Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_dcddd4cd-22df-4f1c-9af5-c475c8295038.json
(copy)
|
JSON data
|
dropped
|
||
|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_dcddd4cd-22df-4f1c-9af5-c475c8295038.json.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
|
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpaddon
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:56:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:56:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:56:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:56:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 18:56:17 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite
|
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database
pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite
|
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 2, database
pages 8, cookie 0x7, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\permissions.sqlite
|
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 5, database
pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite
|
SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database
pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
|
Mozilla lz4 compressed data, originally 5907 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
|
Mozilla lz4 compressed data, originally 5907 bytes
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 6226 bytes
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage.sqlite
|
SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database
pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp
|
JSON data
|
dropped
|
||
|
Chrome Cache Entry: 110
|
HTML document, ASCII text, with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 111
|
ASCII text, with very long lines (3772)
|
downloaded
|
||
|
Chrome Cache Entry: 112
|
ASCII text, with very long lines (7856), with no line terminators
|
downloaded
|
||
|
Chrome Cache Entry: 113
|
HTML document, ASCII text, with CRLF line terminators
|
downloaded
|
There are 37 hidden files, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pdf-image.org/
|
|||
|
about:blank
|
|||
|
http://detectportal.firefox.com/canonical.html
|
34.107.221.82
|
||
|
https://pdf-image.org/
|
|||
|
http://detectportal.firefox.com/success.txt?ipv4
|
34.107.221.82
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pdf-image.org
|
172.67.197.74
|
||
|
example.org
|
93.184.215.14
|
||
|
star-mini.c10r.facebook.com
|
157.240.3.35
|
||
|
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
|
twitter.com
|
104.244.42.65
|
||
|
a.nel.cloudflare.com
|
35.190.80.1
|
||
|
prod.detectportal.prod.cloudops.mozgcp.net
|
34.107.221.82
|
||
|
services.addons.mozilla.org
|
18.172.170.128
|
||
|
dyna.wikimedia.org
|
198.35.26.96
|
||
|
prod.remote-settings.prod.webservices.mozgcp.net
|
34.149.100.209
|
||
|
contile.services.mozilla.com
|
34.117.188.166
|
||
|
prod.content-signature-chains.prod.webservices.mozgcp.net
|
34.160.144.191
|
||
|
youtube-ui.l.google.com
|
142.251.33.78
|
||
|
reddit.map.fastly.net
|
151.101.193.140
|
||
|
us-west1.prod.sumo.prod.webservices.mozgcp.net
|
34.149.128.2
|
||
|
ipv4only.arpa
|
192.0.0.171
|
||
|
prod.ads.prod.webservices.mozgcp.net
|
34.117.188.166
|
||
|
www.google.com
|
142.250.69.196
|
||
|
normandy-cdn.services.mozilla.com
|
35.201.103.21
|
||
|
telemetry-incoming.r53-2.services.mozilla.com
|
34.120.208.123
|
||
|
www.reddit.com
|
unknown
|
||
|
spocs.getpocket.com
|
unknown
|
||
|
content-signature-2.cdn.mozilla.net
|
unknown
|
||
|
support.mozilla.org
|
unknown
|
||
|
firefox.settings.services.mozilla.com
|
unknown
|
||
|
push.services.mozilla.com
|
unknown
|
||
|
www.youtube.com
|
unknown
|
||
|
www.facebook.com
|
unknown
|
||
|
detectportal.firefox.com
|
unknown
|
||
|
normandy.cdn.mozilla.net
|
unknown
|
||
|
shavar.services.mozilla.com
|
unknown
|
||
|
www.wikipedia.org
|
unknown
|
There are 22 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.251.33.110
|
unknown
|
United States
|
||
|
192.168.2.16
|
unknown
|
unknown
|
||
|
44.237.171.47
|
unknown
|
United States
|
||
|
142.251.215.234
|
unknown
|
United States
|
||
|
34.117.188.166
|
contile.services.mozilla.com
|
United States
|
||
|
142.251.215.227
|
unknown
|
United States
|
||
|
142.250.69.196
|
www.google.com
|
United States
|
||
|
35.201.103.21
|
normandy-cdn.services.mozilla.com
|
United States
|
||
|
35.190.80.1
|
a.nel.cloudflare.com
|
United States
|
||
|
34.120.208.123
|
telemetry-incoming.r53-2.services.mozilla.com
|
United States
|
||
|
172.67.197.74
|
pdf-image.org
|
United States
|
||
|
1.1.1.1
|
unknown
|
Australia
|
||
|
104.80.89.104
|
unknown
|
United States
|
||
|
18.172.170.128
|
services.addons.mozilla.org
|
United States
|
||
|
34.149.100.209
|
prod.remote-settings.prod.webservices.mozgcp.net
|
United States
|
||
|
34.107.243.93
|
unknown
|
United States
|
||
|
44.238.81.22
|
unknown
|
United States
|
||
|
34.107.221.82
|
prod.detectportal.prod.cloudops.mozgcp.net
|
United States
|
||
|
104.21.44.75
|
unknown
|
United States
|
||
|
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
142.251.33.99
|
unknown
|
United States
|
||
|
142.250.69.206
|
unknown
|
United States
|
||
|
34.160.144.191
|
prod.content-signature-chains.prod.webservices.mozgcp.net
|
United States
|
||
|
74.125.195.84
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
There are 16 hidden IPs, click here to show them.