IOC Report
4114122C0DCA23F637D83EED33F9ABCDC92709E2AC6F63FFD55F5AAE519B58AB.zip

loading gif

Files

File Path
Type
Category
Malicious
4114122C0DCA23F637D83EED33F9ABCDC92709E2AC6F63FFD55F5AAE519B58AB.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
malicious
C:\Users\user\Downloads\hsI-t-r7.part
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7d2f6cb6-33e9-4ab3-8a87-0c8fbcdd18fa.json (copy)
JSON data
dropped
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7d2f6cb6-33e9-4ab3-8a87-0c8fbcdd18fa.json.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
dropped
C:\Users\user\AppData\Local\Temp\tmpaddon
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
Mozilla lz4 compressed data, originally 23432 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
Mozilla lz4 compressed data, originally 23432 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 8, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override-1.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override.txt (copy)
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
Mozilla lz4 compressed data, originally 56 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
Mozilla lz4 compressed data, originally 56 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 3, database pages 8, cookie 0x7, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
ASCII text
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
ASCII text
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\permissions.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 10, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 10
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
ASCII text, with very long lines (1717), with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite
SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
Mozilla lz4 compressed data, originally 6133 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
Mozilla lz4 compressed data, originally 6133 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
Mozilla lz4 compressed data, originally 17587 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage.sqlite
SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\default\https+++wavebrowser.co\ls\data.sqlite
SQLite 3.x database, user version 80, last written using SQLite version 3042000, page size 1024, file counter 5, database pages 5, cookie 0x2, schema 4, largest root page 5, UTF-8, vacuum mode 1, version-valid-for 5
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp
JSON data
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp
JSON data
dropped
There are 38 hidden files, click here to show them.

URLs

Name
IP
Malicious
http://o.pki.goog/we2
142.250.185.195
http://detectportal.firefox.com/canonical.html
34.107.221.82
http://detectportal.firefox.com/success.txt?ipv4
34.107.221.82

Domains

Name
IP
Malicious
example.org
96.7.128.192
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
services.addons.mozilla.org
151.101.129.91
api.wavebrowserbase.com
52.201.92.148
app.termly.io
104.18.30.234
api.wavebrowser.co
52.70.207.234
contile.services.mozilla.com
34.117.188.166
a1874.dscg1.akamai.net
88.221.110.27
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
a19.dscg10.akamai.net
2.22.61.59
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
ipv4only.arpa
192.0.0.170
id.google.com
172.217.16.195
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
push.services.mozilla.com
34.107.243.93
www.google.com
142.250.186.164
normandy.tombstone.experimenter.prod.webservices.mozgcp.net
34.49.51.44
star-mini.c10r.facebook.com
157.240.252.35
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
twitter.com
104.244.42.193
shavar.prod.mozaws.net
34.210.249.226
csp.withgoogle.com
142.250.185.177
dyna.wikimedia.org
185.15.59.224
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
pki-goog.l.google.com
142.250.185.195
dualstack.reddit.map.fastly.net
151.101.1.140
wavebrowser.co
18.211.52.186
youtube-ui.l.google.com
142.250.185.78
a1988.dscg1.akamai.net
2.19.126.225
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
www.reddit.com
unknown
spocs.getpocket.com
unknown
content-signature-2.cdn.mozilla.net
unknown