Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a34a252d-42f7-46f4-a2c5-a0f6630587c6.json
(copy)
|
JSON data
|
dropped
|
||
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_a34a252d-42f7-46f4-a2c5-a0f6630587c6.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
|
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmpaddon
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:40:56 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:40:56 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:40:56 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:40:56 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 05:40:56 2024, atime=Wed Sep 27 04:28:28
2023, length=1210144, window=hide
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 23432 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite
|
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database
pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite
|
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 2, database
pages 8, cookie 0x7, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
modified
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite
|
SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database
pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
|
Mozilla lz4 compressed data, originally 5870 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
|
Mozilla lz4 compressed data, originally 5870 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 5870 bytes
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 118
|
HTML document, ASCII text, with very long lines (619)
|
downloaded
|
||
Chrome Cache Entry: 119
|
HTML document, ASCII text, with very long lines (369)
|
downloaded
|
||
Chrome Cache Entry: 120
|
ASCII text, with very long lines (59530)
|
dropped
|
||
Chrome Cache Entry: 121
|
ASCII text, with very long lines (788)
|
downloaded
|
||
Chrome Cache Entry: 122
|
GIF image data, version 89a, 1 x 1
|
dropped
|
||
Chrome Cache Entry: 123
|
ASCII text, with very long lines (3809)
|
downloaded
|
||
Chrome Cache Entry: 125
|
HTML document, ASCII text, with very long lines (370), with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 127
|
ASCII text, with very long lines (1879)
|
dropped
|
||
Chrome Cache Entry: 128
|
ASCII text, with very long lines (1879)
|
downloaded
|
||
Chrome Cache Entry: 129
|
ASCII text, with no line terminators
|
downloaded
|
||
Chrome Cache Entry: 135
|
MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
|
dropped
|
There are 40 hidden files, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.aieov.com/setup.exe
|
|||
http://www6.aieov.com/?template=ARROW_3&tdfs=1&s_token=1727764880.0415670000&uuid=1727764880.0415670000&term=Customer%20Support%20Help%20Desk%20Software&term=Customer%20Service%20Call%20Center%20Software&term=Live%20Chat%20Answering%20Service&searchbox=0&showDomain=0&backfill=0
|
3.33.243.145
|
||
http://www.aieov.com/favicon.ico
|
45.56.79.23
|
||
http://www6.aieov.com/lander?template=ARROW_3&tdfs=1&s_token=1727764880.0415670000&uuid=1727764880.0415670000&term=Customer%20Support%20Help%20Desk%20Software&term=Customer%20Service%20Call%20Center%20Software&term=Live%20Chat%20Answering%20Service&searchbox=0&showDomain=0&backfill=0
|
|||
http://www.aieov.com/setup.exe
|
|||
https://www.aieov.com/
|
|||
http://detectportal.firefox.com/canonical.html
|
34.107.221.82
|
||
http://detectportal.firefox.com/success.txt?ipv4
|
34.107.221.82
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
www.aieov.com
|
45.56.79.23
|
||
www6.aieov.com
|
unknown
|
||
example.org
|
93.184.215.14
|
||
prod.detectportal.prod.cloudops.mozgcp.net
|
34.107.221.82
|
||
services.addons.mozilla.org
|
52.222.236.23
|
||
www10.smartname.com
|
3.33.243.145
|
||
contile.services.mozilla.com
|
34.117.188.166
|
||
prod.content-signature-chains.prod.webservices.mozgcp.net
|
34.160.144.191
|
||
ipv4only.arpa
|
192.0.0.170
|
||
prod.ads.prod.webservices.mozgcp.net
|
34.117.188.166
|
||
push.services.mozilla.com
|
34.107.243.93
|
||
www.google.com
|
142.250.186.36
|
||
normandy-cdn.services.mozilla.com
|
35.201.103.21
|
||
star-mini.c10r.facebook.com
|
157.240.253.35
|
||
prod.classify-client.prod.webservices.mozgcp.net
|
35.190.72.216
|
||
twitter.com
|
104.244.42.129
|
||
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
syndicatedsearch.goog
|
142.250.185.238
|
||
ad.doubleclick.net
|
142.250.181.230
|
||
dyna.wikimedia.org
|
185.15.59.224
|
||
prod.remote-settings.prod.webservices.mozgcp.net
|
34.149.100.209
|
||
ad-delivery.net
|
104.26.3.70
|
||
youtube-ui.l.google.com
|
172.217.16.142
|
||
reddit.map.fastly.net
|
151.101.1.140
|
||
btloader.com
|
172.67.41.60
|
||
telemetry-incoming.r53-2.services.mozilla.com
|
34.120.208.123
|
||
img1.wsimg.com
|
unknown
|
||
www.reddit.com
|
unknown
|
||
spocs.getpocket.com
|
unknown
|
||
content-signature-2.cdn.mozilla.net
|
unknown
|
||
firefox.settings.services.mozilla.com
|
unknown
|
||
www.youtube.com
|
unknown
|
||
www.facebook.com
|
unknown
|
||
detectportal.firefox.com
|
unknown
|
||
normandy.cdn.mozilla.net
|
unknown
|
||
shavar.services.mozilla.com
|
unknown
|
||
www.wikipedia.org
|
unknown
|
There are 27 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
45.56.79.23
|
www.aieov.com
|
United States
|
||
104.26.3.70
|
ad-delivery.net
|
United States
|
||
142.250.185.206
|
unknown
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
142.250.181.230
|
ad.doubleclick.net
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
3.33.243.145
|
www10.smartname.com
|
United States
|
||
34.117.188.166
|
contile.services.mozilla.com
|
United States
|
||
52.222.236.23
|
services.addons.mozilla.org
|
United States
|
||
142.250.185.142
|
unknown
|
United States
|
||
142.250.185.164
|
unknown
|
United States
|
||
35.201.103.21
|
normandy-cdn.services.mozilla.com
|
United States
|
||
23.38.98.78
|
unknown
|
United States
|
||
142.250.184.228
|
unknown
|
United States
|
||
34.120.208.123
|
telemetry-incoming.r53-2.services.mozilla.com
|
United States
|
||
72.14.185.43
|
unknown
|
United States
|
||
104.22.75.216
|
unknown
|
United States
|
||
2.22.61.59
|
unknown
|
European Union
|
||
142.250.110.84
|
unknown
|
United States
|
||
142.250.185.68
|
unknown
|
United States
|
||
1.1.1.1
|
unknown
|
Australia
|
||
142.250.186.36
|
www.google.com
|
United States
|
||
172.67.69.19
|
unknown
|
United States
|
||
216.58.206.67
|
unknown
|
United States
|
||
34.149.100.209
|
prod.remote-settings.prod.webservices.mozgcp.net
|
United States
|
||
34.107.243.93
|
push.services.mozilla.com
|
United States
|
||
54.70.187.236
|
unknown
|
United States
|
||
142.250.185.238
|
syndicatedsearch.goog
|
United States
|
||
34.107.221.82
|
prod.detectportal.prod.cloudops.mozgcp.net
|
United States
|
||
172.67.41.60
|
btloader.com
|
United States
|
||
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
142.250.185.230
|
unknown
|
United States
|
||
35.190.72.216
|
prod.classify-client.prod.webservices.mozgcp.net
|
United States
|
||
34.160.144.191
|
prod.content-signature-chains.prod.webservices.mozgcp.net
|
United States
|
||
172.217.16.195
|
unknown
|
United States
|
||
127.0.0.1
|
unknown
|
unknown
|
There are 27 hidden IPs, click here to show them.