Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_1076d717-4027-4ef0-8728-ef91ec815ccd.json
(copy)
|
JSON data
|
dropped
|
||
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_1076d717-4027-4ef0-8728-ef91ec815ccd.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
|
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmpaddon
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 04:35:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 04:35:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 04:35:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 04:35:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 04:35:07 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
|
Mozilla lz4 compressed data, originally 6086 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
|
Mozilla lz4 compressed data, originally 6086 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 6180 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\Downloads\4fbd8bea-e86e-4a57-8c9b-97361d7823c6.tmp
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\causarol.rar (copy)
|
RAR archive data, v5
|
dropped
|
||
C:\Users\user\Downloads\causarol.rar.crdownload
|
RAR archive data, v5
|
dropped
|
There are 29 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://tibusiness.cl/css/causarol.rar
|
|||
http://detectportal.firefox.com/canonical.html
|
34.107.221.82
|
||
http://detectportal.firefox.com/success.txt?ipv4
|
34.107.221.82
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
tibusiness.cl
|
186.64.116.245
|
||
example.org
|
93.184.215.14
|
||
star-mini.c10r.facebook.com
|
31.13.70.36
|
||
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
twitter.com
|
104.244.42.65
|
||
prod.detectportal.prod.cloudops.mozgcp.net
|
34.107.221.82
|
||
services.addons.mozilla.org
|
18.164.154.78
|
||
dyna.wikimedia.org
|
198.35.26.96
|
||
prod.remote-settings.prod.webservices.mozgcp.net
|
34.149.100.209
|
||
contile.services.mozilla.com
|
34.117.237.239
|
||
prod.content-signature-chains.prod.webservices.mozgcp.net
|
34.160.144.191
|
||
youtube-ui.l.google.com
|
142.251.2.136
|
||
reddit.map.fastly.net
|
151.101.65.140
|
||
ipv4only.arpa
|
192.0.0.171
|
||
prod.ads.prod.webservices.mozgcp.net
|
34.117.188.166
|
||
www.google.com
|
142.250.141.105
|
||
telemetry-incoming.r53-2.services.mozilla.com
|
34.120.208.123
|
||
www.reddit.com
|
unknown
|
||
spocs.getpocket.com
|
unknown
|
||
content-signature-2.cdn.mozilla.net
|
unknown
|
||
firefox.settings.services.mozilla.com
|
unknown
|
||
push.services.mozilla.com
|
unknown
|
||
www.youtube.com
|
unknown
|
||
www.facebook.com
|
unknown
|
||
detectportal.firefox.com
|
unknown
|
||
shavar.services.mozilla.com
|
unknown
|
||
www.wikipedia.org
|
unknown
|
There are 17 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
186.64.116.245
|
tibusiness.cl
|
Chile
|
||
44.233.67.78
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
74.125.137.95
|
unknown
|
United States
|
||
18.164.154.78
|
services.addons.mozilla.org
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
34.149.100.209
|
prod.remote-settings.prod.webservices.mozgcp.net
|
United States
|
||
34.107.243.93
|
unknown
|
United States
|
||
142.251.2.84
|
unknown
|
United States
|
||
74.125.137.113
|
unknown
|
United States
|
||
142.251.2.94
|
unknown
|
United States
|
||
34.107.221.82
|
prod.detectportal.prod.cloudops.mozgcp.net
|
United States
|
||
34.117.237.239
|
contile.services.mozilla.com
|
United States
|
||
52.25.6.244
|
unknown
|
United States
|
||
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
142.251.2.138
|
unknown
|
United States
|
||
34.117.188.166
|
prod.ads.prod.webservices.mozgcp.net
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
23.217.9.75
|
unknown
|
United States
|
||
142.250.141.105
|
www.google.com
|
United States
|
||
142.250.101.94
|
unknown
|
United States
|
||
34.160.144.191
|
prod.content-signature-chains.prod.webservices.mozgcp.net
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
||
34.120.208.123
|
telemetry-incoming.r53-2.services.mozilla.com
|
United States
|
There are 14 hidden IPs, click here to show them.