General Info

File name

rufus-3.3.exe

Full analysis
https://app.any.run/tasks/949beedd-a1d6-49a6-93d3-7e9e831278e7
Verdict
Malicious activity
Analysis date
1/11/2019, 09:42:11
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5

e32a70b9bc326099a42945389ce5a253

SHA1

03a5e4e873bdeb2a8c17abc41ded592654f89e35

SHA256

45bd13ca54f037a5ba70a60bfc4a72e65e42a45445ab092b1a712c3169a2d93e

SSDEEP

24576:TYNYvhlkERiIk7bNc+KE5U2vew9kyb+rREmoKWNYZNKtXaoGifw:2YvhLQnbFjmw9k24to3eZ9/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes Windows auto-update feature
  • rufus-3.3.exe (PID: 764)

No suspicious indicators.

Reads CPU info
  • firefox.exe (PID: 3460)
  • firefox.exe (PID: 2772)
  • firefox.exe (PID: 1328)
  • firefox.exe (PID: 3056)
Application launched itself
  • firefox.exe (PID: 3460)
Creates files in the user directory
  • firefox.exe (PID: 3460)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   UPX compressed Win32 Executable (64.2%)
.dll
|   Win32 Dynamic Link Library (generic) (15.6%)
.exe
|   Win32 Executable (generic) (10.6%)
.exe
|   Generic Win/DOS Executable (4.7%)
.exe
|   DOS Executable Generic (4.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
0000:00:00 00:00:00
PEType:
PE32
LinkerVersion:
2.31
CodeSize:
978944
InitializedDataSize:
45056
UninitializedDataSize:
1994752
EntryPoint:
0x2d5e00
OSVersion:
4
ImageVersion:
1
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
3.3.1400.0
ProductVersionNumber:
3.3.1400.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
https://akeo.ie
CompanyName:
Akeo Consulting
FileDescription:
Rufus
FileVersion:
3.3.1400
InternalName:
Rufus
LegalCopyright:
© 2011-2018 Pete Batard (GPL v3)
LegalTrademarks:
https://www.gnu.org/copyleft/gpl.html
OriginalFileName:
rufus-3.3.exe
ProductName:
Rufus
ProductVersion:
3.3.1400
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
01-Jan-1970 00:00:00
TLS Callbacks:
1 callback(s) detected.
Comments:
https://akeo.ie
CompanyName:
Akeo Consulting
FileDescription:
Rufus
FileVersion:
3.3.1400
InternalName:
Rufus
LegalCopyright:
© 2011-2018 Pete Batard (GPL v3)
LegalTrademarks:
https://www.gnu.org/copyleft/gpl.html
OriginalFilename:
rufus-3.3.exe
ProductName:
Rufus
ProductVersion:
3.3.1400
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
01-Jan-1970 00:00:00
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
UPX0 0x00001000 0x001E7000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
UPX1 0x001E8000 0x000EF000 0x000EEA00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.99975
.rsrc 0x002D7000 0x0000B000 0x0000A400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.93357
Resources
1

2

3

4

5

101

102

103

104

105

106

107

108

109

110

120

121

122

123

124

125

126

131

132

133

134

135

136

141

142

143

144

145

146

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

400

401

402

403

404

450

451

500

501

502

503

504

Imports
    ADVAPI32.dll

    COMCTL32.DLL

    COMDLG32.DLL

    CRYPT32.dll

    GDI32.dll

    KERNEL32.DLL

    msvcrt.dll

    ole32.dll

    SETUPAPI.dll

    SHELL32.dll

    SHLWAPI.dll

    USER32.dll

    WINTRUST.dll

Exports

    No exports.

Screenshots

Processes

Total processes
41
Monitored processes
6
Malicious processes
0
Suspicious processes
1

Behavior graph

+
start rufus-3.3.exe no specs rufus-3.3.exe firefox.exe firefox.exe firefox.exe firefox.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3140
CMD
"C:\Users\admin\AppData\Local\Temp\rufus-3.3.exe"
Path
C:\Users\admin\AppData\Local\Temp\rufus-3.3.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Akeo Consulting
Description
Rufus
Version
3.3.1400
Modules
Image
c:\users\admin\appdata\local\temp\rufus-3.3.exe
c:\systemroot\system32\ntdll.dll

PID
764
CMD
"C:\Users\admin\AppData\Local\Temp\rufus-3.3.exe"
Path
C:\Users\admin\AppData\Local\Temp\rufus-3.3.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Akeo Consulting
Description
Rufus
Version
3.3.1400
Modules
Image
c:\users\admin\appdata\local\temp\rufus-3.3.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ole32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\riched20.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\gpedit.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\dsuiext.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\dssec.dll
c:\windows\system32\authz.dll
c:\windows\system32\dfscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\slc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\en-us\shell32.dll.mui
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll

PID
3460
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\progra~1\mozill~1\nssckbi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\mozilla firefox\mozavutil.dll
c:\program files\mozilla firefox\mozavcodec.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\slc.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll

PID
1328
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.0.1913816572\267219909" -childID 1 -isForBrowser -prefsHandle 708 -prefsLen 8309 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 1424 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
3056
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.6.1002851602\150400053" -childID 2 -isForBrowser -prefsHandle 2248 -prefsLen 11442 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 2432 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

PID
2772
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3460.12.1810083646\1790768481" -childID 3 -isForBrowser -prefsHandle 2964 -prefsLen 11808 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 3460 "\\.\pipe\gecko-crash-server-pipe.3460" 2968 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
61.0.2
Modules
Image
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\hid.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mscms.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll

Registry activity

Total events
660
Read events
565
Write events
39
Delete events
56

Modification events

PID
Process
Operation
Key
Name
Value
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}User
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Microsoft
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Microsoft\Windows
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Microsoft\Windows\CurrentVersion
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Microsoft\Windows\CurrentVersion\Policies
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows Defender
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}User
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Microsoft
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Microsoft\Windows
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Microsoft\Windows\CurrentVersion
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Microsoft\Windows\CurrentVersion\Policies
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows Defender
764
rufus-3.3.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
764
rufus-3.3.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{F32403BC-E15F-4BE1-9AC4-F3FB0EEB9801}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutorun
158
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Akeo Consulting\Rufus
Locale
en-US
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Akeo Consulting\Rufus
CommCheck64
01F0200000000000
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Akeo Consulting\Rufus
UpdateCheckInterval
86400
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASAPI32
EnableFileTracing
0
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASAPI32
EnableConsoleTracing
0
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASAPI32
FileTracingMask
4294901760
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASAPI32
ConsoleTracingMask
4294901760
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASAPI32
MaxFileSize
1048576
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASAPI32
FileDirectory
%windir%\tracing
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASMANCS
EnableFileTracing
0
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASMANCS
EnableConsoleTracing
0
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASMANCS
FileTracingMask
4294901760
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASMANCS
ConsoleTracingMask
4294901760
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASMANCS
MaxFileSize
1048576
764
rufus-3.3.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rufus-3_RASMANCS
FileDirectory
%windir%\tracing
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutorun
158
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
IncludeRecommendedUpdates
0
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
0
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows Defender
DisableAntiSpyware
1
764
rufus-3.3.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71F77986-393B-4C0B-B574-C2FE125904D7}Machine\Software\Policies\Microsoft\Windows Defender\Real-time Protection
DisableRealtimeMonitoring
1
3460
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3460
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000

Files activity

Executable files
0
Suspicious files
79
Text files
25
Unknown types
32

Dropped files

PID
Process
Filename
Type
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1C0D8D70BA2E23799CA1CDF00D9573FEBE75B674
der
MD5: e95195d5168ecff7792c7fb8f0b72407
SHA256: a7285d45696e2ec51a0cb21f14122e244e851d654d6006dfa175d4b12d31caa3
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: da228e88b70cf6a341ebffb348c4c250
SHA256: eca1d3b921a623c88603f8e8b884aba5dd641c8e6c7778a8a95a08d9af5622ec
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: e81c3e781c4a274cb0377b38d194a4b5
SHA256: cc0c2171dbd3dce925af7fa3ed7e71aaf5fe11cfeee31df8ad8e9191a2ca86d3
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
text
MD5: 120b885c3becc77ebf6b7d377e5e867c
SHA256: cd256c79351140a6e27ef0373e120f245d07b189130ebf40baf4d3859897780d
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.tmp
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\772B91EB8ADA77B3D2CBDD22461F4552E9AE1885
binary
MD5: 589da4e667e6eadb60c605a8147774c2
SHA256: 0e531f770ef5365c34cc03d6b441f215f6e62d623e3e612b0de4bcff67f51dc6
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
binary
MD5: 360d6b9419f7f1ff0224c8e2336b4a88
SHA256: 50646bc8b99fe583f16c07cf9121a523d0f77e289a18613be9d88a79b66e0603
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.baklz4
jsonlz4
MD5: 9073a8e12d3044d2fb02454b5186c134
SHA256: 7f0cd23dc53a555bedf11bdc117d151b2fed3700e9d5d6ae4fe1c11e8f7465a4
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: dcfb54a9288d3dded859ea2654cd8d7c
SHA256: 1a10f81b29dad4909d8eee0d5af043568cd73ab0eb219097245fc0d7f8d568b2
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4.tmp
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22
binary
MD5: fc24bb05266c0cf8c70d8f2b76651220
SHA256: dea72acf4b63599e793e206f45ce531bba19af2e15f6f7d7279ecb9b8e44eadc
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\AF3D286772C601B77184DF2DDA8ED91D1624DFDF
compressed
MD5: 2ae21a8b69a35993b684d972d33f41fb
SHA256: 492d1841e459cccb1a5b82dbe5b32a570a544e28b8d2376a475c995a2041ceef
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7171BBBD5DCB37260C0EAC4FB6B839525A1ADBBC
binary
MD5: 4a491fdfd7feba2fa4af96899c3be740
SHA256: 53c3523b28fade94bc82425cf7f053e7c21aae5c078335e97c99bbdf9032d5c6
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FF458856A11F802250EDC439FF4123CC3CB58703
binary
MD5: c24d22c637faf4134223a130ebaded27
SHA256: 2c1cc463318806cee1f09719383755c5ca2fa8c32075bcd7ee6fb31a8e8bb2c7
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C8069659719CBC4D1B7D6DB9DDF5D40533D75B36
compressed
MD5: 5cda91fd4efff8e71b2f8ca97a276cec
SHA256: 9da1a732f90e4bb1570e50441aea6fc224b0039eb3eb84f1969eb0069a30a156
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\162A3B46CCB124155EDEEF7B8B0FFE8B834BD8F1
binary
MD5: 491d96518e40a0a8dba24371d4ddd1f3
SHA256: 19ae9c133a284df93898527f72f583ae1a67b0c370b9818250c9da676c37b851
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FB57FDDC920545D5629F0CAC03FBBC3E1DED6C4C
der
MD5: fb80ee3be5d89148de182d6e363233cc
SHA256: c16c7bf72ad53cb5f3045f8d92eb68f198366bde38bce07b28b7317fa84ca499
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\37E2B2B4590A8E2BA81E7299D28E74C2D1705347
der
MD5: a6616521e95fbffe33473e4410c390fd
SHA256: ecb232fc0e32bd3089599ebe567916fe990c48f60c1de3806a6f1e1cedee0fba
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\772B91EB8ADA77B3D2CBDD22461F4552E9AE1885
binary
MD5: 386c943763673d499032cf6fe2b3f9fd
SHA256: b57e71cfbc80ae4c3e1cf2c2e86c5a82ab3d604df6de2b524f2cdec61425fab1
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
binary
MD5: 4435ece8dd504ab1014e54a9b9ec4c8e
SHA256: 20855e5048fbbda41025253e54f0eceff7640ad29a0fdb6f778e61120ad419e2
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A56B126CBFA5A6DE02E8F6BAE45FC8901767ECBB
compressed
MD5: 2f5aed4e7b0958a09f09c9cf39b7968b
SHA256: 9005d460e88136689d108cff61f14cec21b2dea51ab5ccbdfc062bc2f93659ce
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5EB9D9CE561BF2D588485547E7400A9543084773
binary
MD5: 83216234d517f05d892f71c529c101be
SHA256: fa2cb6c6cc71250f146ee58910eb9d6aa0197fe2f3eb7c164c92326039a31918
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\54EBB405E2641C253219B2A1F33054C8DBE2C9EF
binary
MD5: 58c2d7cf62c8d888f6a59d753214eabc
SHA256: 03715121f7d82d94f48dc5da2235a236bb6623bb3a3d5d9a4127615cef73c138
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8ABC26C8C3FFC237578B15E037B8F7B94C70E7EE
compressed
MD5: f5afd2500fbaa709f0acd98a22521e9f
SHA256: 10471acfaf81bbcc6652bb779e0f0060859957a5976fef746651ea49d963aa30
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\FAF98FACB473B25FAD424BAEDAD94DE8459F8EF0
compressed
MD5: 9157fea848e0b98e4f9d5a49e6f949c9
SHA256: 9042506f5ad1f492842ff97789ff40dcdd82a900441d2cd951b2f1c708be06a1
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\94F2951305920C917F98DABDD3D97F445A964330
binary
MD5: 0315706497fb094eb938d7eb36444a79
SHA256: ac2cf441e9a78829ccd86cbb94ea4be1a66742637afce420f745218f86fcfabe
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\05CB4A0C17B2DAD4E630E643A1D2AC60FB2D5D52
compressed
MD5: 5fa0abaf2e5b2cebb77b836b2e10aa5a
SHA256: e642693081fed08639cc386c96a0ef2cf2bd3c1a6f2d87046413ce03bc44d003
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6E4F9CB5C2405C20D9D8F6307282F1A5E51FF423
binary
MD5: 39af9f6d74a46373ad78b3b6acd55caa
SHA256: 1cb635dc09fc847388939a45e56df66df11954719d76118d0ba4a288c76dc953
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6D5FEA2CA92EBA28504F7A64817216753874FF40
compressed
MD5: 80296a3fac1f634b1423964022845f6a
SHA256: cd907df4aef83ea2e0176d1d8045b0b23449b723b88a96c25cedfc6a90c65ed6
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8C98F893C7DC5F2C401AD1482A81572B54197408
image
MD5: 8ffd55db33f18449a0b2d6cc6bc789f8
SHA256: 09c213fb3aef6974c5e9c0809c62fbc7a9238feea7ea554dc89a1632fec8d1ed
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\62018D5B0887679CCB092C88B9C17BE83CD0D521
binary
MD5: ab1898d5a8e187d0e41f85164d48653a
SHA256: cdaa3fd19efa585730252eb637232757b8c238af4b4ea6985d9cac12f8301998
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2FF442BC95DF3DA9E05D0DFE9B9ACAC54718A41A
der
MD5: fedb3c76c06a0de55e7386d142dd3f30
SHA256: 9036ba1df63c8df4f791824bbe17071a4a607ae701d9945b9dbe492aabf03ece
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\375552B5E1EF4C072A63DEA899111127EFE16F91
binary
MD5: 99d26268e68cbd2f683d0a66b2160686
SHA256: b8dc75b140283c352aa8713c9fe7b12eb794cbc0117f57f5c83115d43a0dbffd
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC
image
MD5: 918262395e02e8e599d53fef14a15feb
SHA256: 8da46edc69a538222c05f56461118828856d3a284ee4e564399655f8ddeeba9f
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\6C9B846926C287B15F67D64CE91F1CFA7D812660
image
MD5: 3c4ee6f0618ce248fb654b07178e725c
SHA256: 502f5410b8fd346eb1e5bb3de18422c7bc65dbf34a7278505d0ea58bd7192688
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\5A317A5100D744C9E64B738CC1349F1F02FBD04A
der
MD5: d171bdbbd07e9c74fec9e62fef0c683e
SHA256: aba085771bfc4bb9aeda196029281c8349b6a4823650b440c4da923c7b260853
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\772B91EB8ADA77B3D2CBDD22461F4552E9AE1885
binary
MD5: a8682e70f6753dd802bfc40354e12917
SHA256: 7241d83b365b5f7580e671b07ce2ce7c41ce1dd6d1dd63f80b2144a622e5e7bd
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DAEBC98FB84F054D7F1FF644A232F8DBA96D8D2C
image
MD5: a74382954fc5e3e59ba1b778b1f56526
SHA256: 18e5e2ace3942876a6e5bfb65f81d435df703abfdda0e1260cc2b239bfc0bb26
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\1A6D0AC0D2198FADBC4C58E0FB5B020505413D2F
image
MD5: 3a67c51e325e794b066e30835abaa117
SHA256: c982568448a99789ddb2e78a6975188c0ee7629a561cf28eb4494fb0bdf4064c
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\7F29B36C32090792E2114A55C1EA153E1FED32D3
image
MD5: a0a8d4bda6278d81f5ba84b4a509bf3f
SHA256: e54088efb49abf205ab0fe881ba0b3baf43b030e56364c6feda0b35c8b86774c
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D66395D736C3F28FF68784A8D8F13C8510466E89
binary
MD5: 9e431fdc233c808812913822847eaca5
SHA256: 6ecc0564e2f423dc78a755c24b7ae35fbdbbe59c7c4714aa1f087f365dd2fcf0
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
sqlite
MD5: 6ac78beaa50889b3feb19e6e59ca1267
SHA256: 4de730e4eabc66329e26d380672fa267ab4c28fb2ffc8ecbf1e24e374f433bd1
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
binary
MD5: ad81315c4c286245a07b7d9d1660a9d6
SHA256: cef97cec861386eb5f09cf35c24c13745f65be261ac45ef9008c76c3a21b63d6
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite-shm
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite-wal
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite-journal
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-wal
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\11BCE14743C225F2783135884135F20638A987E6
binary
MD5: 10cb10b0fe43f836ad7f75458da764c4
SHA256: 82a4f98727ecfb4d21ef8150be5e6d614bfc56d0d0c54e25c14c0a02dc2462f5
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\C1736F7F2E19A7E4C7EBD8C1D4C7DD3B18024474
binary
MD5: 4dc3eeb6dc46fe5ae8f1e628ba6d9400
SHA256: f476895b1fde0d962c3dc0a651c72e837b123a469f8b0c5f97b5162696f11c8c
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CDAF09D523C60A8C2FEC71ADC12CA381472277DF
binary
MD5: 3e7aabb21919463a40c2ac240ad008d3
SHA256: 829351bad08fe7448999643b99b267915710c33b2b27ec555964ab185901068e
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\586C228689B4D4D767FE09EB21AF750D877C1ACE
binary
MD5: 19d0fb5434081e4a5cb6d7f5a0db1aa3
SHA256: c73d04e7bbdf19f3048943091a2ed307fca0a52e6c032c9932e4d46256686e77
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\2CA5B82D222D108835BCE0AB81D044802F220EEE
binary
MD5: 834da2cd0df74e734c7df20238219fd4
SHA256: f340f66b11a0b139fbce651b56d1d7aa17c6b06b7aa070dbd0585c28cdc299a5
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\64566307B0E4607770A52CAD4CEE0B079F4E19DA
binary
MD5: 9b160d2a637a7e010bccbaf0c481d9ff
SHA256: 12209a117ad2b7c62694727ce195652a5a9c67644335ac104fa4e36d50d6af4c
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\EF29A8A7AF298BAC42128FA6BBA436BEB130EF1C
binary
MD5: ee440439950cc012e2ebb0c46c40ca0e
SHA256: 7c63fb1ac00c9bd7964c7034bfbb4b9f3ed8d93746e1c7b6b30c57708eaa14ef
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\352C13FE21E110BF8A617C6FBEF84FE143D5E176
binary
MD5: 5ee9f70cbf3baab439ba88669cfdb302
SHA256: 2561dad0eaa92d51f52ee44aecfdf27694350e15c013d1c6cee9d7901cef63c4
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child.bin
binary
MD5: db70641871cbc3f73e07ce30ed2253ca
SHA256: 0ad6edd8fed18c513eaf51d35e6f55afe5b628ce85d723d65de346e34696ab08
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-new.bin
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache.bin
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-new.bin
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache.bin
binary
MD5: 551c426ded83eac36823f99be33629fe
SHA256: 615913cad564a7d26a87831b143a41d6b72db301451f1fd36de5af5c080cddea
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-new.bin
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\290892276B15921BB9B53A0B00C348DE3818CB89
binary
MD5: dfef91b2c613a9395b0bd3be2c52507d
SHA256: 88386080f42a2a172d4c2db921dd1d6ddc97763203507c9760fdf2c7c864ba17
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\A3AA1E0DF2A158067979FF078BCE54B507CED580
binary
MD5: aa65e470609bb9eedd4c955e49cbe120
SHA256: d4e9ef6de4cade133910babf5d11eedd4406a9d5e708fc753fb350d236da9609
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\44D5A0C979E3B10F14AEDAF24EB1F1B0A6E7C610
binary
MD5: 460f3b433c7e26910857464d1eefa625
SHA256: 5bb2eb37f1188b9cbd59d2033b1f06ee47436b3ddee2df9752c1c864bc2eaa67
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E01B95D1091F87BAF02770D788C81305DF834EC1
binary
MD5: be5700b963502961c644336d13333b6a
SHA256: c54417da48ad3f999f5023f40c66d2db043d667c4c29838ec911d2150273ce7e
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\3FD6374D0A8E844252C6A153115105D35B02A0C5
binary
MD5: 6099a3f115938070271b59a6394f139b
SHA256: c9a581eddd7203b94e57d299f49fc86bfb826b17a22d4f18e9fe6fd40e969975
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\CBDD002E62367B168543B5516A584AFCA8F0593A
der
MD5: 395b7984c3783b872172f2a7b8802b41
SHA256: 7ec31c73b597a9ba81eb4b1a9dbc99061d100e2cf874fe8cfe30899476867423
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 87b9f6397bc440930af3b4500a57c093
SHA256: 5f27fb86f7480c8980289b7ead816594b03e9d40f9659311db1982459c1546b0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-backup
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: efa5a8eb635a84794e47db259fa2c736
SHA256: fcedc334b75727bfef6af6177d3befbe63c011f4b7e69a089c7dcd44e8fa3ba6
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\90DD8781C823FB9D0BFDA73351D04FAC45866E94
der
MD5: 30ee59b6f2b3c2754dca624281949467
SHA256: 14eab070dfbbbb6d26d4c634d9555e3f44a21e3cc3b98e28d7540d3b0c4719b4
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 12df881cc87c86bfaaf9b7cd6174dfc8
SHA256: 00b8d3c2c4ae065ef32ff6ac943b304a55d7ca6307b08048f6ea48fbc8e370f2
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\75A419ECC30883A6BEDBAF499E7C371BB1879535
binary
MD5: b0370ae42117bb70f23cc7e572640ed5
SHA256: 23586c80583b62dc130a3135823a6ca654f03a4dfc72b2774b8d5f7e0142ea31
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.sbstore
binary
MD5: 65e942614eee70680464ac4be75019fc
SHA256: 34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple.sbstore
binary
MD5: a5695cc64d77967232b0c1344c6e72b3
SHA256: 042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore
binary
MD5: 3d1ce5e50208f0cb3b979186043a548f
SHA256: 1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.sbstore
binary
MD5: 051fb32dece757ba112ac36dc72e3a91
SHA256: 0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.sbstore
binary
MD5: 95f28ede25c301301f25fbbd9a3c56ec
SHA256: 87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore
binary
MD5: 3675254e341df799d4307c1f59109185
SHA256: 23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\recovery.jsonlz4
jsonlz4
MD5: 9073a8e12d3044d2fb02454b5186c134
SHA256: 7f0cd23dc53a555bedf11bdc117d151b2fed3700e9d5d6ae4fe1c11e8f7465a4
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
jsonlz4
MD5: e381f4a703d1e2f98bbd4060fbe31959
SHA256: 157141f9ba4e70b10098e61b24443e46d527b7e3a554971ab89a0c5ce6fb51f0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\DB2987F4710DACF9D033C72A8B00DACAF12BAA7A
der
MD5: 9e4a94b9c4e6b56590d44ca94d0f7007
SHA256: 1d52c556e51d104a05c19bdb40cc783881df1beb71eec302b0bf516243196be6
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\E325B486B777C14C29762600D998974140F8FD34
binary
MD5: 8ae81eee2021124591162022e73c0857
SHA256: 8a2dba8fc1dac022876923e4dc0208c0415f598160b5cb2b470833a2fbca7db9
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\F035F64B1C42C2DD03F2D9FE52142849F8E906A9
der
MD5: f0bcf8578482525bd1193c1a8ef20cc2
SHA256: fa5b778e6cf4f927928f2aba05315009a032117d4ced0fac59ebc13144fac12a
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\2
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
jsonlz4
MD5: ee4da98708b1c1ea6e288fa8b6dc3998
SHA256: d63335f4e193f80d5b29e365b93e3d1c0f12858d8a574ac742a4020d9dc6ad7f
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\12A65D276A2524EE4B18A265EA7D9EA172F82B91
binary
MD5: dc73ef803b2d1be124c1584fc115eafd
SHA256: c11d9b63bdccb5652ae3b003a1133ccce36fac14e5ea022f51a67bd09ea50f9e
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: b57e7d6b26ce43daa26d5bfd0881a765
SHA256: 5968ffe37cef6243dc45af2758b529258995f24cb0db0b60cd0e4ee3a78f7b21
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-trackwhite-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-track-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-harmful-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-unwanted-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple-1.sbstore
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\8D89752B874364313681F80D0FBFDF7521A9D09B
binary
MD5: b76bd020bcd33cf92d963bad9d732f3a
SHA256: cf542011ccb3675b44285f6833a27b3f4c6bcf18e784d56b3cd8dabc4a28abbd
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.sbstore
binary
MD5: e2cf527ca7550b7e7bdf7311e483a2c3
SHA256: f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore
binary
MD5: bdaa2a3b4259ebf8dd87e5769b1bf3f4
SHA256: 8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-block-simple.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.sbstore
binary
MD5: d6acf2573e12afdd7939568804d3fcc1
SHA256: 5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozstd-trackwhite-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\mozplugin-block-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.pset
binary
MD5: 956da9703243b882baee1b320e9fb606
SHA256: 45a7cfeb7304cedc0fff05247d16ea745384603e46ca63ffcb2f2603d27f26eb
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-unwanted-proto.metadata
binary
MD5: c834f081a427580ca4661f1646d92b93
SHA256: e3672be937c311b3e6a2a825f4aa0b3d7bb67f93a336874ef00a185866be1b13
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.pset
binary
MD5: cd6e12988fe9f72fe4a2a529c9eb2a6d
SHA256: 835da593f7efc223e291af8eb16b99c3a1bad5a9e89f22e696ada202fb2029d4
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.metadata
binary
MD5: bb9d8f55e9156fa6ffefa41d2102d400
SHA256: fb97e6aaffb325fa27434d746372d9ecf549e59c2b0476b3da39b42435ab6d6a
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-malware-proto.pset
binary
MD5: b2a6475baaaefda29e3f21b2e51ec23e
SHA256: 2a03b353e4e8412bcf98976ae589b6af24f12ea5802252394e6345200dd0f5b2
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.pset
binary
MD5: 16c5aee35e9d1fd0e735cfbef142be20
SHA256: 00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-phish-proto.metadata
binary
MD5: 09fbbf39cf99ab9c36514819b05bdbfe
SHA256: 6c2f4152ec6fe51c16b83cc39388f3f8179f592f24afcd9584760ef09a0fb496
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.pset
binary
MD5: be469e82d40529c40a46fe86c3e69d03
SHA256: fb21601b552cd7d9cbb8940912d2fcab1d19707b1d5b9ab0fd0199f89a64fafd
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-downloadwhite-proto.metadata
binary
MD5: 578f74adf6e96eef17ba8ab4d5738408
SHA256: e9780c16075e62e66cf47594262edb17da9b3c6a1dad555a5fd1c91969c81621
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\google4\goog-badbinurl-proto.metadata
binary
MD5: ad03bc546b37ef44db3cfa1e00c2ea47
SHA256: 2fca11241229fd4c5948f4c25657a9bcdcdff44237d0d0450b01ed6496c769eb
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.sbstore
binary
MD5: ba0009932844173bc8f9af264229df24
SHA256: 66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.sbstore
binary
MD5: 6f85bc4b2ecb49e26b0bd83a821065d0
SHA256: c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.sbstore
binary
MD5: 04824a1f92353f43ebb9e7f74b7476fd
SHA256: b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.sbstore
binary
MD5: c921d8e98fa01b4f303481e112202e92
SHA256: 4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\except-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flashsubdoc-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\55F3A8141B0F01292545EBF09A1E053D6C64205B
binary
MD5: d309da82295fdad4ff3c0905610687f3
SHA256: bede717489811529a8e68da01ce347153eba82fa644cd7402438eae5c57980dd
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.sbstore
binary
MD5: 0e8fe60ccd7e9b4c32589a5743a95302
SHA256: 2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.sbstore
binary
MD5: cd82f4495eafe523b9b6b938c828611b
SHA256: 576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\block-flash-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.sbstore
binary
MD5: d886a47c89d9c49c795da345bc236990
SHA256: a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\allow-flashallow-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\base-track-digest256.pset
cdxl
MD5: 076933ff9904d1110d896e2c525e39e5
SHA256: 4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\doomed\3319
binary
MD5: 2b47f318fdcfabf9b88818d1f266b6ca
SHA256: 552e9205f11d8bed37e6d3c068cd7393893cacae4f21d922e895fb26b3191a54
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\entries\D1348B175A1BC428CE2387246FA36550B0441152
der
MD5: f899adcf32b899ad3657c5f940e9c12a
SHA256: c1c08208e3cc8bee23f682edd22a95a875f70573ff350fe55fb5de1e699d5172
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 8fdd9d8f6ceb39471f920a8a676faf1b
SHA256: 01cae2e307789a61a57a157c7b9b4c8de875bb75ef220307be4d71d7ed56450d
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm
binary
MD5: b7c14ec6110fa820ca6b65f5aec85911
SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA256: 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: c4e3c558273683c966a6bd8422d62da1
SHA256: a5d46b1ff8844c38def40a17d44da8c948fb8b073eaf10ba41eefb6e837d0f37
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
text
MD5: ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA256: 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
3460
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
3460
firefox.exe
C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.bin
binary
MD5: 707c12070c52e55c2a996ac15e219b95
SHA256: 6c5410c655c8efc48d123abe708c8940a4218072c0daf85e03ab45da6d2ce6b9
764
rufus-3.3.exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: 609c36fa5665162fa915fabbaa7c040c
SHA256: 80d1e14f44fb3e2cb16c1f44afd3dddffb90ed8fa24fd8be4174bb1387f13734
764
rufus-3.3.exe
C:\Windows\System32\GroupPolicy\GPT.INI
text
MD5: 609c36fa5665162fa915fabbaa7c040c
SHA256: 80d1e14f44fb3e2cb16c1f44afd3dddffb90ed8fa24fd8be4174bb1387f13734
764
rufus-3.3.exe
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
binary
MD5: 5737ecb7851dd0241c52d4cc727afdda
SHA256: 8d0f3a1cddc53b529692a8f6b58b7aa99f88b8d3ee8bd7e18a2dfeee63aba97a
764
rufus-3.3.exe
C:\Windows\System32\GroupPolicy\gpt.ini
text
MD5: b80da72138836f4ae021f8ab704ac61b
SHA256: d3e559031c039c67a0cb8f54d9dafe05306bc9739907171e07259c865f6fdaa4
764
rufus-3.3.exe
C:\Windows\System32\GroupPolicy\GPT.INI
text
MD5: b80da72138836f4ae021f8ab704ac61b
SHA256: d3e559031c039c67a0cb8f54d9dafe05306bc9739907171e07259c865f6fdaa4
764
rufus-3.3.exe
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
binary
MD5: 377ac641cf4f9667421e54d62a25bd4c
SHA256: f25a5a5aba722fc2f09a1086a132aeebdbcc17adcbbdbde1a7ae960db97dbd37
764
rufus-3.3.exe
C:\Users\admin\AppData\Local\Temp\RufEF55.tmp
text
MD5: 17c4435a27a30ab375247f2c6d053ff0
SHA256: 117dcde8a5e57afb222bdfc9550e97422d17ead53e736f4a8bc7bd1a52ff431e

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
11
TCP/UDP connections
27
DNS requests
76
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3460 firefox.exe GET 200 2.16.186.50:80 http://detectportal.firefox.com/success.txt unknown
text
whitelisted
3460 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3460 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3460 firefox.exe POST 200 216.58.210.14:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3460 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted
3460 firefox.exe POST 200 216.58.210.14:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3460 firefox.exe POST 200 216.58.210.14:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3460 firefox.exe POST 200 216.58.210.14:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3460 firefox.exe POST 200 216.58.210.14:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3460 firefox.exe POST 200 216.58.210.14:80 http://ocsp.pki.goog/GTSGIAG3 US
binary
der
whitelisted
3460 firefox.exe POST 200 93.184.220.29:80 http://ocsp.digicert.com/ US
binary
der
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
764 rufus-3.3.exe 185.199.108.153:443 GitHub, Inc. NL shared
3460 firefox.exe 2.16.186.50:80 Akamai International B.V. –– whitelisted
3460 firefox.exe 34.216.89.123:443 Amazon.com, Inc. US unknown
3460 firefox.exe 34.209.108.219:443 Amazon.com, Inc. US unknown
3460 firefox.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3460 firefox.exe 52.222.173.79:443 Amazon.com, Inc. US unknown
3460 firefox.exe 34.252.164.43:443 Amazon.com, Inc. IE unknown
3460 firefox.exe 172.217.21.202:443 Google Inc. US whitelisted
3460 firefox.exe 216.58.210.14:80 Google Inc. US whitelisted
3460 firefox.exe 54.187.144.104:443 Amazon.com, Inc. US unknown
3460 firefox.exe 52.222.161.21:443 Amazon.com, Inc. US unknown
3460 firefox.exe 216.58.207.68:443 Google Inc. US whitelisted
3460 firefox.exe 216.58.208.35:443 Google Inc. US whitelisted
3460 firefox.exe 172.217.21.227:443 Google Inc. US whitelisted
3460 firefox.exe 216.58.210.14:443 Google Inc. US whitelisted
3460 firefox.exe 172.217.18.99:443 Google Inc. US whitelisted
3460 firefox.exe 172.217.16.206:443 Google Inc. US whitelisted
3460 firefox.exe 172.217.18.2:443 Google Inc. US whitelisted
3460 firefox.exe 52.37.35.5:443 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
rufus.ie 185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153
malicious
detectportal.firefox.com 2.16.186.50
2.16.186.112
whitelisted
a1089.dscd.akamai.net 2.16.186.112
2.16.186.50
whitelisted
search.services.mozilla.com 34.216.89.123
52.27.184.151
52.89.32.107
whitelisted
search.r53-2.services.mozilla.com 52.89.32.107
52.27.184.151
34.216.89.123
whitelisted
tiles.services.mozilla.com 34.209.108.219
52.25.70.97
35.166.45.24
52.34.107.172
52.10.130.148
34.215.13.51
34.216.156.21
34.208.7.98
whitelisted
tiles.r53-2.services.mozilla.com 34.208.7.98
34.216.156.21
34.215.13.51
52.10.130.148
52.34.107.172
35.166.45.24
52.25.70.97
34.209.108.219
whitelisted
ocsp.digicert.com 93.184.220.29
whitelisted
cs9.wac.phicdn.net 93.184.220.29
whitelisted
snippets.cdn.mozilla.net 52.222.173.79
whitelisted
drcwo519tnci7.cloudfront.net 52.222.173.79
whitelisted
location.services.mozilla.com 34.252.164.43
34.251.59.153
34.255.82.141
whitelisted
locprod1-elb-eu-west-1.prod.mozaws.net 34.255.82.141
34.251.59.153
34.252.164.43
whitelisted
safebrowsing.googleapis.com 172.217.21.202
whitelisted
ocsp.pki.goog 216.58.210.14
whitelisted
www3.l.google.com 216.58.210.14
whitelisted
www.facebook.com 31.13.90.36
whitelisted
www.youtube.com 216.58.208.46
172.217.16.142
172.217.22.46
172.217.22.78
172.217.22.110
216.58.210.14
172.217.18.110
172.217.23.174
172.217.21.238
172.217.22.14
216.58.205.238
172.217.18.174
172.217.23.142
216.58.206.14
216.58.207.78
whitelisted
star-mini.c10r.facebook.com 31.13.90.36
whitelisted
www.amazon.de 52.222.166.211
whitelisted
youtube-ui.l.google.com 216.58.207.78
216.58.206.14
172.217.23.142
172.217.18.174
216.58.205.238
172.217.22.14
172.217.21.238
172.217.23.174
172.217.18.110
216.58.210.14
172.217.22.110
172.217.22.78
172.217.22.46
172.217.16.142
216.58.208.46
whitelisted
djvbdz1obemzo.cloudfront.net 52.222.166.211
unknown
www.ebay.de 2.18.234.244
unknown
www.wikipedia.org 91.198.174.192
whitelisted
www.reddit.com 151.101.1.140
151.101.65.140
151.101.129.140
151.101.193.140
whitelisted
reddit.map.fastly.net 151.101.193.140
151.101.129.140
151.101.65.140
151.101.1.140
whitelisted
e11847.g.akamaiedge.net 2.18.234.244
unknown
www.mozilla.org 104.16.40.2
104.16.41.2
whitelisted
www.mozilla.org.cdn.cloudflare.net 104.16.41.2
104.16.40.2
whitelisted
shavar.services.mozilla.com 54.187.144.104
52.34.90.23
54.200.76.177
52.89.170.53
34.211.202.13
52.33.113.226
whitelisted
shavar.prod.mozaws.net 52.33.113.226
34.211.202.13
52.89.170.53
54.200.76.177
52.34.90.23
54.187.144.104
whitelisted
tracking-protection.cdn.mozilla.net 52.222.161.21
52.222.161.100
52.222.161.155
52.222.161.24
whitelisted
d1zkz3k4cclnv6.cloudfront.net No response whitelisted
www.google.com 216.58.207.68
whitelisted
ssl.gstatic.com 172.217.21.227
whitelisted
www.gstatic.com 216.58.208.35
whitelisted
consent.google.com 216.58.210.14
whitelisted
www.google.no 172.217.18.99
whitelisted
apis.google.com 172.217.16.206
whitelisted
plus.l.google.com 172.217.16.206
whitelisted
pagead46.l.doubleclick.net 172.217.18.2
whitelisted
adservice.google.com 172.217.18.2
whitelisted
aus5.mozilla.org 52.37.35.5
35.164.82.230
54.186.118.41
34.218.159.169
52.32.77.100
54.148.138.18
54.149.111.157
52.43.79.30
whitelisted
balrog-aus5.r53-2.services.mozilla.com 52.43.79.30
54.149.111.157
54.148.138.18
52.32.77.100
34.218.159.169
54.186.118.41
35.164.82.230
52.37.35.5
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***
rufus-3.3.exe *** Rufus exit ***