Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
4114122C0DCA23F637D83EED33F9ABCDC92709E2AC6F63FFD55F5AAE519B58AB.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\Downloads\hsI-t-r7.part
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7d2f6cb6-33e9-4ab3-8a87-0c8fbcdd18fa.json
(copy)
|
JSON data
|
dropped
|
||
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7d2f6cb6-33e9-4ab3-8a87-0c8fbcdd18fa.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
|
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmpaddon
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db
|
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 8, database pages 7, cookie
0x5, schema 4, UTF-8, version-valid-for 8
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert9.db-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override-1.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cert_override.txt (copy)
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite
|
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database
pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite
|
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version
2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite
|
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 3, database
pages 8, cookie 0x7, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\permissions.sqlite
|
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 10, database
pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 10
|
modified
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite
|
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version
2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
modified
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite
|
SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database
pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
|
Mozilla lz4 compressed data, originally 6133 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
|
Mozilla lz4 compressed data, originally 6133 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 17587 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage.sqlite
|
SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database
pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage\default\https+++wavebrowser.co\ls\data.sqlite
|
SQLite 3.x database, user version 80, last written using SQLite version 3042000, page size 1024, file counter 5, database
pages 5, cookie 0x2, schema 4, largest root page 5, UTF-8, vacuum mode 1, version-valid-for 5
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp
|
JSON data
|
modified
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\xulstore.json.tmp
|
JSON data
|
dropped
|
There are 38 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://o.pki.goog/we2
|
142.250.185.195
|
||
http://detectportal.firefox.com/canonical.html
|
34.107.221.82
|
||
http://detectportal.firefox.com/success.txt?ipv4
|
34.107.221.82
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
example.org
|
96.7.128.192
|
||
prod.detectportal.prod.cloudops.mozgcp.net
|
34.107.221.82
|
||
services.addons.mozilla.org
|
151.101.129.91
|
||
api.wavebrowserbase.com
|
52.201.92.148
|
||
app.termly.io
|
104.18.30.234
|
||
api.wavebrowser.co
|
52.70.207.234
|
||
contile.services.mozilla.com
|
34.117.188.166
|
||
a1874.dscg1.akamai.net
|
88.221.110.27
|
||
prod.content-signature-chains.prod.webservices.mozgcp.net
|
34.160.144.191
|
||
a19.dscg10.akamai.net
|
2.22.61.59
|
||
us-west1.prod.sumo.prod.webservices.mozgcp.net
|
34.149.128.2
|
||
ipv4only.arpa
|
192.0.0.170
|
||
id.google.com
|
172.217.16.195
|
||
prod.ads.prod.webservices.mozgcp.net
|
34.117.188.166
|
||
push.services.mozilla.com
|
34.107.243.93
|
||
www.google.com
|
142.250.186.164
|
||
normandy.tombstone.experimenter.prod.webservices.mozgcp.net
|
34.49.51.44
|
||
star-mini.c10r.facebook.com
|
157.240.252.35
|
||
prod.classify-client.prod.webservices.mozgcp.net
|
35.190.72.216
|
||
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
twitter.com
|
104.244.42.193
|
||
shavar.prod.mozaws.net
|
34.210.249.226
|
||
csp.withgoogle.com
|
142.250.185.177
|
||
dyna.wikimedia.org
|
185.15.59.224
|
||
prod.remote-settings.prod.webservices.mozgcp.net
|
34.149.100.209
|
||
pki-goog.l.google.com
|
142.250.185.195
|
||
dualstack.reddit.map.fastly.net
|
151.101.1.140
|
||
wavebrowser.co
|
18.211.52.186
|
||
youtube-ui.l.google.com
|
142.250.185.78
|
||
a1988.dscg1.akamai.net
|
2.19.126.225
|
||
telemetry-incoming.r53-2.services.mozilla.com
|
34.120.208.123
|
||
www.reddit.com
|
unknown
|
||
spocs.getpocket.com
|
unknown
|
||
content-signature-2.cdn.mozilla.net
|
unknown
|