Edit tour

Windows Analysis Report
https://dz8aopenkvv6s.cloudfront.net

Overview

General Information

Sample URL:	https://dz8aopenkvv6s.cloudfront.net
Analysis ID:	1431798
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Tries to harvest and steal browser information (history, passwords, etc)

Drops PE files

Stores files to the Windows start menu directory

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dz8aopenkvv6s.cloudfront.net/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1776,i,17417694487938272068,5011201652173925206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

firefox.exe (PID: 7424 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7444 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7668 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8fe5410-5af7-4291-af62-e0e3d344cd58} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1952916e710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8012 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3976 -parentBuildID 20230927232528 -prefsHandle 3860 -prefMapHandle 3964 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff89cc1e-c728-47b0-b75b-848ad333aefc} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1953b0d3b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 1920 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 2852 -prefsLen 33419 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63d1ef8-7947-4573-9f39-2d02c511a48f} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1954186d710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

pingsender.exe (PID: 3344 cmdline: "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/956ba27e-1e2c-4538-a4ee-7e8f2d44f56e/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e https://incoming.telemetry.mozilla.org/submit/telemetry/8f6c3a69-05b6-4c42-b4d8-a492273cb8c9/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9 https://incoming.telemetry.mozilla.org/submit/telemetry/c6cb1392-07c6-4da5-bbab-276546d09062/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062 MD5: B380758F0DAA6B44346C7994EB2408D7)

conhost.exe (PID: 5148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://dz8aopenkvv6s.cloudfront.net/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.84.208.24:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49778 version: TLS 1.2

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 78MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: dz8aopenkvv6s.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: services.addons.mozilla.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 99.84.208.24:443 -> 192.168.2.16:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.16:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.16:49778 version: TLS 1.2

Source: classification engine

Classification label: sus21.spyw.win@33/37@71/163

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Local\Temp\firefox

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Source: C:\Program Files\Mozilla Firefox\pingsender.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dz8aopenkvv6s.cloudfront.net/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1776,i,17417694487938272068,5011201652173925206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1776,i,17417694487938272068,5011201652173925206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8fe5410-5af7-4291-af62-e0e3d344cd58} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1952916e710 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3976 -parentBuildID 20230927232528 -prefsHandle 3860 -prefMapHandle 3964 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff89cc1e-c728-47b0-b75b-848ad333aefc} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1953b0d3b10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20230927232528 -prefsHandle 2248 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8fe5410-5af7-4291-af62-e0e3d344cd58} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1952916e710 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3976 -parentBuildID 20230927232528 -prefsHandle 3860 -prefMapHandle 3964 -prefsLen 25481 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff89cc1e-c728-47b0-b75b-848ad333aefc} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1953b0d3b10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 2852 -prefsLen 33419 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63d1ef8-7947-4573-9f39-2d02c511a48f} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1954186d710 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 2852 -prefsLen 33419 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63d1ef8-7947-4573-9f39-2d02c511a48f} 7444 "\\.\pipe\gecko-crash-server-pipe.7444" 1954186d710 utility
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/956ba27e-1e2c-4538-a4ee-7e8f2d44f56e/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e https://incoming.telemetry.mozilla.org/submit/telemetry/8f6c3a69-05b6-4c42-b4d8-a492273cb8c9/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9 https://incoming.telemetry.mozilla.org/submit/telemetry/c6cb1392-07c6-4da5-bbab-276546d09062/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\pingsender.exe "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/956ba27e-1e2c-4538-a4ee-7e8f2d44f56e/event/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e https://incoming.telemetry.mozilla.org/submit/telemetry/8f6c3a69-05b6-4c42-b4d8-a492273cb8c9/health/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9 https://incoming.telemetry.mozilla.org/submit/telemetry/c6cb1392-07c6-4da5-bbab-276546d09062/main/Firefox/118.0.1/release/20230927232528?v=4 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: wininet.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: vcruntime140_1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: wldp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: profapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: netutils.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: schannel.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: dpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Section loaded: ncryptsslp.dll

Source: C:\Program Files\Mozilla Firefox\pingsender.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	Process information set: NOOPENFILEERRORBOX

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062
Source: C:\Program Files\Mozilla Firefox\pingsender.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://dz8aopenkvv6s.cloudfront.net	0%	Avira URL Cloud	safe
https://dz8aopenkvv6s.cloudfront.net	0%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)	0%	Virustotal		Browse

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
star-mini.c10r.facebook.com	31.13.88.35	true	false	high
twitter.com	104.244.42.65	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	unknown
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	unknown
services.addons.mozilla.org	99.84.208.24	true	false	high
dyna.wikimedia.org	208.80.154.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	unknown
contile.services.mozilla.com	34.117.188.166	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	unknown
youtube-ui.l.google.com	64.233.177.190	true	false	high
reddit.map.fastly.net	151.101.129.140	true	false	unknown
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	unknown
ipv4only.arpa	192.0.0.170	true	false	unknown
dz8aopenkvv6s.cloudfront.net	18.154.230.111	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	unknown
www.google.com	172.217.215.105	true	false	high
normandy-cdn.services.mozilla.com	35.201.103.21	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
push.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
normandy.cdn.mozilla.net	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://dz8aopenkvv6s.cloudfront.net/	false	high
http://detectportal.firefox.com/canonical.html	false	high
http://detectportal.firefox.com/success.txt?ipv4	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.136.84	unknown	United States	15169	GOOGLEUS	false
172.217.215.105	www.google.com	United States	15169	GOOGLEUS	false
142.250.9.139	unknown	United States	15169	GOOGLEUS	false
34.149.100.209	prod.remote-settings.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
99.84.208.24	services.addons.mozilla.org	United States	16509	AMAZON-02US	false
34.107.243.93	unknown	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
52.25.6.244	unknown	United States	16509	AMAZON-02US	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.154.230.111	dz8aopenkvv6s.cloudfront.net	United States	16509	AMAZON-02US	false
64.233.176.100	unknown	United States	15169	GOOGLEUS	false
13.33.19.100	unknown	United States	16509	AMAZON-02US	false
35.201.103.21	normandy-cdn.services.mozilla.com	United States	15169	GOOGLEUS	false
142.250.9.95	unknown	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
44.239.14.124	unknown	United States	16509	AMAZON-02US	false
23.40.207.139	unknown	United States	20940	AKAMAI-ASN1EU	false
74.125.138.94	unknown	United States	15169	GOOGLEUS	false
34.120.208.123	telemetry-incoming.r53-2.services.mozilla.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431798
Start date and time:	2024-04-25 19:36:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://dz8aopenkvv6s.cloudfront.net
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	SUS
Classification:	sus21.spyw.win@33/37@71/163

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.94, 142.250.9.139, 142.250.9.138, 142.250.9.113, 142.250.9.102, 142.250.9.101, 142.250.9.100, 74.125.136.84, 34.104.35.123, 23.47.204.52
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Created / dropped Files

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fa449b5f-86a5-478f-b600-b98a032fd148.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	2D89AF408794C61391A58BA975F94560
SHA1:	D70250D7740BACF3F7F52AEBE2D64A52E10E335F
SHA-256:	E56884A6336F738483E6FDCF06F227FCB2EB6550F829CA17841E355138A00112
SHA-512:	63BD2B38A4CDA99B957FEF67AD96BB08D0497528C23DE76093C5F0C0D960207F9CF990F8A8296EAF03E9BD199555D911FE92C65219849197A53AEC11DE94EF67
Malicious:	false
Reputation:	unknown
Preview:	{"type":"uninstall","id":"fa449b5f-86a5-478f-b600-b98a032fd148","creationDate":"2024-04-25T19:32:41.695Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fa449b5f-86a5-478f-b600-b98a032fd148.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7598
Entropy (8bit):	5.1792373162074465
Encrypted:	false
SSDEEP:
MD5:	2D89AF408794C61391A58BA975F94560
SHA1:	D70250D7740BACF3F7F52AEBE2D64A52E10E335F
SHA-256:	E56884A6336F738483E6FDCF06F227FCB2EB6550F829CA17841E355138A00112
SHA-512:	63BD2B38A4CDA99B957FEF67AD96BB08D0497528C23DE76093C5F0C0D960207F9CF990F8A8296EAF03E9BD199555D911FE92C65219849197A53AEC11DE94EF67
Malicious:	false
Reputation:	unknown
Preview:	{"type":"uninstall","id":"fa449b5f-86a5-478f-b600-b98a032fd148","creationDate":"2024-04-25T19:32:41.695Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":4,"vendor":"GenuineIntel","name":"I

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Reputation:	unknown
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Local\Temp\tmpaddon

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	453023
Entropy (8bit):	7.997718157581587
Encrypted:	true
SSDEEP:
MD5:	85430BAED3398695717B0263807CF97C
SHA1:	FFFBEE923CEA216F50FCE5D54219A188A5100F41
SHA-256:	A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
SHA-512:	06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
Malicious:	false
Reputation:	unknown
Preview:	PK.........bN...R..........gmpopenh264.dll..\|.E.0.=..I.....1....4f1q.`.........q.....'+....hm{.z..o_.{w........$..($A!...\|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....\|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`............ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\...........-i.K.I..4.a..6.....Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N..}..).3.N%.!..q........^I.m..~...6.#.~+.....A...I]r...x...<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..\|c.1.cUkM.&.Qn]..a]t.h...!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:\|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.996592996520632
Encrypted:	false
SSDEEP:
MD5:	1FBF049D47739327E91FC73234EE932A
SHA1:	D5F4C49B9EA3A42D5544FA7C3329D55EC64F7315
SHA-256:	6CC2CE7E7C98311D37E86B20BE29EB99A0EB629AF0B83DE318A93F2C7FD1FA99
SHA-512:	7373506FEAB37B775D14362640EEA4492D8578B93AAC3E058845BD8169F8E70B587117747BBB38E7DECC074C007FE981836AF715F73F3857B945F0AED3BCE65E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....%]#7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.011004774280705
Encrypted:	false
SSDEEP:
MD5:	6539AC597F30C9BC146078199A300357
SHA1:	900F33A925C21FF5CA09A09A9A07CF520DFDA441
SHA-256:	4C55D7090453566AC5F0A945D72B48F22D21AE504C5BE9D2BA1A0A705344886E
SHA-512:	F3CD67EAE874E4BF13AD54C7236227925454CAA98447390D4F45AA606F5472262A763AAC1BA8839D49E83EC842D7F29CB5F466F766BA0FD2EB09AADA59CAF5C1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....g.Q#7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.016461023339215
Encrypted:	false
SSDEEP:
MD5:	732D05E72B5062112A41BC64589E67BD
SHA1:	3EEFC357A618D282ECCEE8127AC7DEDF245D5F52
SHA-256:	B2782B9750C0CA092F2FF01D4729DDF908FC7535EA710F8EEE4F8BFA6E48F4C2
SHA-512:	B91AA9D5311C9DF828AA3708481994338A5C411BFCC5522841FDA60ED7867DAC4E65B2ED418637AF61912501BBAAB1AF5AF9ED8C90BE06E4BC52101704E8BDAB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.008290427809912
Encrypted:	false
SSDEEP:
MD5:	151C97B5B7EEF8B5D816F6823DE59E32
SHA1:	C6D3A4327FB5D26D4C32DB8786ED1B5F6F25E2F7
SHA-256:	F26BEF2A66C8A8260D1919C4F1F54E309A0E8F1A15BAAC217B75354564A2F565
SHA-512:	679D16EF9AE9CBD3C4FD32D32F47C79F92B5F59DD4CA6C03D7A9023E5E760C7A8183F29AF5A8F51324F6B0E99F496ACE0D1DD1FEF40982138A4A768DB654BFB4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....K#7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.997996677857675
Encrypted:	false
SSDEEP:
MD5:	E1F365F66E92F7C11145A899CC69FE2A
SHA1:	ABDBD046D99D04B57086F3499C35470736E077B4
SHA-256:	8CC912EB44296CA72F00B581D83A1EBC022BC6DFEAE40CE5C1DC4FB718165AA3
SHA-512:	E8D6A24FC9EBCE7E191881AD74347A1C92E226F44B888348FC2F8ED14818421B2EEE4C62C77332947076C01D38C7B464B7B58647F6AFBCE310FA8E25D16881AE
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......W#7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.006796350022897
Encrypted:	false
SSDEEP:
MD5:	A660091802E2367F1F1C3574BFAB968C
SHA1:	9290A03A0F4AC5DBE593255403775E884B7BCF40
SHA-256:	C712AF5A261D2C902A8631EAB097A403240BE0B61EDCE68B568ACA2CD2D7F20D
SHA-512:	49988A0FE75C6967BC9C2AE75B1C4EABA38ABDD6B81C1CF8A6FC558A298BD43CF45A5D95922C55538C29907198AF8265681C18227170F1BCC2D276674E0C6561
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....\.B#7...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C6BFFF9727751AD875D57738DD154B5A
SHA1:	7D5F10D37BF76002E0D9A6C37CBDFB7E52C76873
SHA-256:	2DCDEFAF4AA429C0DD1D030EDF63E738DD840BF50F413E49523BB8769FF8755E
SHA-512:	110416217B5CBA3C0CF5152E39F9374E6A4F3E4F42FEB4EEEA591A0C269CB3323FEF19FA1EADA7D46A11B0EB9766E98500C2B5744C1310B117BD29EE6C180415
Malicious:	false
Reputation:	unknown
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3621
Entropy (8bit):	4.928598557362891
Encrypted:	false
SSDEEP:
MD5:	C6BFFF9727751AD875D57738DD154B5A
SHA1:	7D5F10D37BF76002E0D9A6C37CBDFB7E52C76873
SHA-256:	2DCDEFAF4AA429C0DD1D030EDF63E738DD840BF50F413E49523BB8769FF8755E
SHA-512:	110416217B5CBA3C0CF5152E39F9374E6A4F3E4F42FEB4EEEA591A0C269CB3323FEF19FA1EADA7D46A11B0EB9766E98500C2B5744C1310B117BD29EE6C180415
Malicious:	false
Reputation:	unknown
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"9c4f630b-d3dc-4236-9fe2-a1415309e4e4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-06T09:08:30.452Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState-1.txt

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	531
Entropy (8bit):	4.945249651216257
Encrypted:	false
SSDEEP:
MD5:	F047CA1FF072FF3B8759C4DCAF1F37EA
SHA1:	949B52D6E7E0FBA4B104678137FC14F0FF4E0EF6
SHA-256:	AAE45BCE5A390B3385C0E800C668AE357AC97E65CC98A0E579EC263C7B98E0F8
SHA-512:	C81D93132D26EE624EAE97BEC39243822E1816654194E23F780407B9EED897720978ADC042A4E4892EFBE5DC9154FA776AB722F5227D662E35A51D13BE1D1C26
Malicious:	false
Reputation:	unknown
Preview:	aus5.mozilla.org.1.19838.1728119303810,1,0.contile.services.mozilla.com.1.19838.1728119304720,1,0.www.mozilla.org^partitionKey=%28https%2Cmozilla.org%29.0.19636.1728119303277,1,0.location.services.mozilla.com.1.19838.1728119303625,1,1.incoming.telemetry.mozilla.org.1.19838.1728119304720,1,0.spocs.getpocket.com.1.19838.1759655303841,1,0.shavar.services.mozilla.com^firstPartyDomain=safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla.1.19838.1728119308571,1,1.firefox.settings.services.mozilla.com.1.19838.1728119309103,1,0.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState.txt (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	F047CA1FF072FF3B8759C4DCAF1F37EA
SHA1:	949B52D6E7E0FBA4B104678137FC14F0FF4E0EF6
SHA-256:	AAE45BCE5A390B3385C0E800C668AE357AC97E65CC98A0E579EC263C7B98E0F8
SHA-512:	C81D93132D26EE624EAE97BEC39243822E1816654194E23F780407B9EED897720978ADC042A4E4892EFBE5DC9154FA776AB722F5227D662E35A51D13BE1D1C26
Malicious:	false
Reputation:	unknown
Preview:	aus5.mozilla.org.1.19838.1728119303810,1,0.contile.services.mozilla.com.1.19838.1728119304720,1,0.www.mozilla.org^partitionKey=%28https%2Cmozilla.org%29.0.19636.1728119303277,1,0.location.services.mozilla.com.1.19838.1728119303625,1,1.incoming.telemetry.mozilla.org.1.19838.1728119304720,1,0.spocs.getpocket.com.1.19838.1759655303841,1,0.shavar.services.mozilla.com^firstPartyDomain=safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla.1.19838.1728119308571,1,1.firefox.settings.services.mozilla.com.1.19838.1728119309103,1,0.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 23432 bytes
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	1B9C8056D3619CE5A8C59B0C09873F17
SHA1:	1015C630E1937AA63F6AB31743782ECB5D78CCD8
SHA-256:	A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
SHA-512:	B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
Malicious:	false
Reputation:	unknown
Preview:	mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."://login.microsoftonline.com/","..@us/L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl\|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 23432 bytes
Category:	dropped
Size (bytes):	5312
Entropy (8bit):	6.615424734763731
Encrypted:	false
SSDEEP:
MD5:	1B9C8056D3619CE5A8C59B0C09873F17
SHA1:	1015C630E1937AA63F6AB31743782ECB5D78CCD8
SHA-256:	A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
SHA-512:	B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
Malicious:	false
Reputation:	unknown
Preview:	mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."://login.microsoftonline.com/","..@us/L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl\|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override.txt

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.056294608820628
Encrypted:	false
SSDEEP:
MD5:	575BC09CC5DC6B6A088F2CEA4F9FBFFB
SHA1:	993D3D43E3123DF5629F20402E3BC690CBF97368
SHA-256:	84B5FD34489012F61978FC7469D42BC3C73BAC639915FE7A39AB1BC13D931104
SHA-512:	BB10738FB5398C52410A352723800DB79DAE46B82FECDF0F4C441A3166DA1A12C663C4381ABA26F1EE2BD2844F9B55727D769F0FC3182AE81C8F447889055470
Malicious:	false
Reputation:	unknown
Preview:	# PSM Certificate Override Settings file..# This is a generated file! Do not edit...dz8aopenkvv6s.cloudfront.net:443:.OID.2.16.840.1.101.3.4.2.1.71:24:23:AC:94:77:D0:52:C1:A7:AF:20:3D:22:3C:82:D3:D4:27:C0:AD:E7:25:F7:F2:B9:A0:64:B3:65:D2:E5...

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 56 bytes
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	A6338865EB252D0EF8FCF11FA9AF3F0D
SHA1:	CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
SHA-256:	078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
SHA-512:	D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 56 bytes
Category:	dropped
Size (bytes):	66
Entropy (8bit):	4.837595020998689
Encrypted:	false
SSDEEP:
MD5:	A6338865EB252D0EF8FCF11FA9AF3F0D
SHA1:	CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
SHA-256:	078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
SHA-512:	D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	FE3355639648C417E8307C6D051E3E37
SHA1:	F54602D4B4778DA21BC97C7238FC66AA68C8EE34
SHA-256:	1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
SHA-512:	8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...\|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1021904
Entropy (8bit):	6.648417932394748
Encrypted:	false
SSDEEP:
MD5:	FE3355639648C417E8307C6D051E3E37
SHA1:	F54602D4B4778DA21BC97C7238FC66AA68C8EE34
SHA-256:	1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
SHA-512:	8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...\|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	3D33CDC0B3D281E67DD52E14435DD04F
SHA1:	4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
SHA-256:	F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
SHA-512:	A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
Malicious:	false
Reputation:	unknown
Preview:	Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	116
Entropy (8bit):	4.968220104601006
Encrypted:	false
SSDEEP:
MD5:	3D33CDC0B3D281E67DD52E14435DD04F
SHA1:	4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
SHA-256:	F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
SHA-512:	A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
Malicious:	false
Reputation:	unknown
Preview:	Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	modified
Size (bytes):	13182
Entropy (8bit):	5.4869241576753645
Encrypted:	false
SSDEEP:
MD5:	140BE574563A55F0CAB7E04A0A0764B1
SHA1:	211CAAF90FD08B4FD52BE05FF56453E5EBC03DDE
SHA-256:	0730569975089BF1539A1E1886AAB7DDB671FB3854BD7724B865C8E830478995
SHA-512:	962E85B9ADC6EE66088277A2A3EBBAD3AFA195599A927533F5F139C3F7047482EB6A0FABD10E120F0EB99694F24D3863F27C2482A59C398D82B82407FBDBD520
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1714073527);..user_pref("app.update.lastUpdateTime.background-update-timer", 1714073527);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1714073527);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 171407

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	3ED3B620151361635B6FF4D8FEFA3093
SHA1:	CA9463815B04C4F3FAFEE931AD813F4BD544996F
SHA-256:	2A24DB6F233D412AD30E5BBBB5F135C0844CBD9DED341AA42D7207255A152F6B
SHA-512:	F8A37246D362EF04479817CBD42078D03AA3A64B202ABFE182BA84EF339D44CBDD3C134C2AC3AC1D0B4A0E8243CB6C6DBA943FB529C10FC088E7BC05F21A856F
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "0dbf219f-4e18-464a-957c-ae336603cdcc");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696583305);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696583311);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\49ca02b7-2997-464a-92f7-9f6e0f689319 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C59506A2EA5EEDA1F18EA55070C7A5F9
SHA1:	E10657BB43DBF4DE2D6AA5FE15CFC03E58EFC3F5
SHA-256:	D84F588B6A7EECAA3F226AE54D6789AC0C51EF9208F2AAACBE2EF6DC193BE11B
SHA-512:	8C40E8206F00BB3022EB5F0FB53D0529EFA7B3E3D01A00F65C166BED9CE8249888AC1889030AEB9C171A281F594EDDB7A0CC4DCBE60342E25330C87B0B8BCD65
Malicious:	false
Reputation:	unknown
Preview:	{"type":"health","id":"49ca02b7-2997-464a-92f7-9f6e0f689319","creationDate":"2024-04-25T19:32:41.982Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\49ca02b7-2997-464a-92f7-9f6e0f689319.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	493
Entropy (8bit):	4.97622245514905
Encrypted:	false
SSDEEP:
MD5:	C59506A2EA5EEDA1F18EA55070C7A5F9
SHA1:	E10657BB43DBF4DE2D6AA5FE15CFC03E58EFC3F5
SHA-256:	D84F588B6A7EECAA3F226AE54D6789AC0C51EF9208F2AAACBE2EF6DC193BE11B
SHA-512:	8C40E8206F00BB3022EB5F0FB53D0529EFA7B3E3D01A00F65C166BED9CE8249888AC1889030AEB9C171A281F594EDDB7A0CC4DCBE60342E25330C87B0B8BCD65
Malicious:	false
Reputation:	unknown
Preview:	{"type":"health","id":"49ca02b7-2997-464a-92f7-9f6e0f689319","creationDate":"2024-04-25T19:32:41.982Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	F3767479B05071DFCBF2D077B9DBEEA1
SHA1:	F3E06061DD9A75F3E9D113A162032B3E5639C487
SHA-256:	860A941E418B92901258D7E463426CA5B2DEC7E9E36DD9FB2C1340A8AF98E004
SHA-512:	7CF5B55E1FC0A22BB21FD539C5F0FA931D8166EC7DB0EC1F8F94E335EDEA5FB51253E3CC81BC8BF885FEB605E9DAF666A8A9B16E9E467B8D4D1B22F107497314
Malicious:	false
Reputation:	unknown
Preview:	{"type":"health","id":"8f6c3a69-05b6-4c42-b4d8-a492273cb8c9","creationDate":"2024-04-25T19:32:50.436Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"shutdown","sendFailure":{"eUnreachable":7}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	492
Entropy (8bit):	5.003415293651221
Encrypted:	false
SSDEEP:
MD5:	F3767479B05071DFCBF2D077B9DBEEA1
SHA1:	F3E06061DD9A75F3E9D113A162032B3E5639C487
SHA-256:	860A941E418B92901258D7E463426CA5B2DEC7E9E36DD9FB2C1340A8AF98E004
SHA-512:	7CF5B55E1FC0A22BB21FD539C5F0FA931D8166EC7DB0EC1F8F94E335EDEA5FB51253E3CC81BC8BF885FEB605E9DAF666A8A9B16E9E467B8D4D1B22F107497314
Malicious:	false
Reputation:	unknown
Preview:	{"type":"health","id":"8f6c3a69-05b6-4c42-b4d8-a492273cb8c9","creationDate":"2024-04-25T19:32:50.436Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"shutdown","sendFailure":{"eUnreachable":7}},"clientId":"413174e6-2d70-4d17-b528-bf49e920b3c6"}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B0F74EE832CC7C435E52EAE2AFA78353
SHA1:	B827738A9D8571FD7E3027C0863781C6A99BBDD3
SHA-256:	776413646D181B28CDEC1EDFB28C384A178D11C8B102E3BB0C73A8AFCB53B07D
SHA-512:	2873034C4ADD0B689F6A02F670B11C23E1AA2C0CA3E3007BB4CC63D9837FA75FC06748F7799724DDEBB229A85A6ACDB08A2C12B7438D6CCFF3421C230E41A69C
Malicious:	false
Reputation:	unknown
Preview:	{"type":"event","id":"956ba27e-1e2c-4538-a4ee-7e8f2d44f56e","creationDate":"2024-04-25T19:32:50.390Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"reason":"shutdown","processStartTimestamp":1714066620000,"sessionId":"e4240d95-f2de-4a81-8662-e19812aa2494","subsessionId":"0934d8d2-c4c4-4b9b-b802-43acbc2c6bc9","lostEventsCount":0,"events":{"parent":[[6871899,"normandy","enroll","nimbus_experiment","extensions-migration-in-import-wizard-116-rollout",{"experimentType":"rollout","branch":"control","enrollmentId":"117a4445-8a66-4380-9124-287dcbaeee7e"}],[6881509,"normandy","validationFailed","nimbus_experiment","next-generation-accessibility-engine-powering-screen-readers",{"reason":"invalid-feature","feature":"accessibilityCache"}],[6881509,"normandy","validationFailed","nimbus_experiment","ne

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9523
Entropy (8bit):	5.193776993609907
Encrypted:	false
SSDEEP:
MD5:	B0F74EE832CC7C435E52EAE2AFA78353
SHA1:	B827738A9D8571FD7E3027C0863781C6A99BBDD3
SHA-256:	776413646D181B28CDEC1EDFB28C384A178D11C8B102E3BB0C73A8AFCB53B07D
SHA-512:	2873034C4ADD0B689F6A02F670B11C23E1AA2C0CA3E3007BB4CC63D9837FA75FC06748F7799724DDEBB229A85A6ACDB08A2C12B7438D6CCFF3421C230E41A69C
Malicious:	false
Reputation:	unknown
Preview:	{"type":"event","id":"956ba27e-1e2c-4538-a4ee-7e8f2d44f56e","creationDate":"2024-04-25T19:32:50.390Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"reason":"shutdown","processStartTimestamp":1714066620000,"sessionId":"e4240d95-f2de-4a81-8662-e19812aa2494","subsessionId":"0934d8d2-c4c4-4b9b-b802-43acbc2c6bc9","lostEventsCount":0,"events":{"parent":[[6871899,"normandy","enroll","nimbus_experiment","extensions-migration-in-import-wizard-116-rollout",{"experimentType":"rollout","branch":"control","enrollmentId":"117a4445-8a66-4380-9124-287dcbaeee7e"}],[6881509,"normandy","validationFailed","nimbus_experiment","next-generation-accessibility-engine-powering-screen-readers",{"reason":"invalid-feature","feature":"accessibilityCache"}],[6881509,"normandy","validationFailed","nimbus_experiment","ne

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B497F3BEF92203877421A846EA2DD236
SHA1:	8D804D688D5B51BE180E43AB5DEB5E79805F49B5
SHA-256:	9BC331C13CFB11BEBEBB1498FBFDC3FF7C14670A27D3E68D9A4F13B73FB1B889
SHA-512:	DEF58779BEDADED39082660049F0578BA00A18A4CC52FF9CE485609996CE56136F780E27FF947B355E8DA28B098C881265DBE817C43E07AC1F5677B356D1950F
Malicious:	false
Reputation:	unknown
Preview:	{"type":"main","id":"c6cb1392-07c6-4da5-bbab-276546d09062","creationDate":"2024-04-25T19:32:50.459Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":13806,"start":6862400,"main":6862614,"selectProfile":6862626,"afterProfileLocked":6862629,"startupCrashDetectionBegin":6862794,"startupCrashDetectionEnd":6925459,"firstPaint":6865410,"firstPaint2":6863744,"sessionRestoreInit":6863065,"sessionRestored":6865744,"createTopLevelWindow":6862889,"quitApplication":6943646,"profileBeforeChange":6943724,"AMI_startup_begin":13725192,"XPI_startup_begin":13725196,"XPI_bootstrap_addons_begin":13725203,"XPI_bootstrap_addons_end":13725250,"XPI_startup_end":13725251,"AMI_startup_end":13725251,"XPI_finalUIStartup":13725440,"sessionRestoreInitialized":13725442,"delayedSta

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56203
Entropy (8bit):	5.264409283571789
Encrypted:	false
SSDEEP:
MD5:	B497F3BEF92203877421A846EA2DD236
SHA1:	8D804D688D5B51BE180E43AB5DEB5E79805F49B5
SHA-256:	9BC331C13CFB11BEBEBB1498FBFDC3FF7C14670A27D3E68D9A4F13B73FB1B889
SHA-512:	DEF58779BEDADED39082660049F0578BA00A18A4CC52FF9CE485609996CE56136F780E27FF947B355E8DA28B098C881265DBE817C43E07AC1F5677B356D1950F
Malicious:	false
Reputation:	unknown
Preview:	{"type":"main","id":"c6cb1392-07c6-4da5-bbab-276546d09062","creationDate":"2024-04-25T19:32:50.459Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"ver":4,"simpleMeasurements":{"totalTime":13806,"start":6862400,"main":6862614,"selectProfile":6862626,"afterProfileLocked":6862629,"startupCrashDetectionBegin":6862794,"startupCrashDetectionEnd":6925459,"firstPaint":6865410,"firstPaint2":6863744,"sessionRestoreInit":6863065,"sessionRestored":6865744,"createTopLevelWindow":6862889,"quitApplication":6943646,"profileBeforeChange":6943724,"AMI_startup_begin":13725192,"XPI_startup_begin":13725196,"XPI_bootstrap_addons_begin":13725203,"XPI_bootstrap_addons_end":13725250,"XPI_startup_end":13725251,"AMI_startup_end":13725251,"XPI_finalUIStartup":13725440,"sessionRestoreInitialized":13725442,"delayedSta

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA1:	B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
SHA-256:	792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
SHA-512:	076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	288
Entropy (8bit):	4.271085273892442
Encrypted:	false
SSDEEP:
MD5:	E08EF355498AE2C73E75F5A7E60EADA5
SHA1:	C98B5AB80782513F6E72D95AB070E1ED7626C576
SHA-256:	D1A98A30522D1BF882574DF5ED2793BBA5C4FDF0381788BABEA0846F6946745C
SHA-512:	A0550E83ECD1CF632B4E54BF43744EE9F7C0A8DFCF9A043E018C00D4CA0BBA606CFCAAA469B204E7C9DFFEC1F79B91E16CD4F1C94FF512C45D3DD25B7174E859
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true,"quit-application-granted":true,"quit-application":true,"profile-change-net-teardown":true,"profile-change-teardown":true,"profile-before-change":true,"sessionstore-final-state-write-complete":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 5825 bytes
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E4802883AFBB2DBFCFF100D6BD63A66A
SHA1:	9AB6F07B558DD4827CBB69C88301CEEC5CEAE3BB
SHA-256:	83DB2B6040884704A786962962FFAE82A6E0613465878DEED1C03AF03D75B8EC
SHA-512:	970D1BD7751B00BF27C0D27AE19AFD3145983427D92081283D1B56C59E3F90D3B472BBC6E5A6FC7A196CC63F6751E9B5029F03AEE43713EADEDDE17EC681D1DF
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{36599bca-1026-40c8-ad47-0bb1f10115bd}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{6735e3b5-04a9-4a69-8fb6-ddc95349de76}\"}}","hasUserInteractA...true,"triggeringP[.....3...D...docIdentifier":8,"persistK..+}],"lastAccessed":1714073528742,"hidden":false,"searchMode...userContextId{..attribut....{},"index":1,"requestedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT6.@],"_...C....GroupCount":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zD..1...WI..l........F..:..\|.1":{..jUpdate.....vtartTim..`489717...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 5825 bytes
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E4802883AFBB2DBFCFF100D6BD63A66A
SHA1:	9AB6F07B558DD4827CBB69C88301CEEC5CEAE3BB
SHA-256:	83DB2B6040884704A786962962FFAE82A6E0613465878DEED1C03AF03D75B8EC
SHA-512:	970D1BD7751B00BF27C0D27AE19AFD3145983427D92081283D1B56C59E3F90D3B472BBC6E5A6FC7A196CC63F6751E9B5029F03AEE43713EADEDDE17EC681D1DF
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{36599bca-1026-40c8-ad47-0bb1f10115bd}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{6735e3b5-04a9-4a69-8fb6-ddc95349de76}\"}}","hasUserInteractA...true,"triggeringP[.....3...D...docIdentifier":8,"persistK..+}],"lastAccessed":1714073528742,"hidden":false,"searchMode...userContextId{..attribut....{},"index":1,"requestedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT6.@],"_...C....GroupCount":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximized"...BeforeMin...&..workspace...."544a81f3-86cf-4601-b565-c8cb2ca3983a","zD..1...WI..l........F..:..\|.1":{..jUpdate.....vtartTim..`489717...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu.. 7cu..*9745a185df1b235fd3ecf9e918cb7cd2b41b705581b7355f517422d41a. pa..p"/","na..`"taarI..bsecure...,"

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 6233 bytes
Category:	dropped
Size (bytes):	1700
Entropy (8bit):	6.36167708979121
Encrypted:	false
SSDEEP:
MD5:	CBAC24C6D4CCDE41339EF03F1B7DB4A8
SHA1:	EEB3AFF17396A6A8535644AD8869C0DD392AA5DA
SHA-256:	3AE359993CB3D160ADEC5695143958BB79A03C9E0AAF2E9F63B91FBAF8BB30A8
SHA-512:	C3C1970E40200D462D1D5B7C7C3C51CC7F8A86604BE333B868BBB5A8DFA70866CCED138C2E7F6B7D0E56CE0431B92804489E1A5C5C225B04B2E9BF0D04B5A848
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.Y.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{36599bca-1026-40c8-ad47-0bb1f10115bd}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{6735e3b5-04a9-4a69-8fb6-ddc95349de76}\"}}","hasUserInteractA...true,"triggeringP[.....3...D...docIdentifier":8,"persistK.$},]...https://dz8aopenkvv6s.cloudfront.net/x..0.....!18.....$@ferr....fo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==...qesState...s...a..."0>html>2","scrol...0,15360"}]..B,19...*],"lastAccessed":1714073564138,"hidden":false,"searchMode...userContextId7..attributx...{},"index":2,"requestedI..s0,"imagL....aselect...,"_closedT..@],"_...C....GroupCount":-1,"busy....chromeFlags":2167541758(...dth":1164,"height":891..teenX":4...Y..Aizem..."maximized......BeforeMin...&..workspaceM..."544a81f3-86cf-4601-b565-c8cb2ca3983a","z ..1...W............:....1":{..1Upds.....4..vtartTim..`489717...centCrash...0},"glob

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore.jsonlz4 (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 3371 bytes
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	D5900C7408C9DD7AFCD080C05C82E525
SHA1:	57FE121EE113A42D817DFB717E647AB4F2FF9224
SHA-256:	04771C412CFC20A137BF1FB86AC5E9D4B86BC2DDE6876600FC5B96FAD5752774
SHA-512:	D8E7171BB23FBBEAF88E5A418D31B868E13F24C732C4145278EC5CE862FED34A1F87F2A05602F15E6B60A1AE3F5B92BC16471543DD711E98080B480D15B7B3F5
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.+.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{36599bca-1026-40c8-ad47-0bb1f10115bd}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{6735e3b5-04a9-4a69-8fb6-ddc95349de76}\"}}","hasUserInteractA...true,"triggeringP[.....3...D...docIdentifier":8,"persistK.$},]...https://dz8aopenkvv6s.cloudfront.net/x..0.....!18.....$@ferr....fo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==...qesState...s...a..."0>html>2","scrol...0,15360"}]..B,19...],"lastAccessed":1714073570228,"hidden":false,"searchMode...userContextId7..attributx...{},"index":2,"requestedI..s0,"imagL....aselect...,"_closedT..@],"_...C....GroupCount":-1,"chromeFlags":2167541758....dth":1164,"height":891x.teenX":4...Y..Aizem..."maximized......BeforeMin...&..workspace@..."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...F..._shouldR......4.At...9......j..W8.....p.....5.....k.1":{(.1Upd...&..95,"startTim

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore.jsonlz4.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Mozilla lz4 compressed data, originally 3371 bytes
Category:	dropped
Size (bytes):	1379
Entropy (8bit):	6.253863229497458
Encrypted:	false
SSDEEP:
MD5:	D5900C7408C9DD7AFCD080C05C82E525
SHA1:	57FE121EE113A42D817DFB717E647AB4F2FF9224
SHA-256:	04771C412CFC20A137BF1FB86AC5E9D4B86BC2DDE6876600FC5B96FAD5752774
SHA-512:	D8E7171BB23FBBEAF88E5A418D31B868E13F24C732C4145278EC5CE862FED34A1F87F2A05602F15E6B60A1AE3F5B92BC16471543DD711E98080B480D15B7B3F5
Malicious:	false
Reputation:	unknown
Preview:	mozLz40.+.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...}url":"about:home","title":"New Tab","cacheKey":0,"ID":7,"docshellUUID":"{36599bca-1026-40c8-ad47-0bb1f10115bd}","resultPrincipalURI":null,"p....ToInherit_base64":"{\"0\":...\"moz-null4...:{6735e3b5-04a9-4a69-8fb6-ddc95349de76}\"}}","hasUserInteractA...true,"triggeringP[.....3...D...docIdentifier":8,"persistK.$},]...https://dz8aopenkvv6s.cloudfront.net/x..0.....!18.....$@ferr....fo":"BBoSnxDOS9qmDeAnom1e0A...w..$EY.....0BAQ..oABAA==...qesState...s...a..."0>html>2","scrol...0,15360"}]..B,19...],"lastAccessed":1714073570228,"hidden":false,"searchMode...userContextId7..attributx...{},"index":2,"requestedI..s0,"imagL....aselect...,"_closedT..@],"_...C....GroupCount":-1,"chromeFlags":2167541758....dth":1164,"height":891x.teenX":4...Y..Aizem..."maximized......BeforeMin...&..workspace@..."544a81f3-86cf-4601-b565-c8cb2ca3983a","z...1...F..._shouldR......4.At...9......j..W8.....p.....5.....k.1":{(.1Upd...&..95,"startTim

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	8D689C06CB844185099C0398A280537E
SHA1:	57073C7526EC37E94BB9DB44FEDC6D50276F7A6B
SHA-256:	96729E9B38F216605FF10715F96F364BE32F02E2DE23EDE7E74B78244605124D
SHA-512:	3C7DF326C695143915DF1068CB2C0F58E93E4881B2C4D94B33948B80E954FBD4CF944AE53B4D15002B79FCDB8E88F8E9CF4C89CA50F56B7CFD8A13EA7DD6FFF8
Malicious:	false
Reputation:	unknown
Preview:	{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""}}}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	4.3978245045642685
Encrypted:	false
SSDEEP:
MD5:	8D689C06CB844185099C0398A280537E
SHA1:	57073C7526EC37E94BB9DB44FEDC6D50276F7A6B
SHA-256:	96729E9B38F216605FF10715F96F364BE32F02E2DE23EDE7E74B78244605124D
SHA-512:	3C7DF326C695143915DF1068CB2C0F58E93E4881B2C4D94B33948B80E954FBD4CF944AE53B4D15002B79FCDB8E88F8E9CF4C89CA50F56B7CFD8A13EA7DD6FFF8
Malicious:	false
Reputation:	unknown
Preview:	{"chrome://browser/content/browser.xhtml":{"sidebar-box":{"sidebarcommand":"","style":""},"sidebar-title":{"value":""}}}

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10409)
Category:	downloaded
Size (bytes):	10414
Entropy (8bit):	5.767778040187894
Encrypted:	false
SSDEEP:
MD5:	DF6134236F4943C412C0714A0D3CC517
SHA1:	9358F8ECE1F6247FC4A7F64F92095C19AA063430
SHA-256:	2BA2937A037BD56088C672CA523A1D5BF51E80646A2A54B290DA140F440B1EE2
SHA-512:	769A4A7D745280EF615532D47DE227EFEFCCF43BD7C9497765032574958866EBBAA6A821856E566DE0BC453AAA9533182FB7312B08B5559F1944D2A03749DE47
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["houston astros","shiba inu crypto","cincinnati bengals trey hendrickson","lake orion student died houston robotics","next gen fallout update","fbi international luke kleintank","home depot halloween skeleton dog","chicago cubs"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wM20xbhINQmFzZWJhbGwgdGVhbTKeGGRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFCQUNBTUFBQUNkdDRIc0FBQUJIVkJNVkVYLy8vOEFMV0lBSzJNQUptWUFLbVFBS0dVQUFGTHJiaDhBSlY3L2RRMEFKMThBQUZjQUlsMEFJRndBQUZRQUtXRDdkQkhPWkM4QUYxakN4dERtYkNMeGhoOEFJMmJ5K1B2clpnRDJjaGJUWmkzZjRlYUpUVXJ4Y0JvQUZGb0FIRnFzV0Q2eXQ4U2NVMFNvcnIxa2NZNjdYVGpzN2ZBQUNsVGFhQ25seHJ0NFIwL2dhaWFFamFNbk1sL0VZRFIrU1UwQUFFVklXWDFGT1ZwY1AxYTBXenR0UkZMNjdlWE8wZG1VVUVjWk5tZDBmcGd1UkhBQUFEdzJOVjJsVmtIeWdRRHRtblpRUEZnMlVIa2ZLRmlZbjdHallrTG1nU1ZYWllhYVgwWVlHMDMvZ3dEbnc2MWhPMDdzZXlEdXAzVGszTmZxdHBQb2

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	25
Entropy (8bit):	3.8136606896881857
Encrypted:	false
SSDEEP:
MD5:	7CC1B831F3ECF90996EA6E0A252DB6C1
SHA1:	B3A266AC1A0273AB8D08F1C7E598C86F12E2A861
SHA-256:	BEB0935A0C99B1936FB4AAD6FAD0B47C286274CCCFF9DD5B2CD23E5C154F9A4E
SHA-512:	7CF7DE9A8F9A396CC43092992E380378F29870E46D0951B5310562351EFF3F37FAC4C9EF9710A2AB31A8C434FB8F53CC9BA40884D7DDB61159DCB41B43F6EDB7
Malicious:	false
Reputation:	unknown
URL:	https://dz8aopenkvv6s.cloudfront.net/favicon.ico
Preview:	{"error": "Missing Body"}

Static File Info

⊘No static file info

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dz8aopenkvv6s.cloudfront.net

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fa449b5f-86a5-478f-b600-b98a032fd148.json (copy)

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fa449b5f-86a5-478f-b600-b98a032fd148.json.tmp

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

C:\Users\user\AppData\Local\Temp\tmpaddon

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState-1.txt

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState.txt (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override.txt

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\49ca02b7-2997-464a-92f7-9f6e0f689319 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\49ca02b7-2997-464a-92f7-9f6e0f689319.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062 (copy)

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062.tmp

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)

Windows Analysis Report
https://dz8aopenkvv6s.cloudfront.net