Analysis Overview
SHA256
1bf4352b8682f75bbbeec4ce50b34f78a9af95b598772281156065bbf6da7e47
Threat Level: Likely benign
The file Sleepy Client.dll was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
Unsigned PE
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 04:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 04:37
Reported
2024-06-09 04:40
Platform
win7-20240221-en
Max time kernel
146s
Max time network
156s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sleepy Client.dll",#1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.0.754269133\1413125963" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e53612-1238-4b46-8f21-7845faf6e12f} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 1316 115da858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.1.1414017195\811716155" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db11b70-6bdb-4c01-b23c-68f031e9ce63} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 1504 d72e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.2.1604377066\716746983" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9c10f37-7df7-4906-99bf-9911c3285598} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2092 1155da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.3.153596366\446969880" -childID 2 -isForBrowser -prefsHandle 2380 -prefMapHandle 584 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c3f3fa-6715-44c8-ac97-fe6349965b98} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 1676 d64d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.4.218903152\548266074" -childID 3 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c320f3b-bcff-409b-b28a-84c53f0c1df0} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2912 d5d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.5.102520075\856887438" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2bb1088-0749-454c-a78b-bbd47176aa8f} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 3756 1a4d7658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.6.1938978477\848245444" -childID 5 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32180e98-4044-47d8-97a7-3c316238e444} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 3852 1ef83958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.7.193223541\1818343551" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60e6b99c-9b56-4310-928a-e7f5ab5973c2} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4056 1efc0d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.8.34426887\968099404" -childID 7 -isForBrowser -prefsHandle 3744 -prefMapHandle 3924 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3728c3c-2f6f-4ed9-bebf-cd01d18086e7} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4256 1ef81e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.9.1084720813\607655395" -childID 8 -isForBrowser -prefsHandle 2568 -prefMapHandle 2580 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a16fda-9224-4573-b929-c659806b2347} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2564 18110e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.10.1772713272\1891379948" -parentBuildID 20221007134813 -prefsHandle 3552 -prefMapHandle 3556 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c7f040-33ce-4968-b740-6d659ec3b2cf} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4420 20cf2b58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.11.1428756715\1236476157" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4620 -prefMapHandle 4632 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {315c303d-72b1-4181-9c79-d0042a228801} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4700 1bea9a58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.12.1927635989\27878762" -childID 9 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b96117-655d-4114-bd97-da2b9b22207a} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4900 14741c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.13.1954771450\1364799191" -childID 10 -isForBrowser -prefsHandle 2672 -prefMapHandle 5224 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80a13285-52fb-41a3-9226-b15beb8d4f42} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4532 21f8da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.14.1877309643\1242586607" -childID 11 -isForBrowser -prefsHandle 2540 -prefMapHandle 2544 -prefsLen 27454 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93d6dff2-d39e-4a2d-acac-a88637d556bc} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2324 1be31258 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49199 | tcp | |
| N/A | 127.0.0.1:49208 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 52.42.69.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| FR | 142.250.201.174:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | tcp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| FR | 142.250.179.110:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | udp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 216.58.214.166:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| FR | 142.250.201.174:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| FR | 142.250.201.174:443 | youtube.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| FR | 172.217.20.193:443 | photos-ugc.l.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigl6nze.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nze.googlevideo.com | udp |
| GB | 74.125.168.136:443 | rr3.sn-aigl6nze.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-aigl6nze.googlevideo.com | udp |
| GB | 74.125.168.136:443 | rr3.sn-aigl6nze.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigl6nsd.googlevideo.com | udp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigl6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6ns6.googlevideo.com | udp |
| GB | 74.125.105.7:443 | rr2---sn-aigl6ns6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-aigl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-aigl6ns6.googlevideo.com | udp |
| GB | 74.125.105.7:443 | rr2.sn-aigl6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.105:443 | rr4.sn-aigl6nek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-aigl6nek.googlevideo.com | udp |
| GB | 173.194.183.105:443 | rr4.sn-aigl6nek.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| FR | 216.58.214.162:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| FR | 216.58.214.162:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.74:443 | rr5---sn-aigl6nzs.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-aigl6nzs.googlevideo.com | udp |
| GB | 74.125.175.74:443 | rr5.sn-aigl6nzs.googlevideo.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| GB | 74.125.105.7:443 | rr2.sn-aigl6ns6.googlevideo.com | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ee6cf0ff8935bbe10f78e17d83a71c62 |
| SHA1 | 311729074cb8eb36dd8205c79ac8a4a7330ede44 |
| SHA256 | 74999740d781532acc81491abd9438fe13faa97d4219d7a6919f6dcd76e336fc |
| SHA512 | 8ffe1c366b2207010dc67015c82b1a9582866c03fd906e34309aa829c390b9d269eb0ca8ecaa8b1d4ad28b45179e10780cac19711445d5c71a8e2f0915a060f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\ca60cf2e-50f8-4633-9f95-3166499855ed
| MD5 | f3e0c854b9474acde8c799a80fa3dcaf |
| SHA1 | 4a0b2168a28c0f55db64337c9b2f5c1ca5ce0df8 |
| SHA256 | f61f3c45b0604ed82519c5b7ca7f21f63f355c8f365d032d8dc18ec20d242f96 |
| SHA512 | 872d7acb48e54a71b1dd566dda050fc1cdbb555ad1c0afd5ac14aaa5c87dbc658460b4a5bf97f55ed5109c48e50b5bc1ec13ad57f4701f90c7721e858bce3084 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\111e3206-e05d-4c20-998b-7d4b0a2b4d01
| MD5 | 578eb3bb3b9584cc9453abb78e65b0af |
| SHA1 | eaedb02ce2c28d71e6fd8012e80e3abb4578d957 |
| SHA256 | c411a9e07a2e43e5a285304c68d373ff7dfc1b7582463f357cfdd7129319e7ab |
| SHA512 | 4c582832c577f482032b82fb00f9c787144abad34adafddd09c6d7467dfd298119feb1782a7728ae51c52c4a09ced9acfc028e4a05697e10e2948a969fb44071 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 84915a4201d8a8e0564944a76ad800b0 |
| SHA1 | 898b5b1061e0ab66aaf128107f8ebe071214eae1 |
| SHA256 | 8fa1acacc57ac6b358b867004a18c6e99ac57069dd50b618689c3c2304ca1a95 |
| SHA512 | fbc253aefd6b8977297a5823e6736b68c64b45f0c9c0f4c344d23977ee31e6d798b197ceb4ed2d4dbe7392dc9459b5a8eb3fd20b4d87217f32b755c4afd03a8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 66085a5d30f2a4dc80fe50f0fdabfeb6 |
| SHA1 | 2ca3e6aba173d37c6155a4a353a8ddec3051c9bb |
| SHA256 | e16a2deece697ff6d99b253753624d39094066a8639fef402e3246493ad97aff |
| SHA512 | b3d04125776449951b670e5bd5a70264c3c3d056a59a6b34491ce067ac1efc3e156431e2c48103c908960d6471449c9a468493870a146c246956c4cfa93f18fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\cache\morgue\118\{144d3cfe-ce7d-4a40-9519-156b813c2276}.final
| MD5 | 2a408811537a08a3bd0b6109feeb99d4 |
| SHA1 | 067abda690a47f7a76a2babfa37e6894ab933770 |
| SHA256 | faf783bd71e3787b6c6b639ac87a4c211a40a07dad55aba22b44049db06eb9f1 |
| SHA512 | d7a8480fe4e1a5cb7a83b139b5cb052ce2752c0711e8a4cd9ede55ae52aa0a2ec4fe1b104c6a42f485cb5782e47cf198a43cd7929aa2dc5a1eacc81940be9cad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
| MD5 | 1eea0d09dcbef60d91ceb579c2d99dc4 |
| SHA1 | fef2b014b086f3e1700ed9a0007646ca90e4a373 |
| SHA256 | 19ff980e7d3aeadd6a7f8c13e365d1ad6763947218b186b6462df35cc162eab6 |
| SHA512 | c59577178750f1a79caf8240b509c9d3ae165f53cc0d7cce00b7fd42432ec50d7c66431f89286fd56ecace625f6111bbf35d40ebb341d3eddb9fae9056a86379 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\idb\1188530871yCt7-%iCt7-%r9e9sfp4o.sqlite
| MD5 | 597816764050b0862a10731b0831d9bd |
| SHA1 | 0232b2a44faa619c509933b657f774f432fc5284 |
| SHA256 | aeb88507f42c8d7401bfa685845ec89ba9645abdbd2897209c76c16624fafb08 |
| SHA512 | c88b565f6c7c2031c1229b6428cc70a643ad54541ab3a07edaf1814290bec0044efc0d7f73ba8fd3c8dde678da7eb7ef337f3768b878ef26e679505ea335b8c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
| MD5 | 5bdc42d61d7e37e8bd00a59b5c8f0083 |
| SHA1 | 1666af209416994a73aa49ccd95efd5699cb1dbe |
| SHA256 | 82801c3de554fe306ab308e4df2dde2bfdab1970c42c12c713a544a95d6457bb |
| SHA512 | 44305de82b1db4ce2efb034b8122ec26ca125e74faacaf6344c45e1eff550eff1585fdf0c62db06c26f6451494739fa8784f9a926d861632c74bb81148a34e99 |
\??\PIPE\samr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\cache\morgue\29\{adb0d371-0cd3-4835-afc0-d22770cfb41d}.final
| MD5 | d551d4b67a589e9119684930847c5730 |
| SHA1 | e68b7ed75ed54eaf546d59922b47552e00c7b603 |
| SHA256 | 1ff065fdca2da5ee1a22d34584bc94a7102c3052949137a0725627faa5fd61ff |
| SHA512 | 987731457a8efe57e854e3623e0f844932e8f7c6b24629fa52e3c744000e53f53c0fcdf8e4c8f64e33b5a1570d1f46a55233be6b3e7816869fb5c549d85d6c5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b80a0f87ccc33ce1d5a53371d3564667 |
| SHA1 | 731e5d2bd1e78cfe5604b2df6ad164e3925882ba |
| SHA256 | 3bcc7ca0a4e754140418aa7ef60a7d4d5f79c886eaa5136936ed04fcf7223cab |
| SHA512 | 833cfce633da175a462d53721c443eb026199026836ee7b468cb1369fcb5b84dca858a99af883d127ff7dd145d78e9e7bec590fa47c93618a76b1ab6cbab1673 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\28560
| MD5 | ac3a6b8811a7bcc42e793a69ba2555c4 |
| SHA1 | 46c68f1437b34bc60840b0b947bee99f8dc8026f |
| SHA256 | 3cf3a9fcab7fbee2301e5d32a1d41522c0bf1c072ce94a55f4cb9cea78d08357 |
| SHA512 | de1164e26a714f0d432f53a3b0464f21a9e503229f6771db2c00dbb834166ebeb26aabbc4106bd40574a44464fa13052bf23396d08f50d860b23d074602d12be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
| MD5 | 4c9c15c0bc89937ddca9cadcaff62fa4 |
| SHA1 | a8e9978670bbf48732ccb67f4fb35c20e313ec22 |
| SHA256 | b4ba2065b7a32b37575a7dcc9ddb2fdc057f721987c7b2bc19173b3faad68862 |
| SHA512 | 7bb519605abff57c89c2a5c4b3bf5d151932041b94dbe633222d2ad60295bed5d33a31bac51ed0a05f4da824ebe0fa9e9721359aa384de95546678a5b2687f9f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b2fd394b8a1ed48ff76081bb45882eb6 |
| SHA1 | 61e5c89b73ff1bc71db86fed0ff4f65e1cf84c39 |
| SHA256 | 2ca541984a935e77c30db1b06221991c7b4bf1ebec2f4b8ca749e5870e39b3f4 |
| SHA512 | 6e879e5cd84b5db8501a1aff1def7c7b6760f23a57c4f25709a29fb3ae6c05a25712eb4d69e9eebc603ec2793422132f0efdf7136ca2d99cb6823ff749f04370 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\32246
| MD5 | 97b7e44f861c950514e3aae621a53d71 |
| SHA1 | 56066821add32e484bcf6284f62caff58b1d73af |
| SHA256 | 8ebbb18a8d72b70835e2e531b5c1f8e502b3b7a9590e19415ac5eb63fc20bdfb |
| SHA512 | 75d82d6c461eeb9f2c631da83e6747103a268ca20190272cac5f7f1ad5e0f545fe9cd443e007db1cdafc31db07f5c9a79c0cea3c59588fd495e9bd9e8e0d8929 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e57083ccfd40cf6c29d6549489e0849c |
| SHA1 | 0804a7568e85cbb40e5c58b322df5ed6e1431d61 |
| SHA256 | d5bf3d962d2364cd90eba82ee91fdc16b61ed3d3cbd6098752fff06418ca99be |
| SHA512 | 626703077becf8480ff9a210dcf2ea3ccdc6416f313d046dec9473a88e20f6b9386f7e4e3d564cef50f79fb33b111c75197a77084aece76822427bbbb36d4d1c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
| MD5 | 65f38ea6925e1e103e4ae02cff0345c8 |
| SHA1 | 14be8b407bfb2c1e26258773e627e88b298070b4 |
| SHA256 | e6d685c88dfc0d7335e1d279acc89d28e98c7b08ac65a0fc9517fb69ccd88893 |
| SHA512 | 50fcc6911db1e72973045a3766129182af9fd72d8f1ea19b7f771027f0b946c1d7c91bab61f4eba44a9fa69a3bd36cd7396a8dc2a4db1ad826e2b473580f4fc8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 04:37
Reported
2024-06-09 04:37
Platform
android-x64-20240603-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-09 04:37
Reported
2024-06-09 04:40
Platform
macos-20240410-en
Max time kernel
144s
Max time network
120s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
| N/A | /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/Sleepy Client.dll"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/Sleepy Client.dll"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/Sleepy Client.dll]
/bin/zsh
[/bin/zsh -c /Users/run/Sleepy Client.dll]
/Users/run/Sleepy
[/Users/run/Sleepy Client.dll]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 549]
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]
/usr/libexec/nfcd
[/usr/libexec/nfcd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]
/usr/libexec/studentd
[/usr/libexec/studentd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.preference.sidecar.remoteservice 549]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/XPCServices/com.apple.preference.sidecar.remoteservice.xpc/Contents/MacOS/com.apple.preference.sidecar.remoteservice
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/XPCServices/com.apple.preference.sidecar.remoteservice.xpc/Contents/MacOS/com.apple.preference.sidecar.remoteservice]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
Network
| Country | Destination | Domain | Proto |
| AU | 40.79.173.41:443 | tcp | |
| DE | 17.253.79.202:80 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| BE | 23.55.96.225:443 | e6858.dscx.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | bag-cdn.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| GB | 23.200.147.27:443 | tcp | |
| NL | 72.246.172.153:443 | tcp | |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| GB | 23.59.171.16:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| IE | 20.50.80.210:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 802d55fe9328c3dde0d073cf6704dbf0 |
| SHA1 | 504e47bc3c150ed50e3a11b015b48a8fe4bf47a1 |
| SHA256 | 9b648267be81a5e68097fda9b44ed9cb4a80737ba8efe631c110be3849e90659 |
| SHA512 | 3c66cb4fe2b2c0bf04702998eb8e16d4483fc533a5bc5d3f0ad11f26206f75772da738287c24c1586cefa40376d7883c750eb95b88a698884467b0c4dc16bca9 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a6ed424e1135465fac072dc8c30be6a0 |
| SHA1 | 8cb5811cfe6611074f7e01b8b9a533aa7bed4432 |
| SHA256 | c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc |
| SHA512 | d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972 |
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data
| MD5 | 28cd8f7559461d5817d4b2e7a1f91711 |
| SHA1 | 85b65b580af5efc8be3df2b14bd85b0559fb01f0 |
| SHA256 | 04146d360703e306b6c59a9e50f189b02b27910c1f5cba432ba95bba7bd73c09 |
| SHA512 | bb782d08314ee975e8b2e8ff196068b93ad37e8fef7da84775e827f3a65b636407f7f08310671c8494b3b75a9b3525e48eb58b014eaed50cfa20c03a88a7c2b7 |