.<...S....y....Y..........>..Z6..ln.G......!..\|V.6*2.>....4.....,.b.....q.>/........_..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6164943713436445280.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 9 x 9
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.069983861411434
Encrypted:	false
SSDEEP:	3:CMQRQ/gBEv7TTQQQKIBkta2913yf2CDDm1qslylBxlVgDEsFgICoOZtLf8bF:/QugaTcwICzyf2AKx0saIyTLEbF
MD5:	5500729E3245B4BC78ADDFA79EF43984
SHA1:	7F8E755B3D26D0100F3DD2057EDDFD02FB97C7D9
SHA-256:	BC288BD31CE5BD2013AD7FE24933EA69044BF94FCDED6010977FBF0566E2A922
SHA-512:	F25BA74A229CC0CBA0A75A96DB9E40F1CB98F1AF42CDA9EB2C1D2C5B5301F6D42D61A878E1A4BE7ACBA731AC5F4529FF4D245FF54A9E61340C242CA367A0F061
Malicious:	false
Preview:	GIF89a..........................................................................................................qqq]]]XXX....................................................................................!.....$.,..........<@.D.)n&...!h60....HT!..bA....m...s.`..6....'2..$.....D!..A.

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6359674507834563537.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	120
Entropy (8bit):	5.833281532802035
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlrqQEV3t3J+wH075Enl:NluXDj0Qut5zHA5Q
MD5:	A05F262CB23CFF803A0E7BDD235B819B
SHA1:	4E5E292C1ACAB061A628157D01025BD0C69E52C8
SHA-256:	A4858E4EE4C3EAE37C797603CBE4177576EDBDDA1486FA6FF56EABBC08825F1C
SHA-512:	6CF7C37EED4D3FC4CF26B86BCAA370427635EA4FB5CC9B800454901C4782705A087841EA22BA91FD1140582A1B05177A96BD5D492327A6B6C46F8DA405F81DF9
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...J............\|..r..b ...y..p}@...<.5\.tn.... .....;...z=.Li.D.e;.......D..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio6665906469700978227.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	94
Entropy (8bit):	5.352724114848712
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXl30QVhAiwAmniq4UU:NluXDjuQVlwdK1
MD5:	6D01A4C7AB5AC88FCF97B93217AB25D4
SHA1:	CD39486EC73155B3C4E1AB10B20C69262A09ECAB
SHA-256:	45CBC2F4469E0294737DDB777BA37C40DECAAB97161A1E421337BDB93B8EEAD6
SHA-512:	FF56D564A678283E973238F553576C2EF1A9C85326422EDC0673985A349A7CFAE1F604B6E7763C2202D31EF0AD6AFFF3379364DC9DBFB21CABBC2095DCB29B84
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...0.............(..'.^).%..Y.j.).]............Q..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7103516844854627969.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 9 x 9
Category:	dropped
Size (bytes):	288
Entropy (8bit):	5.004652300322183
Encrypted:	false
SSDEEP:	3:CMQRZhqE1r/JvSXhhmmyKLFERrQ//35AsOaRH21LylUrtuvExx09zqGkDg8jg3it:/QDThMxTyKOrm3q7rwvExOzqGeg4Akl
MD5:	DBEB6AC81C07D0B4E76000859309B1E5
SHA1:	69755A6C206C094E91CF5D1086B1D3BF0FC4C7C8
SHA-256:	9863E46319CAD2BD1A809C7DFAB7EE0A44667B25A9389543E18F04EA894A055A
SHA-512:	D89FF50C1528782D8CF17BEA294C7943D71FB32117B553DAE3349EADFFF7B784DC9B1A39ABEE39DDC3264E3756953B34DF35F0955026C7D20454E99EC68B6687
Malicious:	false
Preview:	GIF89a...........................................................................................tttsssooo___???"""..........................................................................................!.....#.,..........>....)n..B&RhF2..%.PX)...1.F .mw.y..].......D..T.x..!`\|B"! ..A.

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio7212544972120051578.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	149
Entropy (8bit):	6.200845213320675
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXl7MuIZPZwLfACCGH1hbGUXTpDQNLDO9Nvn:NluXDjJM5PZwJV1hxanOvP
MD5:	0F8E2C9B6E60429824D76F1D08F56EB0
SHA1:	9B3372A501E04CC847ACB4A0A56FB14F0E27A414
SHA-256:	671F63EB768753D4CC6F92F0C1C7405F7998337CD7D5605946C7852EAE06328F
SHA-512:	C58038EA614456EFE94D67C92BBE0F523D769518C9B2DFDFDE65204D7A77942723BED03CECEB9E2AC2FD364DE3774DC9976F12665FFE2DBB40A5BB3597C64F4C
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...g..........;...i..Z...x..f..*.....\+......P...g..cBf.8@>..`..V.Z.r6.f.......5^.{k...S..kwf.....(8HHX..

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9716126586112586483.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 32 x 32
Category:	dropped
Size (bytes):	124
Entropy (8bit):	5.837381308239729
Encrypted:	false
SSDEEP:	3:CslDa3X/7/xlXlPnSnBZ+DIbHgnekrK4r3YZ97dXGyul:NluXDj5XD8HgekZroDwH
MD5:	E76C48F0DB9AF83B03C31A5C074F0BE4
SHA1:	C3EB6C0B650386AC38716B1F41C48556B4D49855
SHA-256:	DCE5C691E91E35286CB27DA1C7BBA3938162184E743A1D6F1BC8EB3B1D925830
SHA-512:	B2F2B1256EB882C9586126F34B6645832C967A7505DF0BE347CD1252DF8DFC677096149C398CB8690449E29769C83A078C25808B9C8FF1C10273AE1DCF454976
Malicious:	false
Preview:	GIF89a . ................!.......,.... . ...N..............}.B7..H.....{.m9O.\|{B)....!Q..0...krN2..V.f.&...Y.....N...

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/T/imageio9745765645810963695.tmp

Process:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File Type:	GIF image data, version 89a, 9 x 9
Category:	dropped
Size (bytes):	184
Entropy (8bit):	5.752289627872439
Encrypted:	false
SSDEEP:	3:CMJoabQKtnnn8/bGPssFC3hhl8OEJ5trylsxlGqD1H6qX+r203OX8N1l:/m2QuABWCHuOE7tzjGqxas+r3Oyl
MD5:	6A3211DBC3E2ABB4208D58DDBAE780BB
SHA1:	74D6839C87CEE7D906FA9EAEF2A63FCDC8C24544
SHA-256:	7997AFB7530BD0CAB7D3677EE9F9FC9F1959E9246953896B3A4A235D76FA8128
SHA-512:	36175E16E4A7B6837A5AA5A4519E44DD829C8C5723E73B234DCCA4472060FAFC4B2943FF786FFCC9EE84CE591FDC23DE4EED17999708ADE08E0084DB034DFDD4
Malicious:	false
Preview:	GIF89a.....................................................................\|\|\|xxxnnnmmmaaaZZZ...............!.......,..........6..\Z.%.YUka.DIO-QS.0[.<.]o...\|....h2 .....6$..AQ{8....

Static File Info

General

File type:	bzip2 compressed data, block size = 100k
Entropy (8bit):	7.999679567252431
TrID:	Disk Image (Macintosh), bzip2 (12509/2) 80.61% bzip2 compressed archive (3009/2) 19.39%
File name:	pwm_3.3.1.1_x86-64.dmg
File size:	72184045
MD5:	26e236876eb64279f77d118fbac3f06d
SHA1:	5519ff231aedc7394c5dd350b0b6058f253874c7
SHA256:	bd03a05dc21fa6ed0a3b35165df535896966f0f28279e07e7934d5e9e9ade8d8
SHA512:	ea476aa68f49632f0a4457b98549b9dbd881d1bc4d720c52734aaf6698176e1bc41f0b253808ee9a698900ae2b4cda07b135fefc9811bc223a3aea031ecd6fb3
SSDEEP:	1572864:7WAzO9n33sgIqk/kMl8TtlO1N2o/32H2avNZggwVJsYXZUk:KAIn33E/cMYQ1Mo/zavMHVJ9XZU
TLSH:	39F7337DA299A801CD958375E3DF1A264D110F73D5CAB98F167C3633A2F4279202AB37
File Content Preview:	BZh11AY&SY.z.V...F .......@.. .1...i...j:\.....N.$(....BZh11AY&SY+/.\.......P.@....BH....... .@... .u.=SA.....i...R..M.4....\g...(.^.d].\......A..B.H.0H+........=.4C.....~.I...A...R.W...)...Y}j.BZh91AY&SY............x.Ib0.@P....@@...!.(..H.$..BL....j...

CodeSign Information

["Executable=/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder","Identifier=ca.ewert.pwMinder","Format=app bundle with Mach-O thin (x86_64)","CodeDirectory v=20500 size=1405 flags=0x10000(???) hashes=35+5 location=embedded","OSPlatform=36","OSSDKVersion=659200","OSVersionMin=658432","Hash type=sha256 size=32","CandidateCDHash sha256=e7ec95472663656b285794f2766dcbf5604c768e","Hash choices=sha256","Page size=4096","CDHash=e7ec95472663656b285794f2766dcbf5604c768e","Signature size=8975","Authority=Developer ID Application: Victor Ewert (E8AGSEF5A4)","Authority=Developer ID Certification Authority","Authority=Apple Root CA","Timestamp=21 Nov 2022 at 19:26:25","Info.plist entries=18","TeamIdentifier=E8AGSEF5A4","Sealed Resources version=2 rules=13 files=170","Internal requirements count=1 size=180"]

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2022 01:27:06.156575918 CET	49293	80	192.168.11.11	17.253.15.202
Nov 24, 2022 01:27:06.156810045 CET	49294	80	192.168.11.11	88.221.168.210
Nov 24, 2022 01:27:06.164822102 CET	80	49293	17.253.15.202	192.168.11.11
Nov 24, 2022 01:27:06.165782928 CET	49293	80	192.168.11.11	17.253.15.202
Nov 24, 2022 01:27:06.168482065 CET	80	49294	88.221.168.210	192.168.11.11
Nov 24, 2022 01:27:06.169320107 CET	49294	80	192.168.11.11	88.221.168.210
Nov 24, 2022 01:28:06.725526094 CET	49302	80	192.168.11.11	142.250.186.148
Nov 24, 2022 01:28:06.734603882 CET	80	49302	142.250.186.148	192.168.11.11
Nov 24, 2022 01:28:06.735496998 CET	49302	80	192.168.11.11	142.250.186.148
Nov 24, 2022 01:28:06.741548061 CET	49302	80	192.168.11.11	142.250.186.148
Nov 24, 2022 01:28:06.750729084 CET	80	49302	142.250.186.148	192.168.11.11
Nov 24, 2022 01:28:07.078432083 CET	80	49302	142.250.186.148	192.168.11.11
Nov 24, 2022 01:28:07.079191923 CET	49302	80	192.168.11.11	142.250.186.148
Nov 24, 2022 01:28:07.146462917 CET	49302	80	192.168.11.11	142.250.186.148
Nov 24, 2022 01:28:07.157661915 CET	80	49302	142.250.186.148	192.168.11.11
Nov 24, 2022 01:28:07.158380985 CET	49302	80	192.168.11.11	142.250.186.148

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 24, 2022 01:27:25.382214069 CET	137	137	192.168.11.11	192.168.11.255
Nov 24, 2022 01:27:26.840518951 CET	137	137	192.168.11.11	192.168.11.255
Nov 24, 2022 01:27:26.841058016 CET	137	137	192.168.11.11	192.168.11.255
Nov 24, 2022 01:28:03.787105083 CET	53	60657	1.1.1.1	192.168.11.11
Nov 24, 2022 01:28:06.687371016 CET	55647	53	192.168.11.11	1.1.1.1
Nov 24, 2022 01:28:06.687822104 CET	51581	53	192.168.11.11	1.1.1.1
Nov 24, 2022 01:28:06.711705923 CET	53	55647	1.1.1.1	192.168.11.11
Nov 24, 2022 01:28:06.711785078 CET	53	51581	1.1.1.1	192.168.11.11

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 24, 2022 01:28:03.790575027 CET	192.168.11.11	1.1.1.1	f6c	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 24, 2022 01:28:06.687371016 CET	192.168.11.11	1.1.1.1	0xbb2b	Standard query (0)	etappservices.appspot.com	A (IP address)	IN (0x0001)	false
Nov 24, 2022 01:28:06.687822104 CET	192.168.11.11	1.1.1.1	0x3951	Standard query (0)	etappservices.appspot.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 24, 2022 01:28:06.711705923 CET	1.1.1.1	192.168.11.11	0xbb2b	No error (0)	etappservices.appspot.com		142.250.186.148	A (IP address)	IN (0x0001)	false
Nov 24, 2022 01:28:06.711785078 CET	1.1.1.1	192.168.11.11	0x3951	No error (0)	etappservices.appspot.com			28	IN (0x0001)	false

HTTP Request Dependency Graph

etappservices.appspot.com

System Behavior

Analysis Process: mono-sgen32 PID: 900, Parent PID: 812

General

Start time:	01:28:01
Start date:	24/11/2022
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	n/a
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

Analysis Process: open PID: 900, Parent PID: 812

General

Start time:	01:28:01
Start date:	24/11/2022
Path:	/usr/bin/open
Arguments:
File size:	105952 bytes
MD5 hash:	40ed6d8f35c9f20484b97582d296398f

Analysis Process: xpcproxy PID: 901, Parent PID: 1

General

Start time:	01:28:01
Start date:	24/11/2022
Path:	/usr/libexec/xpcproxy
Arguments:	n/a
File size:	43488 bytes
MD5 hash:	d1bb9a4899f0af921e8188218b20d744

Analysis Process: PWMinder PID: 901, Parent PID: 1

General

Start time:	01:28:01
Start date:	24/11/2022
Path:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
Arguments:	/Volumes/PWMinder_3.3.1.1/PWMinder.app/Contents/MacOS/PWMinder
File size:	160464 bytes
MD5 hash:	98e481ba3862913413a1ac1b7c00b45c