Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fa449b5f-86a5-478f-b600-b98a032fd148.json
(copy)
|
JSON data
|
dropped
|
||
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_fa449b5f-86a5-478f-b600-b98a032fd148.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
|
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmpaddon
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 16:36:43 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState-1.txt
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\SiteSecurityServiceState.txt (copy)
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\49ca02b7-2997-464a-92f7-9f6e0f689319
(copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\49ca02b7-2997-464a-92f7-9f6e0f689319.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9
(copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\8f6c3a69-05b6-4c42-b4d8-a492273cb8c9.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e
(copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\956ba27e-1e2c-4538-a4ee-7e8f2d44f56e.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062
(copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\saved-telemetry-pings\c6cb1392-07c6-4da5-bbab-276546d09062.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
|
Mozilla lz4 compressed data, originally 5825 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
|
Mozilla lz4 compressed data, originally 5825 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 6233 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore.jsonlz4 (copy)
|
Mozilla lz4 compressed data, originally 3371 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 3371 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 128
|
ASCII text, with very long lines (10409)
|
downloaded
|
||
Chrome Cache Entry: 129
|
JSON data
|
downloaded
|
There are 35 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://dz8aopenkvv6s.cloudfront.net
|
|||
https://dz8aopenkvv6s.cloudfront.net/
|
|||
http://detectportal.firefox.com/canonical.html
|
34.107.221.82
|
||
http://detectportal.firefox.com/success.txt?ipv4
|
34.107.221.82
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
example.org
|
93.184.215.14
|
||
star-mini.c10r.facebook.com
|
31.13.88.35
|
||
twitter.com
|
104.244.42.65
|
||
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
prod.detectportal.prod.cloudops.mozgcp.net
|
34.107.221.82
|
||
services.addons.mozilla.org
|
99.84.208.24
|
||
dyna.wikimedia.org
|
208.80.154.224
|
||
prod.remote-settings.prod.webservices.mozgcp.net
|
34.149.100.209
|
||
contile.services.mozilla.com
|
34.117.188.166
|
||
prod.content-signature-chains.prod.webservices.mozgcp.net
|
34.160.144.191
|
||
youtube-ui.l.google.com
|
64.233.177.190
|
||
reddit.map.fastly.net
|
151.101.129.140
|
||
us-west1.prod.sumo.prod.webservices.mozgcp.net
|
34.149.128.2
|
||
ipv4only.arpa
|
192.0.0.170
|
||
dz8aopenkvv6s.cloudfront.net
|
18.154.230.111
|
||
prod.ads.prod.webservices.mozgcp.net
|
34.117.188.166
|
||
www.google.com
|
172.217.215.105
|
||
normandy-cdn.services.mozilla.com
|
35.201.103.21
|
||
telemetry-incoming.r53-2.services.mozilla.com
|
34.120.208.123
|
||
www.reddit.com
|
unknown
|
||
spocs.getpocket.com
|
unknown
|
||
content-signature-2.cdn.mozilla.net
|
unknown
|
||
support.mozilla.org
|
unknown
|
||
firefox.settings.services.mozilla.com
|
unknown
|
||
push.services.mozilla.com
|
unknown
|
||
www.youtube.com
|
unknown
|
||
www.facebook.com
|
unknown
|
||
detectportal.firefox.com
|
unknown
|
||
normandy.cdn.mozilla.net
|
unknown
|
||
shavar.services.mozilla.com
|
unknown
|
||
www.wikipedia.org
|
unknown
|
There are 21 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
1.1.1.1
|
unknown
|
Australia
|
||
74.125.136.84
|
unknown
|
United States
|
||
172.217.215.105
|
www.google.com
|
United States
|
||
142.250.9.139
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
34.149.100.209
|
prod.remote-settings.prod.webservices.mozgcp.net
|
United States
|
||
99.84.208.24
|
services.addons.mozilla.org
|
United States
|
||
34.107.243.93
|
unknown
|
United States
|
||
34.107.221.82
|
prod.detectportal.prod.cloudops.mozgcp.net
|
United States
|
||
52.25.6.244
|
unknown
|
United States
|
||
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
34.117.188.166
|
contile.services.mozilla.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
18.154.230.111
|
dz8aopenkvv6s.cloudfront.net
|
United States
|
||
64.233.176.100
|
unknown
|
United States
|
||
13.33.19.100
|
unknown
|
United States
|
||
35.201.103.21
|
normandy-cdn.services.mozilla.com
|
United States
|
||
142.250.9.95
|
unknown
|
United States
|
||
34.160.144.191
|
prod.content-signature-chains.prod.webservices.mozgcp.net
|
United States
|
||
44.239.14.124
|
unknown
|
United States
|
||
23.40.207.139
|
unknown
|
United States
|
||
74.125.138.94
|
unknown
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
||
34.120.208.123
|
telemetry-incoming.r53-2.services.mozilla.com
|
United States
|
There are 14 hidden IPs, click here to show them.