Malware Analysis Report

2024-10-16 06:33

Sample ID 240609-e8wndsdg2w
Target Sleepy Client.dll
SHA256 1bf4352b8682f75bbbeec4ce50b34f78a9af95b598772281156065bbf6da7e47
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

1bf4352b8682f75bbbeec4ce50b34f78a9af95b598772281156065bbf6da7e47

Threat Level: Likely benign

The file Sleepy Client.dll was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

Unsigned PE

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 04:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 04:37

Reported

2024-06-09 04:40

Platform

win7-20240221-en

Max time kernel

146s

Max time network

156s

Command Line

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sleepy Client.dll",#1

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2636 wrote to memory of 2784 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2476 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2484 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2784 wrote to memory of 2728 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Sleepy Client.dll",#1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.0.754269133\1413125963" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e53612-1238-4b46-8f21-7845faf6e12f} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 1316 115da858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.1.1414017195\811716155" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db11b70-6bdb-4c01-b23c-68f031e9ce63} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 1504 d72e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.2.1604377066\716746983" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9c10f37-7df7-4906-99bf-9911c3285598} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2092 1155da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.3.153596366\446969880" -childID 2 -isForBrowser -prefsHandle 2380 -prefMapHandle 584 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c3f3fa-6715-44c8-ac97-fe6349965b98} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 1676 d64d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.4.218903152\548266074" -childID 3 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c320f3b-bcff-409b-b28a-84c53f0c1df0} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2912 d5d958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.5.102520075\856887438" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2bb1088-0749-454c-a78b-bbd47176aa8f} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 3756 1a4d7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.6.1938978477\848245444" -childID 5 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32180e98-4044-47d8-97a7-3c316238e444} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 3852 1ef83958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.7.193223541\1818343551" -childID 6 -isForBrowser -prefsHandle 4068 -prefMapHandle 4072 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60e6b99c-9b56-4310-928a-e7f5ab5973c2} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4056 1efc0d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.8.34426887\968099404" -childID 7 -isForBrowser -prefsHandle 3744 -prefMapHandle 3924 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3728c3c-2f6f-4ed9-bebf-cd01d18086e7} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4256 1ef81e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.9.1084720813\607655395" -childID 8 -isForBrowser -prefsHandle 2568 -prefMapHandle 2580 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a16fda-9224-4573-b929-c659806b2347} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2564 18110e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.10.1772713272\1891379948" -parentBuildID 20221007134813 -prefsHandle 3552 -prefMapHandle 3556 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c7f040-33ce-4968-b740-6d659ec3b2cf} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4420 20cf2b58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.11.1428756715\1236476157" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4620 -prefMapHandle 4632 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {315c303d-72b1-4181-9c79-d0042a228801} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4700 1bea9a58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.12.1927635989\27878762" -childID 9 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b96117-655d-4114-bd97-da2b9b22207a} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4900 14741c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.13.1954771450\1364799191" -childID 10 -isForBrowser -prefsHandle 2672 -prefMapHandle 5224 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80a13285-52fb-41a3-9226-b15beb8d4f42} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 4532 21f8da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2784.14.1877309643\1242586607" -childID 11 -isForBrowser -prefsHandle 2540 -prefMapHandle 2544 -prefsLen 27454 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93d6dff2-d39e-4a2d-acac-a88637d556bc} 2784 "\\.\pipe\gecko-crash-server-pipe.2784" 2324 1be31258 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49199 tcp
N/A 127.0.0.1:49208 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 52.42.69.239:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.201.174:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
FR 142.250.201.174:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
FR 142.250.179.86:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.86:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
FR 142.250.179.110:443 suggestqueries-clients6.youtube.com tcp
FR 142.250.179.110:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
FR 142.250.179.110:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 172.217.20.170:443 jnn-pa.googleapis.com udp
FR 216.58.214.166:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 216.58.214.166:443 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 172.217.20.170:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 youtube.com udp
FR 142.250.201.174:443 youtube.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 youtube.com udp
FR 142.250.201.174:443 youtube.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 172.217.20.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
FR 172.217.20.193:443 photos-ugc.l.googleusercontent.com udp
FR 142.250.178.129:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.179.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 rr3---sn-aigl6nze.googlevideo.com udp
US 8.8.8.8:53 rr3.sn-aigl6nze.googlevideo.com udp
GB 74.125.168.136:443 rr3.sn-aigl6nze.googlevideo.com tcp
US 8.8.8.8:53 rr3.sn-aigl6nze.googlevideo.com udp
GB 74.125.168.136:443 rr3.sn-aigl6nze.googlevideo.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 rr4---sn-aigl6nsd.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-aigl6nsd.googlevideo.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 rr4.sn-aigl6nsd.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.7:443 rr2---sn-aigl6ns6.googlevideo.com tcp
US 8.8.8.8:53 rr2.sn-aigl6ns6.googlevideo.com udp
US 8.8.8.8:53 rr2.sn-aigl6ns6.googlevideo.com udp
GB 74.125.105.7:443 rr2.sn-aigl6ns6.googlevideo.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 rr4---sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 rr4.sn-aigl6nek.googlevideo.com udp
GB 173.194.183.105:443 rr4.sn-aigl6nek.googlevideo.com tcp
US 8.8.8.8:53 rr4.sn-aigl6nek.googlevideo.com udp
GB 173.194.183.105:443 rr4.sn-aigl6nek.googlevideo.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 216.58.214.162:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 216.58.214.162:443 ade.googlesyndication.com udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 rr5---sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.74:443 rr5---sn-aigl6nzs.googlevideo.com tcp
US 8.8.8.8:53 rr5.sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 rr5.sn-aigl6nzs.googlevideo.com udp
GB 74.125.175.74:443 rr5.sn-aigl6nzs.googlevideo.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
NL 2.18.121.197:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 142.250.178.142:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 142.250.178.142:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1---sn-aigl6ney.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigl6ney.gvt1.com udp
GB 173.194.183.166:443 r1.sn-aigl6ney.gvt1.com udp
FR 216.58.215.36:443 www.google.com udp
GB 74.125.105.7:443 rr2.sn-aigl6ns6.googlevideo.com udp
FR 142.250.179.86:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin

MD5 ee6cf0ff8935bbe10f78e17d83a71c62
SHA1 311729074cb8eb36dd8205c79ac8a4a7330ede44
SHA256 74999740d781532acc81491abd9438fe13faa97d4219d7a6919f6dcd76e336fc
SHA512 8ffe1c366b2207010dc67015c82b1a9582866c03fd906e34309aa829c390b9d269eb0ca8ecaa8b1d4ad28b45179e10780cac19711445d5c71a8e2f0915a060f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\ca60cf2e-50f8-4633-9f95-3166499855ed

MD5 f3e0c854b9474acde8c799a80fa3dcaf
SHA1 4a0b2168a28c0f55db64337c9b2f5c1ca5ce0df8
SHA256 f61f3c45b0604ed82519c5b7ca7f21f63f355c8f365d032d8dc18ec20d242f96
SHA512 872d7acb48e54a71b1dd566dda050fc1cdbb555ad1c0afd5ac14aaa5c87dbc658460b4a5bf97f55ed5109c48e50b5bc1ec13ad57f4701f90c7721e858bce3084

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\111e3206-e05d-4c20-998b-7d4b0a2b4d01

MD5 578eb3bb3b9584cc9453abb78e65b0af
SHA1 eaedb02ce2c28d71e6fd8012e80e3abb4578d957
SHA256 c411a9e07a2e43e5a285304c68d373ff7dfc1b7582463f357cfdd7129319e7ab
SHA512 4c582832c577f482032b82fb00f9c787144abad34adafddd09c6d7467dfd298119feb1782a7728ae51c52c4a09ced9acfc028e4a05697e10e2948a969fb44071

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 84915a4201d8a8e0564944a76ad800b0
SHA1 898b5b1061e0ab66aaf128107f8ebe071214eae1
SHA256 8fa1acacc57ac6b358b867004a18c6e99ac57069dd50b618689c3c2304ca1a95
SHA512 fbc253aefd6b8977297a5823e6736b68c64b45f0c9c0f4c344d23977ee31e6d798b197ceb4ed2d4dbe7392dc9459b5a8eb3fd20b4d87217f32b755c4afd03a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 66085a5d30f2a4dc80fe50f0fdabfeb6
SHA1 2ca3e6aba173d37c6155a4a353a8ddec3051c9bb
SHA256 e16a2deece697ff6d99b253753624d39094066a8639fef402e3246493ad97aff
SHA512 b3d04125776449951b670e5bd5a70264c3c3d056a59a6b34491ce067ac1efc3e156431e2c48103c908960d6471449c9a468493870a146c246956c4cfa93f18fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\cache\morgue\118\{144d3cfe-ce7d-4a40-9519-156b813c2276}.final

MD5 2a408811537a08a3bd0b6109feeb99d4
SHA1 067abda690a47f7a76a2babfa37e6894ab933770
SHA256 faf783bd71e3787b6c6b639ac87a4c211a40a07dad55aba22b44049db06eb9f1
SHA512 d7a8480fe4e1a5cb7a83b139b5cb052ce2752c0711e8a4cd9ede55ae52aa0a2ec4fe1b104c6a42f485cb5782e47cf198a43cd7929aa2dc5a1eacc81940be9cad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

MD5 1eea0d09dcbef60d91ceb579c2d99dc4
SHA1 fef2b014b086f3e1700ed9a0007646ca90e4a373
SHA256 19ff980e7d3aeadd6a7f8c13e365d1ad6763947218b186b6462df35cc162eab6
SHA512 c59577178750f1a79caf8240b509c9d3ae165f53cc0d7cce00b7fd42432ec50d7c66431f89286fd56ecace625f6111bbf35d40ebb341d3eddb9fae9056a86379

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\idb\1188530871yCt7-%iCt7-%r9e9sfp4o.sqlite

MD5 597816764050b0862a10731b0831d9bd
SHA1 0232b2a44faa619c509933b657f774f432fc5284
SHA256 aeb88507f42c8d7401bfa685845ec89ba9645abdbd2897209c76c16624fafb08
SHA512 c88b565f6c7c2031c1229b6428cc70a643ad54541ab3a07edaf1814290bec0044efc0d7f73ba8fd3c8dde678da7eb7ef337f3768b878ef26e679505ea335b8c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

MD5 5bdc42d61d7e37e8bd00a59b5c8f0083
SHA1 1666af209416994a73aa49ccd95efd5699cb1dbe
SHA256 82801c3de554fe306ab308e4df2dde2bfdab1970c42c12c713a544a95d6457bb
SHA512 44305de82b1db4ce2efb034b8122ec26ca125e74faacaf6344c45e1eff550eff1585fdf0c62db06c26f6451494739fa8784f9a926d861632c74bb81148a34e99

\??\PIPE\samr

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++www.youtube.com\cache\morgue\29\{adb0d371-0cd3-4835-afc0-d22770cfb41d}.final

MD5 d551d4b67a589e9119684930847c5730
SHA1 e68b7ed75ed54eaf546d59922b47552e00c7b603
SHA256 1ff065fdca2da5ee1a22d34584bc94a7102c3052949137a0725627faa5fd61ff
SHA512 987731457a8efe57e854e3623e0f844932e8f7c6b24629fa52e3c744000e53f53c0fcdf8e4c8f64e33b5a1570d1f46a55233be6b3e7816869fb5c549d85d6c5c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b80a0f87ccc33ce1d5a53371d3564667
SHA1 731e5d2bd1e78cfe5604b2df6ad164e3925882ba
SHA256 3bcc7ca0a4e754140418aa7ef60a7d4d5f79c886eaa5136936ed04fcf7223cab
SHA512 833cfce633da175a462d53721c443eb026199026836ee7b468cb1369fcb5b84dca858a99af883d127ff7dd145d78e9e7bec590fa47c93618a76b1ab6cbab1673

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\28560

MD5 ac3a6b8811a7bcc42e793a69ba2555c4
SHA1 46c68f1437b34bc60840b0b947bee99f8dc8026f
SHA256 3cf3a9fcab7fbee2301e5d32a1d41522c0bf1c072ce94a55f4cb9cea78d08357
SHA512 de1164e26a714f0d432f53a3b0464f21a9e503229f6771db2c00dbb834166ebeb26aabbc4106bd40574a44464fa13052bf23396d08f50d860b23d074602d12be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

MD5 4c9c15c0bc89937ddca9cadcaff62fa4
SHA1 a8e9978670bbf48732ccb67f4fb35c20e313ec22
SHA256 b4ba2065b7a32b37575a7dcc9ddb2fdc057f721987c7b2bc19173b3faad68862
SHA512 7bb519605abff57c89c2a5c4b3bf5d151932041b94dbe633222d2ad60295bed5d33a31bac51ed0a05f4da824ebe0fa9e9721359aa384de95546678a5b2687f9f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b2fd394b8a1ed48ff76081bb45882eb6
SHA1 61e5c89b73ff1bc71db86fed0ff4f65e1cf84c39
SHA256 2ca541984a935e77c30db1b06221991c7b4bf1ebec2f4b8ca749e5870e39b3f4
SHA512 6e879e5cd84b5db8501a1aff1def7c7b6760f23a57c4f25709a29fb3ae6c05a25712eb4d69e9eebc603ec2793422132f0efdf7136ca2d99cb6823ff749f04370

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\32246

MD5 97b7e44f861c950514e3aae621a53d71
SHA1 56066821add32e484bcf6284f62caff58b1d73af
SHA256 8ebbb18a8d72b70835e2e531b5c1f8e502b3b7a9590e19415ac5eb63fc20bdfb
SHA512 75d82d6c461eeb9f2c631da83e6747103a268ca20190272cac5f7f1ad5e0f545fe9cd443e007db1cdafc31db07f5c9a79c0cea3c59588fd495e9bd9e8e0d8929

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e57083ccfd40cf6c29d6549489e0849c
SHA1 0804a7568e85cbb40e5c58b322df5ed6e1431d61
SHA256 d5bf3d962d2364cd90eba82ee91fdc16b61ed3d3cbd6098752fff06418ca99be
SHA512 626703077becf8480ff9a210dcf2ea3ccdc6416f313d046dec9473a88e20f6b9386f7e4e3d564cef50f79fb33b111c75197a77084aece76822427bbbb36d4d1c

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

MD5 65f38ea6925e1e103e4ae02cff0345c8
SHA1 14be8b407bfb2c1e26258773e627e88b298070b4
SHA256 e6d685c88dfc0d7335e1d279acc89d28e98c7b08ac65a0fc9517fb69ccd88893
SHA512 50fcc6911db1e72973045a3766129182af9fd72d8f1ea19b7f771027f0b946c1d7c91bab61f4eba44a9fa69a3bd36cd7396a8dc2a4db1ad826e2b473580f4fc8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 04:37

Reported

2024-06-09 04:37

Platform

android-x64-20240603-en

Max time network

4s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-09 04:37

Reported

2024-06-09 04:40

Platform

macos-20240410-en

Max time kernel

144s

Max time network

120s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Sleepy Client.dll"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref N/A N/A
N/A /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool N/A N/A
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A
N/A /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool N/A N/A
N/A /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool N/A N/A
N/A /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Sleepy Client.dll"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Sleepy Client.dll"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Sleepy Client.dll]

/bin/zsh

[/bin/zsh -c /Users/run/Sleepy Client.dll]

/Users/run/Sleepy

[/Users/run/Sleepy Client.dll]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.systempreferences.2140]

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences

[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AccountProfileRemoteViewService 549]

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService

[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool

[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool

[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref

[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool

[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreAuthentication.agent]

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd

[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nfcd]

/usr/libexec/nfcd

[/usr/libexec/nfcd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.studentd]

/usr/libexec/studentd

[/usr/libexec/studentd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.preference.sidecar.remoteservice 549]

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/XPCServices/com.apple.preference.sidecar.remoteservice.xpc/Contents/MacOS/com.apple.preference.sidecar.remoteservice

[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/XPCServices/com.apple.preference.sidecar.remoteservice.xpc/Contents/MacOS/com.apple.preference.sidecar.remoteservice]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

Network

Country Destination Domain Proto
AU 40.79.173.41:443 tcp
DE 17.253.79.202:80 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
BE 23.55.96.225:443 e6858.dscx.akamaiedge.net tcp
US 8.8.8.8:53 bag-cdn.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 gspe35-ssl.ls-apple.com.akadns.net udp
GB 23.200.147.27:443 tcp
NL 72.246.172.153:443 tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
GB 23.59.171.16:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
IE 20.50.80.210:443 tcp
N/A 224.0.0.251:5353 udp

Files

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 ce7f5b3d4bfc7b4b0da6a06dccc515f2
SHA1 ce657a52a052a3aaf534ecfbf7cbdde4ee334c10
SHA256 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1
SHA512 db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml

MD5 9a43af57707d2fb460832049d1f217d1
SHA1 056d813f8cb5198ca82072f7e3484f38ea5267f8
SHA256 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c
SHA512 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 802d55fe9328c3dde0d073cf6704dbf0
SHA1 504e47bc3c150ed50e3a11b015b48a8fe4bf47a1
SHA256 9b648267be81a5e68097fda9b44ed9cb4a80737ba8efe631c110be3849e90659
SHA512 3c66cb4fe2b2c0bf04702998eb8e16d4483fc533a5bc5d3f0ad11f26206f75772da738287c24c1586cefa40376d7883c750eb95b88a698884467b0c4dc16bca9

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a60a7bcfc47eacaa66e5e3d701d3ba80
SHA1 7093ffc5beca33187c18461c7ff3259a1781ae35
SHA256 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468
SHA512 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a6ed424e1135465fac072dc8c30be6a0
SHA1 8cb5811cfe6611074f7e01b8b9a533aa7bed4432
SHA256 c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc
SHA512 d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972

/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

MD5 28cd8f7559461d5817d4b2e7a1f91711
SHA1 85b65b580af5efc8be3df2b14bd85b0559fb01f0
SHA256 04146d360703e306b6c59a9e50f189b02b27910c1f5cba432ba95bba7bd73c09
SHA512 bb782d08314ee975e8b2e8ff196068b93ad37e8fef7da84775e827f3a65b636407f7f08310671c8494b3b75a9b3525e48eb58b014eaed50cfa20c03a88a7c2b7