File name:

WaterfoxSetupG6.0.16.exe

Full analysis: https://app.any.run/tasks/c8338be6-6078-4ad1-bb99-a6f030773fc6
Verdict: Malicious activity
Analysis date: June 12, 2024, 19:50:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

7132BB6283F26CBE4FD1E47229131E42

SHA1:

515066D71BFC2A756938EC2545B520C46D86C6FF

SHA256:

AE71F3D5440BAE29A4590E99270E230042D8CEDC9734AEFF7E38CE8F57D21283

SSDEEP:

786432:c7UydvYFY/UW++mTNLPS8vJNBQvqnKHErxNUDO0:cjdvzsNhj/BKqnKkrx+O0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)
      • waterfox.exe (PID: 1100)

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 3528)

    • Steals credentials from Web Browsers

      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 1100)

    • Actions looks like stealing of personal data

      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 1100)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)
      • waterfox.exe (PID: 1100)

    • Process drops legitimate windows executable

      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 3528)

    • The process drops C-runtime libraries

      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 3528)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)
      • waterfox.exe (PID: 1100)
      • TextInputHost.exe (PID: 7116)

    • Application launched itself

      • setup.exe (PID: 624)
      • waterfox.exe (PID: 5036)
      • waterfox.exe (PID: 4852)
      • waterfox.exe (PID: 1100)

    • Reads the date of Windows installation

      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 3820)

    • Searches for installed software

      • setup.exe (PID: 3528)

    • Creates a software uninstall entry

      • setup.exe (PID: 3528)

  • INFO

    • Checks supported languages

      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 624)
      • setup.exe (PID: 3528)
      • default-browser-agent.exe (PID: 896)
      • waterfox.exe (PID: 5036)
      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 4852)
      • waterfox.exe (PID: 1100)
      • waterfox.exe (PID: 4424)
      • waterfox.exe (PID: 5548)
      • waterfox.exe (PID: 5524)
      • waterfox.exe (PID: 472)
      • waterfox.exe (PID: 6156)
      • waterfox.exe (PID: 6292)
      • waterfox.exe (PID: 6364)
      • waterfox.exe (PID: 928)
      • waterfox.exe (PID: 6840)
      • waterfox.exe (PID: 6860)
      • TextInputHost.exe (PID: 7116)
      • default-browser-agent.exe (PID: 2288)
      • default-browser-agent.exe (PID: 5180)
      • waterfox.exe (PID: 6852)

    • Create files in a temporary directory

      • setup.exe (PID: 624)
      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 3528)
      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 1100)

    • Reads the computer name

      • setup.exe (PID: 624)
      • WaterfoxSetupG6.0.16.exe (PID: 2128)
      • setup.exe (PID: 3528)
      • default-browser-agent.exe (PID: 896)
      • waterfox.exe (PID: 1100)
      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 6156)
      • waterfox.exe (PID: 928)
      • waterfox.exe (PID: 4424)
      • waterfox.exe (PID: 5524)
      • waterfox.exe (PID: 5548)
      • waterfox.exe (PID: 472)
      • waterfox.exe (PID: 6292)
      • waterfox.exe (PID: 6364)
      • waterfox.exe (PID: 6840)
      • waterfox.exe (PID: 6852)
      • waterfox.exe (PID: 6860)
      • TextInputHost.exe (PID: 7116)

    • Process checks whether UAC notifications are on

      • setup.exe (PID: 624)
      • waterfox.exe (PID: 5228)

    • Process checks computer location settings

      • setup.exe (PID: 624)
      • waterfox.exe (PID: 1100)
      • waterfox.exe (PID: 5524)
      • waterfox.exe (PID: 6292)

    • Creates files in the program directory

      • setup.exe (PID: 3528)
      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 1100)

    • Reads CPU info

      • waterfox.exe (PID: 5228)
      • waterfox.exe (PID: 1100)

    • Creates files or folders in the user directory

      • setup.exe (PID: 3528)
      • waterfox.exe (PID: 1100)

    • Checks proxy server information

      • waterfox.exe (PID: 1100)

    • Reads Microsoft Office registry keys

      • waterfox.exe (PID: 1100)

    • Reads the machine GUID from the registry

      • waterfox.exe (PID: 1100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:08:30 22:18:33+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 69632
InitializedDataSize: 184320
UninitializedDataSize: 266240
EntryPoint: 0x51ef0
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 18.5.0.0
ProductVersionNumber: 18.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Waterfox Limited
FileDescription: Waterfox
FileVersion: 18.05
InternalName: 7zS.sfx
LegalCopyright: Waterfox Limited
OriginalFileName: 7zS.sfx.exe
ProductName: Waterfox
ProductVersion: 18.05
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
23
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start waterfoxsetupg6.0.16.exe setup.exe setup.exe regsvr32.exe no specs default-browser-agent.exe no specs waterfox.exe no specs waterfox.exe waterfox.exe no specs waterfox.exe waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs waterfox.exe no specs textinputhost.exe no specs default-browser-agent.exe no specs default-browser-agent.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472"C:\Program Files\Waterfox\waterfox.exe" -contentproc --channel="1100.4.408391901\1157548158" -childID 3 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 21817 -prefMapSize 269147 -jsInitHandle 1264 -jsInitLen 240916 -parentBuildID 20240611200000 -win32kLockedDown -appDir "C:\Program Files\Waterfox\browser" - {e7dae755-0e25-4cda-bdeb-82514b2c8822} 1100 tabC:\Program Files\Waterfox\waterfox.exewaterfox.exe
User:
admin
Company:
BrowserWorks Ltd
Integrity Level:
LOW
Description:
Waterfox
Exit code:
0
Version:
115.13.0
Modules
Images
c:\program files\waterfox\waterfox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\waterfox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
624.\setup.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\setup.exe
WaterfoxSetupG6.0.16.exe
User:
admin
Company:
Waterfox Limited
Integrity Level:
MEDIUM
Description:
Waterfox Installer
Exit code:
0
Version:
115.13.0
Modules
Images
c:\users\admin\appdata\local\temp\7zs0589ced1\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
896"C:\Program Files\Waterfox\default-browser-agent.exe" register-task 6F940AC27A98DD61C:\Program Files\Waterfox\default-browser-agent.exesetup.exe
User:
admin
Company:
Mozilla Foundation
Integrity Level:
HIGH
Description:
Waterfox Default Browser Agent
Exit code:
0
Version:
115.13.0
Modules
Images
c:\program files\waterfox\default-browser-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
928"C:\Program Files\Waterfox\waterfox.exe" -contentproc --channel="1100.1.1154336167\785120645" -parentBuildID 20240611200000 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 20241 -prefMapSize 269147 -win32kLockedDown -appDir "C:\Program Files\Waterfox\browser" - {32da9fa9-00f4-491d-a1a5-cb2e02713d24} 1100 socketC:\Program Files\Waterfox\waterfox.exewaterfox.exe
User:
admin
Company:
BrowserWorks Ltd
Integrity Level:
LOW
Description:
Waterfox
Exit code:
0
Version:
115.13.0
Modules
Images
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
1100"C:\Program Files\Waterfox\waterfox.exe" -first-startupC:\Program Files\Waterfox\waterfox.exe
waterfox.exe
User:
admin
Company:
BrowserWorks Ltd
Integrity Level:
MEDIUM
Description:
Waterfox
Exit code:
0
Version:
115.13.0
Modules
Images
c:\program files\waterfox\waterfox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\waterfox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
2128"C:\Users\admin\Desktop\WaterfoxSetupG6.0.16.exe" C:\Users\admin\Desktop\WaterfoxSetupG6.0.16.exe
explorer.exe
User:
admin
Company:
Waterfox Limited
Integrity Level:
MEDIUM
Description:
Waterfox
Exit code:
0
Version:
18.05
Modules
Images
c:\users\admin\desktop\waterfoxsetupg6.0.16.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2288"C:\Program Files\Waterfox\default-browser-agent.exe" set-default-browser-user-choice 6F940AC27A98DD61C:\Program Files\Waterfox\default-browser-agent.exewaterfox.exe
User:
admin
Company:
Mozilla Foundation
Integrity Level:
MEDIUM
Description:
Waterfox Default Browser Agent
Exit code:
0
Version:
115.13.0
3528"C:\Users\admin\AppData\Local\Temp\7zS0589CED1\setup.exe" /UAC:60116 /NCRCC:\Users\admin\AppData\Local\Temp\7zS0589CED1\setup.exe
setup.exe
User:
admin
Company:
Waterfox Limited
Integrity Level:
HIGH
Description:
Waterfox Installer
Exit code:
0
Version:
115.13.0
Modules
Images
c:\users\admin\appdata\local\temp\7zs0589ced1\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
3820"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Waterfox\AccessibleMarshal.dll"C:\Windows\System32\regsvr32.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4424"C:\Program Files\Waterfox\waterfox.exe" -contentproc --channel="1100.0.475961031\195437687" -parentBuildID 20240611200000 -prefsHandle 1992 -prefMapHandle 1972 -prefsLen 20241 -prefMapSize 269147 -appDir "C:\Program Files\Waterfox\browser" - {5eafebfc-a317-4377-91bd-de71503379c7} 1100 gpuC:\Program Files\Waterfox\waterfox.exewaterfox.exe
User:
admin
Company:
BrowserWorks Ltd
Integrity Level:
LOW
Description:
Waterfox
Exit code:
1
Version:
115.13.0
Modules
Images
c:\program files\waterfox\waterfox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\waterfox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
Total events
20 290
Read events
20 129
Write events
142
Delete events
19

Modification events

(PID) Process:(3528) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3528) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3528) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3528) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3528) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WaterfoxLimited
Operation:writeName:WaterfoxInstallerTest
Value:
Write Test
(PID) Process:(3528) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WaterfoxLimited
Operation:delete valueName:WaterfoxInstallerTest
Value:
Write Test
(PID) Process:(3528) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WaterfoxLimited\Waterfox\TaskBarIDs
Operation:writeName:C:\Program Files\Waterfox
Value:
6F940AC27A98DD61
(PID) Process:(3820) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(3528) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules
Operation:writeName:C:\Program Files\Waterfox\mozwer.dll
Value:
0
(PID) Process:(3528) setup.exeKey:HKEY_CLASSES_ROOT\WaterfoxPDF-6F940AC27A98DD61
Operation:writeName:FriendlyTypeName
Value:
Waterfox PDF Document
Executable files
114
Suspicious files
224
Text files
85
Unknown types
17

Dropped files

PID
Process
Filename
Type
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:1FF81A0B98C42908AD1BBB061744314B
SHA256:51AA0FFF36B6AE6A0C24809DC1A1AE63B8B777D5E65A39F21C8016785516F2A0
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-core-processthreads-l1-1-1.dllexecutable
MD5:A89E56876C3A3A4B30DAA9DF9CC733F1
SHA256:FB277D3C9E77E7D6CD349B02609FB8B8CD1BDB6415A710CD721B8622991BF5D8
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\AccessibleMarshal.dllexecutable
MD5:BDC8DC5C412FA84BB4E2A880C2935E5C
SHA256:B930800872B0E58DF8D493955D2871568A9FE8C75E1A753FC221A95005FD2CCF
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-core-timezone-l1-1-0.dllexecutable
MD5:F800BFE27918BFE1FD41AA5E35D33477
SHA256:E7E83B8F9311778EA94BAED8AAAD4ECCACB8432BA0CF677E33AC67055A1379D0
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-core-file-l2-1-0.dllexecutable
MD5:83F2AE4CFC6C2BA0D1AC6433E49AB2D1
SHA256:87AD4E5E38CA6C43F44324F7417C0A298387E3E9523515B5EEF0668D7CEA5F93
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-crt-conio-l1-1-0.dllexecutable
MD5:59652C2AD82F3F3D786FD497CF4A92A0
SHA256:27F75A680D3898337DCAB5DC992828AE4AE00B9118D6A8A0C6307AB195646AD4
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:06DB0DE8776F0D71A3ACD709016636DC
SHA256:BFB30D809BE29C88A2FE140C4DCA694C2DCE688C0F0C1D2251078634C34A998B
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-crt-convert-l1-1-0.dllexecutable
MD5:D6AA6FDCEE1CE01AA312C05B788B2199
SHA256:D96E1AC4117BC09172F046DBACBA8C7AFDB69533A77832096016EBEBECF6BDC7
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-core-synch-l1-2-0.dllexecutable
MD5:37E3D70EDF008649EE412929346F8638
SHA256:B82DFB289B6EAC9B17BE72E8F82A24DE7D0AA6E0B874FB7A1E86CA99632CAEE5
2128WaterfoxSetupG6.0.16.exeC:\Users\admin\AppData\Local\Temp\7zS0589CED1\core\api-ms-win-crt-filesystem-l1-1-0.dllexecutable
MD5:D667013E2A92EE94B1B125BE541F578A
SHA256:6E6334B1DCB51D9E4D4512479E86DEAF9BB17EBB3EA7B05998E0071802CBB7F0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
65
DNS requests
62
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4944
RUXIMICS.exe
GET
88.221.125.143:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
2.16.164.99:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
88.221.125.143:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
unknown
1100
waterfox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5140
MoUsoCoreWorker.exe
2.16.164.99:80
crl.microsoft.com
Akamai International B.V.
NL
unknown
4
System
192.168.100.255:138
whitelisted
5140
MoUsoCoreWorker.exe
88.221.125.143:80
www.microsoft.com
AKAMAI-AS
DE
unknown
4
System
192.168.100.255:137
whitelisted
4944
RUXIMICS.exe
88.221.125.143:80
www.microsoft.com
AKAMAI-AS
DE
unknown
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5456
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4944
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1100
waterfox.exe
172.64.42.2:443
dooh.cloudflare-dns.com
CLOUDFLARENET
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.164.99
  • 2.16.164.114
  • 2.16.164.32
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 88.221.125.143
whitelisted
dooh.cloudflare-dns.com
  • 172.64.42.2
  • 162.159.62.2
  • 2a06:98c1:53::2
  • 2803:f800:54::2
unknown
location.services.mozilla.com
  • 34.214.162.142
  • 35.162.46.230
  • 35.82.88.205
whitelisted
locprod2-elb-us-west-2.prod.mozaws.net
  • 35.82.88.205
  • 34.214.162.142
  • 35.162.46.230
whitelisted
www.bing.com
  • 2.23.209.189
  • 2.23.209.179
  • 2.23.209.181
  • 2.23.209.182
  • 2.23.209.193
  • 2.23.209.187
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.185
  • 2.23.209.140
  • 2.23.209.135
  • 2.23.209.148
  • 2.23.209.150
  • 2.23.209.160
  • 2.23.209.176
  • 2.23.209.183
  • 2.23.209.158
whitelisted
r.bing.com
  • 2.23.209.189
  • 2.23.209.182
  • 2.23.209.179
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.193
  • 2.23.209.130
  • 2.23.209.185
  • 2.23.209.181
whitelisted
www.waterfox.net
  • 172.67.43.192
  • 104.22.38.229
  • 104.22.39.229
  • 2606:4700:10::6816:26e5
  • 2606:4700:10::ac43:2bc0
  • 2606:4700:10::6816:27e5
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted

Threats

PID
Process
Class
Message
1100
waterfox.exe
Misc activity
ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WaterfoxSetupG6.0.16.exe