URL:

https://adguardianplus.com/

Full analysis: https://app.any.run/tasks/2a5861cb-5187-42ea-9888-67d2d1b600ff
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 18, 2025, 20:07:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
quickdriverupdater
adware
loader
inno
installer
delphi
obfuscated-js
Indicators:
MD5:

3B06C8B6CC2AAB0DFDE902157AC07CF4

SHA1:

42DFE451355DDD6706DBF2DDFC78D62E05228F50

SHA256:

ED7F07EA2F595BD9AAD2315BE5D5495EF6CC249CA108C64A06768DA6DC135A6C

SSDEEP:

3:N8pxvfQMR:2TvfXR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • QUICKDRIVERUPDATER mutex has been found

      • AdGuardianPlus.tmp (PID: 4408)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • AdGuardianPlus.tmp (PID: 7224)
      • AdGuardianPlus.tmp (PID: 4408)
      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.exe (PID: 8860)

    • Reads the Windows owner or organization settings

      • AdGuardianPlus.tmp (PID: 4408)

    • Executable content was dropped or overwritten

      • AdGuardianPlus.exe (PID: 6740)
      • AdGuardianPlus.exe (PID: 1072)
      • AdGuardianPlus.tmp (PID: 4408)
      • cmd.exe (PID: 7704)
      • csc.exe (PID: 5360)
      • csc.exe (PID: 7676)
      • csc.exe (PID: 6324)

    • Uses TASKKILL.EXE to kill process

      • AdGuardianPlus.tmp (PID: 4408)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 5640)

    • Drops a system driver (possible attempt to evade defenses)

      • AdGuardianPlus.tmp (PID: 4408)
      • cmd.exe (PID: 7704)

    • Adds/modifies Windows certificates

      • AdGuardianPlus.exe (PID: 2240)

    • Process requests binary or script from the Internet

      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.exe (PID: 8860)
      • AdGuardianPlus.exe (PID: 7464)

    • Starts CMD.EXE for commands execution

      • AdGuardianPlus.tmp (PID: 4408)
      • cmd.exe (PID: 7704)

    • Executing commands from ".cmd" file

      • AdGuardianPlus.tmp (PID: 4408)

    • Executes as Windows Service

      • PresentationFontCache.exe (PID: 8992)
      • adguardianplusprotection.exe (PID: 8400)

    • Application launched itself

      • cmd.exe (PID: 7704)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 7420)
      • firefox.exe (PID: 7400)
      • msedge.exe (PID: 8236)
      • msedge.exe (PID: 9136)

    • Checks supported languages

      • AdGuardianPlus.exe (PID: 1072)
      • AdGuardianPlus.exe (PID: 6740)
      • AdGuardianPlus.tmp (PID: 4408)
      • adguardianplusprotection.exe (PID: 8608)
      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.tmp (PID: 7224)
      • AdGuardianPlus.exe (PID: 8860)

    • Create files in a temporary directory

      • AdGuardianPlus.exe (PID: 1072)
      • AdGuardianPlus.exe (PID: 6740)
      • AdGuardianPlus.tmp (PID: 4408)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 7420)
      • msedge.exe (PID: 8988)

    • Reads the computer name

      • AdGuardianPlus.tmp (PID: 7224)
      • AdGuardianPlus.tmp (PID: 4408)
      • adguardianplusprotection.exe (PID: 8608)
      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.exe (PID: 8860)

    • Process checks computer location settings

      • AdGuardianPlus.tmp (PID: 7224)
      • AdGuardianPlus.tmp (PID: 4408)

    • Creates files in the program directory

      • AdGuardianPlus.tmp (PID: 4408)
      • adguardianplusprotection.exe (PID: 8608)
      • AdGuardianPlus.exe (PID: 2240)

    • The sample compiled with english language support

      • AdGuardianPlus.tmp (PID: 4408)
      • cmd.exe (PID: 7704)
      • msedge.exe (PID: 8988)

    • Creates a software uninstall entry

      • AdGuardianPlus.tmp (PID: 4408)

    • Reads Environment values

      • adguardianplusprotection.exe (PID: 8608)
      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.exe (PID: 8860)

    • Reads the machine GUID from the registry

      • adguardianplusprotection.exe (PID: 8608)
      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.exe (PID: 8860)

    • Detects InnoSetup installer (YARA)

      • AdGuardianPlus.tmp (PID: 4408)

    • SQLite executable

      • AdGuardianPlus.tmp (PID: 4408)

    • Compiled with Borland Delphi (YARA)

      • AdGuardianPlus.tmp (PID: 4408)

    • Reads the software policy settings

      • AdGuardianPlus.exe (PID: 2240)
      • AdGuardianPlus.exe (PID: 8860)

    • Reads product name

      • AdGuardianPlus.exe (PID: 2240)

    • Checks proxy server information

      • AdGuardianPlus.exe (PID: 2240)

    • Creates files or folders in the user directory

      • AdGuardianPlus.exe (PID: 2240)

    • Disables trace logs

      • AdGuardianPlus.exe (PID: 2240)

    • Manual execution by a user

      • msedge.exe (PID: 9136)

    • Connects to unusual port

      • msedge.exe (PID: 7956)

    • Checks operating system version

      • cmd.exe (PID: 7704)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
243
Monitored processes
107
Malicious processes
3
Suspicious processes
5

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs slui.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs adguardianplus.exe adguardianplus.tmp no specs adguardianplus.exe #QUICKDRIVERUPDATER adguardianplus.tmp schtasks.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs adguardianplusprotection.exe no specs adguardianplus.exe adguardianplus.exe cmd.exe conhost.exe no specs adguardianplus.exe cmd.exe no specs reg.exe no specs find.exe no specs nfregdrv.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs presentationfontcache.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs adguardianplusprotection.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs csc.exe conhost.exe no specs msedge.exe no specs cvtres.exe no specs csc.exe conhost.exe no specs cvtres.exe no specs csc.exe conhost.exe no specs cvtres.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs certutil.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
744"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6696 --field-trial-handle=2428,i,15082879154361538682,422035638895896250,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6160 --field-trial-handle=2428,i,15082879154361538682,422035638895896250,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
904"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4728 -prefsLen 36588 -prefMapSize 244583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81b9036d-1918-42b0-aa6b-3a2148525cc0} 7420 "\\.\pipe\gecko-crash-server-pipe.7420" 2538245dd10 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5636 --field-trial-handle=2428,i,15082879154361538682,422035638895896250,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
924"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6876 --field-trial-handle=2428,i,15082879154361538682,422035638895896250,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5756 --field-trial-handle=2428,i,15082879154361538682,422035638895896250,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Users\admin\Downloads\AdGuardianPlus.exe" C:\Users\admin\Downloads\AdGuardianPlus.exe
firefox.exe
User:
admin
Company:
Bit Guardian
Integrity Level:
MEDIUM
Description:
Ad Guardian Plus Setup
Exit code:
1
Version:
1.0.0.22
Modules
Images
c:\users\admin\downloads\adguardianplus.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1132reg Query "HKLM\Hardware\Description\System\CentralProcessor\0" C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1184"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2428,i,15082879154361538682,422035638895896250,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348nfregdrv.exe nmanetfilterC:\Program Files\Ad Guardian Plus\nfregdrv.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\program files\ad guardian plus\nfregdrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
51 353
Read events
51 099
Write events
242
Delete events
12

Modification events

(PID) Process:(7420) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(7420) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Ad Guardian Plus
Value:
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Ad Guardian Plus
Value:
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Ad Guardian Plus_logon
Value:
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Ad Guardian Plus_logon
Value:
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bit Guardian\Ad Guardian Plus
Operation:writeName:PhNo
Value:
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bit Guardian\Ad Guardian Plus
Operation:writeName:IsPhnEnb
Value:
0
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bit Guardian\Ad Guardian Plus
Operation:writeName:affired
Value:
0
(PID) Process:(4408) AdGuardianPlus.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bit Guardian\Ad Guardian Plus
Operation:writeName:country
Value:
Executable files
111
Suspicious files
579
Text files
101
Unknown types
0

Dropped files

PID
Process
Filename
Type
7420firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.binbinary
MD5:C78F36BF78A74A5C37232FA18305FA6E
SHA256:319C730AC6614FDCE611894E281CBE1B5E1A304DCD812D6B642D3BE978E82EEC
7420firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.dbbinary
MD5:71A3F0080567A1FB307C59E424CF4B5F
SHA256:B211F77299FBF2744822B6BC0B19E215207047F1DCC2767C1858E14DEA4D0AB4
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7420firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2C99A16AED3906D92FFE3EF1808E2753
SHA256:08412578CC3BB4922388F8FF8C23962F616B69A1588DA720ADE429129C73C452
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
73
TCP/UDP connections
402
DNS requests
388
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7420
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
7420
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
7420
firefox.exe
POST
200
2.16.168.108:80
http://r11.o.lencr.org/
unknown
whitelisted
7420
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
7420
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/we2
unknown
whitelisted
7420
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/s/wr3/3H4
unknown
whitelisted
7420
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/we2
unknown
whitelisted
7420
firefox.exe
POST
200
2.16.168.119:80
http://r10.o.lencr.org/
unknown
whitelisted
7420
firefox.exe
POST
200
142.250.185.227:80
http://o.pki.goog/s/wr3/3H4
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.169:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7420
firefox.exe
154.27.69.113:443
adguardianplus.com
CLOUD-SOUTH
US
unknown
7420
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
7420
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
7420
firefox.exe
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.169
  • 23.48.23.177
  • 23.48.23.174
  • 23.48.23.173
  • 23.48.23.168
  • 23.48.23.179
  • 23.48.23.171
  • 23.48.23.175
  • 23.48.23.176
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
adguardianplus.com
  • 154.27.69.113
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
example.org
  • 96.7.128.186
  • 96.7.128.192
  • 23.215.0.133
  • 23.215.0.132
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7956
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Process
Message
adguardianplusprotection.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files\Ad Guardian Plus\x64\SQLite.Interop.dll"...
adguardianplusprotection.exe
NOT FOUND IN DB : IDS_ERRORMSG
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "canyoublockit.com"
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "canyoublockit.com"
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "http://googleads.g.doubleclick.net/pagead/html/r20250514/r20190131/zrt_lookup_fy2021.html"
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "canyoublockit.com"
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "canyoublockit.com"
adguardianplusprotection.exe
SQLite warning (28): double-quoted string literal: "
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://adguardianplus.com/