File name:

floorp-win64.installer.exe

Full analysis: https://app.any.run/tasks/f79a2a0b-da17-46fc-bcb0-e711a05c2c1c
Verdict: Malicious activity
Analysis date: August 27, 2024, 09:00:49
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

ACC83817AE10F42F0365FA102FED0BEF

SHA1:

D6F59DBE8CCE461A5BAE436CFC1707FA8CEAB589

SHA256:

E78D61F26E7594B4BBBD544B897CA6C9F489F8AA908A34DAC6967A5BA9781F7A

SSDEEP:

786432:NfbwX3IQnw9MBS/JXF+fUIUl0Cap2kj4HVyXOMnjjSwi:NDY3Iyw9M4/JYMIU6Ca8Y4HVyXOMjj4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • setup.exe (PID: 4040)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4040)

    • Executable content was dropped or overwritten

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4436)
      • setup.exe (PID: 4040)
      • floorp.exe (PID: 3208)

    • The process drops C-runtime libraries

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4040)

    • Drops the executable file immediately after the start

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4436)
      • setup.exe (PID: 4040)
      • floorp.exe (PID: 3208)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 4436)
      • setup.exe (PID: 4040)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • setup.exe (PID: 4436)
      • setup.exe (PID: 4040)

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 4040)
      • setup.exe (PID: 4436)
      • floorp.exe (PID: 3208)

    • Reads the date of Windows installation

      • setup.exe (PID: 4436)

    • Application launched itself

      • setup.exe (PID: 4436)
      • floorp.exe (PID: 4576)
      • floorp.exe (PID: 2820)
      • floorp.exe (PID: 6988)
      • floorp.exe (PID: 3208)

    • Creates a software uninstall entry

      • setup.exe (PID: 4040)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1116)

    • Searches for installed software

      • setup.exe (PID: 4040)

  • INFO

    • Reads the computer name

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4040)
      • setup.exe (PID: 4436)
      • floorp.exe (PID: 6756)
      • floorp.exe (PID: 1288)
      • floorp.exe (PID: 3208)
      • floorp.exe (PID: 736)
      • floorp.exe (PID: 2464)
      • floorp.exe (PID: 6868)
      • floorp.exe (PID: 3040)
      • floorp.exe (PID: 4160)
      • floorp.exe (PID: 1556)
      • floorp.exe (PID: 3176)
      • floorp.exe (PID: 6540)
      • floorp.exe (PID: 6684)
      • floorp.exe (PID: 5492)
      • floorp.exe (PID: 448)
      • floorp.exe (PID: 6552)
      • floorp.exe (PID: 6404)

    • Checks supported languages

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4436)
      • setup.exe (PID: 4040)
      • default-browser-agent.exe (PID: 2368)
      • floorp.exe (PID: 4576)
      • floorp.exe (PID: 6756)
      • floorp.exe (PID: 2820)
      • floorp.exe (PID: 1288)
      • floorp.exe (PID: 6988)
      • floorp.exe (PID: 736)
      • floorp.exe (PID: 2464)
      • floorp.exe (PID: 6868)
      • floorp.exe (PID: 3208)
      • floorp.exe (PID: 3040)
      • floorp.exe (PID: 5492)
      • floorp.exe (PID: 3176)
      • floorp.exe (PID: 6540)
      • floorp.exe (PID: 6684)
      • floorp.exe (PID: 6404)
      • floorp.exe (PID: 448)
      • floorp.exe (PID: 4160)
      • floorp.exe (PID: 1556)
      • floorp.exe (PID: 6552)

    • Create files in a temporary directory

      • floorp-win64.installer.exe (PID: 6272)
      • setup.exe (PID: 4436)
      • setup.exe (PID: 4040)
      • floorp.exe (PID: 1288)
      • floorp.exe (PID: 3208)

    • Process checks whether UAC notifications are on

      • setup.exe (PID: 4436)
      • floorp.exe (PID: 6756)
      • floorp.exe (PID: 1288)

    • Process checks computer location settings

      • setup.exe (PID: 4436)
      • floorp.exe (PID: 3208)

    • Creates files in the program directory

      • setup.exe (PID: 4040)
      • floorp.exe (PID: 1288)
      • floorp.exe (PID: 3208)

    • Reads CPU info

      • floorp.exe (PID: 6756)
      • floorp.exe (PID: 1288)
      • floorp.exe (PID: 3208)
      • floorp.exe (PID: 5492)

    • Creates files or folders in the user directory

      • floorp.exe (PID: 6756)
      • floorp.exe (PID: 3208)

    • Checks proxy server information

      • setup.exe (PID: 4040)
      • floorp.exe (PID: 3208)

    • Reads Microsoft Office registry keys

      • setup.exe (PID: 4040)
      • floorp.exe (PID: 3208)

    • Reads the machine GUID from the registry

      • floorp.exe (PID: 3208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:08:30 22:18:33+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 108032
InitializedDataSize: 98304
UninitializedDataSize: -
EntryPoint: 0x19fa6
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 18.5.0.0
ProductVersionNumber: 18.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Ablaze
FileDescription: Floorp
FileVersion: 18.05
InternalName: 7zS.sfx
LegalCopyright: Ablaze
OriginalFileName: 7zS.sfx.exe
ProductName: Floorp
ProductVersion: 18.05
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
136
Monitored processes
24
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start floorp-win64.installer.exe setup.exe setup.exe regsvr32.exe no specs default-browser-agent.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs floorp.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
448"C:\Program Files\Ablaze Floorp\floorp.exe" -contentproc --channel=5668 -childID 9 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 31220 -prefMapSize 260351 -jsInitHandle 1328 -jsInitLen 234780 -parentBuildID 20240823111056 -win32kLockedDown -appDir "C:\Program Files\Ablaze Floorp\browser" - {3a685ecb-0e45-43c5-b35a-5c796c6a5fce} 3208 tabC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Floorp
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
736"C:\Program Files\Ablaze Floorp\floorp.exe" -contentproc --channel=1984 -parentBuildID 20240823111056 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 22456 -prefMapSize 260351 -appDir "C:\Program Files\Ablaze Floorp\browser" - {91eda170-5e0b-4f4f-9657-7c35f42460d7} 3208 gpuC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Floorp
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
1116"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Ablaze Floorp\AccessibleMarshal.dll"C:\Windows\System32\regsvr32.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1288"C:\Program Files\Ablaze Floorp\floorp.exe" --backgroundtask installC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Floorp
Exit code:
0
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
1556"C:\Program Files\Ablaze Floorp\floorp.exe" -contentproc --channel=3320 -childID 3 -isForBrowser -prefsHandle 4316 -prefMapHandle 4320 -prefsLen 24937 -prefMapSize 260351 -jsInitHandle 1328 -jsInitLen 234780 -parentBuildID 20240823111056 -win32kLockedDown -appDir "C:\Program Files\Ablaze Floorp\browser" - {bc84c53f-5449-4d9c-b888-feec58f6b679} 3208 tabC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Floorp
Exit code:
0
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
2368"C:\Program Files\Ablaze Floorp\default-browser-agent.exe" register-task 22EB8429C9C8096CC:\Program Files\Ablaze Floorp\default-browser-agent.exesetup.exe
User:
admin
Company:
Mozilla Foundation
Integrity Level:
HIGH
Exit code:
0
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\default-browser-agent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2464"C:\Program Files\Ablaze Floorp\floorp.exe" -contentproc --channel=2320 -parentBuildID 20240823111056 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 22456 -prefMapSize 260351 -win32kLockedDown -appDir "C:\Program Files\Ablaze Floorp\browser" - {921990ed-0627-47f5-a790-798b1c1d4473} 3208 socketC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Floorp
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
2820"C:\Program Files\Ablaze Floorp\floorp.exe" --backgroundtask installC:\Program Files\Ablaze Floorp\floorp.exesetup.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
HIGH
Description:
Floorp
Exit code:
0
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\msvcp140.dll
c:\program files\ablaze floorp\vcruntime140.dll
c:\program files\ablaze floorp\vcruntime140_1.dll
c:\program files\ablaze floorp\mozglue.dll
3040"C:\Program Files\Ablaze Floorp\floorp.exe" -contentproc --channel=4000 -parentBuildID 20240823111056 -prefsHandle 3964 -prefMapHandle 3924 -prefsLen 25613 -prefMapSize 260351 -appDir "C:\Program Files\Ablaze Floorp\browser" - {c122d4ce-d32e-4b50-9cbd-b135f02e8212} 3208 rddC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Floorp
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
3176"C:\Program Files\Ablaze Floorp\floorp.exe" -contentproc --channel=4572 -childID 4 -isForBrowser -prefsHandle 3392 -prefMapHandle 3404 -prefsLen 25419 -prefMapSize 260351 -jsInitHandle 1328 -jsInitLen 234780 -parentBuildID 20240823111056 -win32kLockedDown -appDir "C:\Program Files\Ablaze Floorp\browser" - {6a429da5-aa77-43ca-8451-4782fde4e4d2} 3208 tabC:\Program Files\Ablaze Floorp\floorp.exefloorp.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Floorp
Version:
128.2.0
Modules
Images
c:\program files\ablaze floorp\floorp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\ablaze floorp\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
Total events
30 067
Read events
29 909
Write events
142
Delete events
16

Modification events

(PID) Process:(4040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4040) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(4040) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
Operation:writeName:C:\Program Files\Ablaze Floorp
Value:
22EB8429C9C8096C
(PID) Process:(1116) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(4040) setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules
Operation:writeName:C:\Program Files\Ablaze Floorp\mozwer.dll
Value:
0
(PID) Process:(4040) setup.exeKey:HKEY_CLASSES_ROOT\FirefoxPDF-22EB8429C9C8096C
Operation:writeName:FriendlyTypeName
Value:
Firefox PDF Document
(PID) Process:(4040) setup.exeKey:HKEY_CLASSES_ROOT\FirefoxPDF-22EB8429C9C8096C
Operation:delete valueName:EditFlags
Value:
(PID) Process:(4040) setup.exeKey:HKEY_CLASSES_ROOT\FirefoxPDF-22EB8429C9C8096C
Operation:writeName:EditFlags
Value:
2
Executable files
72
Suspicious files
1 729
Text files
134
Unknown types
56

Dropped files

PID
Process
Filename
Type
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\omni.ja
MD5:
SHA256:
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\AccessibleMarshal.dllexecutable
MD5:CC485233A1ED352D5AA9917416529C47
SHA256:6C5DDC90AFD418CCF4386238867ED940479E4F5EEB2AAF0DF3ADECBD93526D42
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\application.initext
MD5:DCCDC0A478127CBD1A1CCD6102DD6AE2
SHA256:BE65FF72E8487E306C6B5246EBDBC7974D4A23235864C72C23AFC25F9B67C1D1
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\webcompat-reporter@mozilla.org.xpicompressed
MD5:DC2EAE2C2DDBAB4E05CE85455988CF0E
SHA256:7E682A571218917CE54BDEA48C22E1DC721E7C8565EBEF3922FDE46D6A9EE7E2
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\floorp-system@floorp.ablaze.one.xpicompressed
MD5:F526507F6E0C17CF2F0CE0B4FFED1D4E
SHA256:FF9A3C44C7CB3DF8C7B8F81A83FB9D9F167A791907A179FA91AB430EBC17F449
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\floorp-actions@floorp.ablaze.one.xpicompressed
MD5:DFE1E6223F758E758DBBD11C2F3FBB46
SHA256:0143C4DF044D100B004D19FE56B82B0D970A0F650752B7ABC0C4D9F0DF01981D
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\webcompat@mozilla.org.xpicompressed
MD5:3DFA023C2EA8D2A4848EEC2E4B0578A9
SHA256:65AA13BD4AEAEA8981C38FF269F0A9705B15C3A16B35EE4C11D6F1BC1F992866
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\paxmod@numirias.xpicompressed
MD5:614D2FB908F5DEE4B59A0C57CF3ED618
SHA256:2A2E1C945C6DB59180E25884749330A14F626B19F49E18AC42E93E5338BB77DC
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\official-site-ua@floorp.ablaze.one.xpicompressed
MD5:5D7E5FEDBBF3A01757C2D3F39895E4E5
SHA256:915A765763B12F7E24880D96F59C6E6B42DA53ECF0604985689EFC5E7F72485B
6272floorp-win64.installer.exeC:\Users\admin\AppData\Local\Temp\7zS08812003\core\browser\features\screenshots@mozilla.org.xpicompressed
MD5:BAD91C6C2389C1C3DBE8476E0E8436F4
SHA256:8F865308D8F81C221ED2835653378AC1DBABB1FC15C63ACB93E10097A3F84EFF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
398
TCP/UDP connections
121
DNS requests
121
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
34.117.188.166:443
https://contile.services.mozilla.com/v1/tiles
unknown
GET
101
34.107.243.93:443
https://push.services.mozilla.com/
unknown
GET
301
142.250.181.228:443
https://www.google.com/s2/favicons?domain_url=https%3A%2F%2Fsupport.ablaze.one
unknown
html
339 b
GET
200
35.190.72.216:443
https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
unknown
binary
43 b
GET
200
34.149.100.209:443
https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=query-stripping&bucket=main&_expected=0
unknown
binary
241 b
GET
301
142.250.181.228:443
https://www.google.com/s2/favicons?domain_url=https%3A%2F%2Ftranslate.google.com
unknown
html
341 b
GET
301
142.250.181.228:443
https://www.google.com/s2/favicons?domain_url=https%3A%2F%2Fdocs.floorp.app
unknown
html
336 b
GET
200
202.172.26.250:443
https://floorp-update.ablaze.one/browser/latest.json
unknown
binary
823 b
GET
200
34.149.100.209:443
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1694689843914
unknown
binary
1.97 Kb
GET
200
188.114.96.3:443
https://docs.ablaze.one/floorp_privacy_policy/
unknown
html
6.88 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
3208
floorp.exe
35.190.72.216:443
location.services.mozilla.com
GOOGLE
US
whitelisted
3208
floorp.exe
34.149.100.209:443
firefox.settings.services.mozilla.com
GOOGLE
US
whitelisted
3208
floorp.exe
173.194.219.99:443
www.google.com
GOOGLE
US
whitelisted
3208
floorp.exe
202.172.26.250:443
floorp-update.ablaze.one
DigiRock, Inc.
JP
whitelisted
3208
floorp.exe
188.114.96.3:443
docs.ablaze.one
CLOUDFLARENET
NL
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
location.services.mozilla.com
  • 35.190.72.216
whitelisted
prod.classify-client.prod.webservices.mozgcp.net
  • 35.190.72.216
unknown
firefox.settings.services.mozilla.com
  • 34.149.100.209
whitelisted
prod.remote-settings.prod.webservices.mozgcp.net
  • 34.149.100.209
whitelisted
www.google.com
  • 173.194.219.99
  • 173.194.219.106
  • 173.194.219.105
  • 173.194.219.103
  • 173.194.219.147
  • 173.194.219.104
  • 2a00:1450:4001:82f::2004
whitelisted
floorp-update.ablaze.one
  • 202.172.26.250
unknown
m33.coreserver.jp
  • 202.172.26.250
whitelisted
blog.ablaze.one
  • 202.172.26.250
unknown

Threats

PID
Process
Class
Message
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
2256
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
floorp-win64.installer.exe