URL:

http://download.wavebrowser.co/?src=d-cp12177353273&ob=obgcobedobem&dvc=c&k=&crt=499772317102&adp=none&plc=www.freepik.es&tgt=boomuserlist::6552646826&sl=&cpd=12177353273&gclid=EAIaIQobChMI_rqVrpTP7wIVx77ACh3Tng8YEAEYASAAEgLG1fD_BwE&userid=ec6c42a4-f15b-4536-a30a-48d91461e0c0&tracking_id=nl3zh7vg&st=true

Full analysis: https://app.any.run/tasks/fe829bbc-44f0-4edd-b260-505147e5fa7e
Verdict: Malicious activity
Analysis date: March 27, 2021, 01:34:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

92FBC9A2054D0DADF7131558609E713D

SHA1:

47B661B40C34D59FC38BF91B8FB86579B7ACD90E

SHA256:

6BBCD5AE0D5B1B329517A2D3863D400B22A575131D81BD5973D1B1B4BCA8A207

SSDEEP:

6:Ca5VKSWeFKHbzYRt04mYhSLD06Cyd2buWyGJcqySSkmExLeMwzUsGo+OEzHA:RpKHbzScE6CyQbuWVCqy1Ex6Mwzjlw0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Wave Browser_nl3zh7vg_.exe (PID: 1912)
      • SWUpdater.exe (PID: 2584)
      • SWUpdater.exe (PID: 1464)
      • SWUpdater.exe (PID: 3816)
      • SWUpdater.exe (PID: 1684)
      • WaveBrowserSetup_opt.exe (PID: 3792)
      • SWUpdater.exe (PID: 3356)
      • setup.exe (PID: 1764)
      • setup.exe (PID: 4020)
      • setup.exe (PID: 952)
      • setup.exe (PID: 3120)
      • wavebrowser.exe (PID: 3752)
      • wavebrowser.exe (PID: 3852)
      • wavebrowser.exe (PID: 3292)
      • wavebrowser.exe (PID: 856)
      • wavebrowser.exe (PID: 2188)
      • wavebrowser.exe (PID: 3260)
      • wavebrowser.exe (PID: 3432)
      • SWUpdater.exe (PID: 2852)
      • wavebrowser.exe (PID: 664)
      • wavebrowser.exe (PID: 3196)
      • wavebrowser.exe (PID: 3268)
      • wavebrowser.exe (PID: 3496)
      • wavebrowser.exe (PID: 1016)
      • wavebrowser.exe (PID: 120)
      • wavebrowser.exe (PID: 2956)
      • wavebrowser.exe (PID: 608)
      • wavebrowser.exe (PID: 4080)
      • wavebrowser.exe (PID: 2684)
      • wavebrowser.exe (PID: 1212)
      • wavebrowser.exe (PID: 3212)
      • wavebrowser.exe (PID: 2364)
      • wavebrowser.exe (PID: 2960)
      • wavebrowser.exe (PID: 960)
      • wavebrowser.exe (PID: 1920)
      • wavebrowser.exe (PID: 3416)
      • wavebrowser.exe (PID: 2740)
      • wavebrowser.exe (PID: 2948)
      • wavebrowser.exe (PID: 3780)
      • wavebrowser.exe (PID: 1848)
      • wavebrowser.exe (PID: 2704)
      • wavebrowser.exe (PID: 2800)
      • wavebrowser.exe (PID: 1548)
      • wavebrowser.exe (PID: 3712)
      • wavebrowser.exe (PID: 1488)
      • wavebrowser.exe (PID: 2944)
      • wavebrowser.exe (PID: 2516)
      • wavebrowser.exe (PID: 712)
      • wavebrowser.exe (PID: 1756)
      • wavebrowser.exe (PID: 1900)
      • wavebrowser.exe (PID: 1804)
      • wavebrowser.exe (PID: 1740)

    • Loads the Task Scheduler COM API

      • SWUpdater.exe (PID: 2584)
      • setup.exe (PID: 1764)
      • wavebrowser.exe (PID: 3752)
      • wavebrowser.exe (PID: 1920)

    • Loads dropped or rewritten executable

      • Wave Browser_nl3zh7vg_.exe (PID: 1912)
      • SWUpdater.exe (PID: 2584)
      • SWUpdater.exe (PID: 3816)
      • SWUpdater.exe (PID: 1464)
      • SWUpdater.exe (PID: 1684)
      • SWUpdater.exe (PID: 3356)
      • WaveInstaller-v1.1.0.5.exe (PID: 2668)
      • SearchProtocolHost.exe (PID: 1520)
      • wavebrowser.exe (PID: 3752)
      • wavebrowser.exe (PID: 3852)
      • wavebrowser.exe (PID: 2188)
      • wavebrowser.exe (PID: 856)
      • wavebrowser.exe (PID: 3260)
      • wavebrowser.exe (PID: 3432)
      • wavebrowser.exe (PID: 664)
      • SWUpdater.exe (PID: 2852)
      • wavebrowser.exe (PID: 4080)
      • wavebrowser.exe (PID: 3196)
      • wavebrowser.exe (PID: 1016)
      • wavebrowser.exe (PID: 3496)
      • wavebrowser.exe (PID: 3268)
      • wavebrowser.exe (PID: 2956)
      • wavebrowser.exe (PID: 120)
      • wavebrowser.exe (PID: 1212)
      • wavebrowser.exe (PID: 2364)
      • wavebrowser.exe (PID: 3212)
      • wavebrowser.exe (PID: 2960)
      • wavebrowser.exe (PID: 960)
      • wavebrowser.exe (PID: 1920)
      • wavebrowser.exe (PID: 608)
      • wavebrowser.exe (PID: 3416)
      • wavebrowser.exe (PID: 2684)
      • wavebrowser.exe (PID: 3712)
      • wavebrowser.exe (PID: 1488)
      • wavebrowser.exe (PID: 2948)
      • wavebrowser.exe (PID: 3780)
      • wavebrowser.exe (PID: 1848)
      • wavebrowser.exe (PID: 2704)
      • wavebrowser.exe (PID: 2800)
      • wavebrowser.exe (PID: 2740)
      • wavebrowser.exe (PID: 2944)
      • wavebrowser.exe (PID: 2516)
      • wavebrowser.exe (PID: 1756)
      • wavebrowser.exe (PID: 1900)
      • wavebrowser.exe (PID: 1740)
      • wavebrowser.exe (PID: 1548)
      • wavebrowser.exe (PID: 712)
      • wavebrowser.exe (PID: 3292)

    • Changes the autorun value in the registry

      • SWUpdater.exe (PID: 2584)

    • Drops executable file immediately after starts

      • WaveBrowserSetup_opt.exe (PID: 3792)
      • SWUpdater.exe (PID: 2584)
      • WaveInstaller-v1.1.0.5.exe (PID: 2668)

    • Actions looks like stealing of personal data

      • WaveInstaller-v1.1.0.5.exe (PID: 2668)
      • setup.exe (PID: 1764)
      • setup.exe (PID: 3120)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WaveBrowserSetup_opt.exe (PID: 3792)
      • SWUpdater.exe (PID: 2584)
      • chrome.exe (PID: 2844)
      • Wave Browser_nl3zh7vg_.exe (PID: 1912)
      • SWUpdater.exe (PID: 3816)
      • WaveInstaller-v1.1.0.5.exe (PID: 2668)
      • setup.exe (PID: 1764)

    • Drops a file that was compiled in debug mode

      • SWUpdater.exe (PID: 2584)
      • Wave Browser_nl3zh7vg_.exe (PID: 1912)
      • WaveBrowserSetup_opt.exe (PID: 3792)
      • SWUpdater.exe (PID: 3816)
      • WaveInstaller-v1.1.0.5.exe (PID: 2668)
      • setup.exe (PID: 1764)

    • Drops a file with a compile date too recent

      • chrome.exe (PID: 2844)
      • WaveInstaller-v1.1.0.5.exe (PID: 2668)
      • setup.exe (PID: 1764)

    • Creates/Modifies COM task schedule object

      • SWUpdater.exe (PID: 1464)

    • Starts itself from another location

      • SWUpdater.exe (PID: 2584)
      • setup.exe (PID: 1764)

    • Executed via COM

      • SWUpdater.exe (PID: 3356)

    • Drops a file with too old compile date

      • WaveInstaller-v1.1.0.5.exe (PID: 2668)
      • setup.exe (PID: 1764)

    • Application launched itself

      • setup.exe (PID: 1764)
      • setup.exe (PID: 3120)
      • wavebrowser.exe (PID: 3752)
      • SWUpdater.exe (PID: 3356)

    • Creates files in the user directory

      • setup.exe (PID: 1764)

    • Creates a software uninstall entry

      • setup.exe (PID: 1764)

    • Changes default file association

      • setup.exe (PID: 3120)
      • setup.exe (PID: 1764)

    • Reads the cookies of Google Chrome

      • wavebrowser.exe (PID: 3260)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2844)

    • Reads the hosts file

      • chrome.exe (PID: 1492)
      • chrome.exe (PID: 2844)
      • wavebrowser.exe (PID: 3752)
      • wavebrowser.exe (PID: 2188)

    • Reads settings of System Certificates

      • SWUpdater.exe (PID: 3356)
      • wavebrowser.exe (PID: 3752)

    • Dropped object may contain Bitcoin addresses

      • setup.exe (PID: 1764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
109
Monitored processes
64
Malicious processes
17
Suspicious processes
25

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wave browser_nl3zh7vg_.exe wavebrowsersetup_opt.exe swupdater.exe swupdater.exe no specs swupdater.exe swupdater.exe no specs swupdater.exe waveinstaller-v1.1.0.5.exe setup.exe setup.exe no specs searchprotocolhost.exe no specs setup.exe setup.exe no specs wavebrowser.exe wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe wavebrowser.exe no specs wavebrowser.exe no specs swupdater.exe wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs wavebrowser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4188 /prefetch:8C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
608"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4264 /prefetch:8C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
664"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
712"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
856"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 /prefetch:8C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
952"C:\Users\admin\Wavesor Software\WaveBrowser\1.1.0.5\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win32 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.5 --initial-client-data=0x17c,0x180,0x184,0x150,0x188,0x273630,0x273640,0x27364cC:\Users\admin\Wavesor Software\WaveBrowser\1.1.0.5\Installer\setup.exesetup.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
HIGH
Description:
WaveBrowser Installer
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\installer\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
960"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4304 /prefetch:8C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1016"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3960 /prefetch:8C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1212"C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4352 /prefetch:8C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exewavebrowser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
LOW
Description:
WaveBrowser
Exit code:
0
Version:
1.1.0.5
Modules
Images
c:\users\admin\wavesor software\wavebrowser\wavebrowser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\wavesor software\wavebrowser\1.1.0.5\wavebrowser_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1464"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserverC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.105.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
7 184
Read events
4 430
Write events
2 725
Delete events
29

Modification events

(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3096) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2844-13261282469752250
Value:
259
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2844) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3252-13245750958665039
Value:
0
(PID) Process:(2844) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
57
Suspicious files
141
Text files
258
Unknown types
77

Dropped files

PID
Process
Filename
Type
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-605E8BA6-B1C.pma
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9243c43-b35a-4601-9240-a90a4a548840.tmp
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF131139.TMPtext
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF131168.TMPtext
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF131197.TMPtext
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2844chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF1312df.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
80
DNS requests
84
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODNjQUFXN0xyYnNNZ1UyTjZEQjNiZzhuQQ/4.10.2209.0_oimompecagnajdejgnnjijobebaeigek.crx
US
whitelisted
HEAD
200
176.126.58.207:80
http://r4---sn-x2pm-3ufk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODNjQUFXN0xyYnNNZ1UyTjZEQjNiZzhuQQ/4.10.2209.0_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&mh=1M&mip=31.204.154.118&mm=28&mn=sn-x2pm-3ufk&ms=nvh&mt=1616808817&mv=u&mvi=4&pl=23&shardbypass=yes
PL
whitelisted
1492
chrome.exe
GET
302
54.147.11.160:80
http://download.wavebrowser.co/?src=d-cp12177353273&ob=obgcobedobem&dvc=c&k=&crt=499772317102&adp=none&plc=www.freepik.es&tgt=boomuserlist::6552646826&sl=&cpd=12177353273&gclid=EAIaIQobChMI_rqVrpTP7wIVx77ACh3Tng8YEAEYASAAEgLG1fD_BwE&userid=ec6c42a4-f15b-4536-a30a-48d91461e0c0&tracking_id=nl3zh7vg&st=true
US
html
475 b
unknown
1052
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
US
der
1.05 Kb
whitelisted
1912
Wave Browser_nl3zh7vg_.exe
GET
200
13.225.84.68:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
der
1.70 Kb
whitelisted
1912
Wave Browser_nl3zh7vg_.exe
GET
200
143.204.101.42:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
der
1.51 Kb
whitelisted
1912
Wave Browser_nl3zh7vg_.exe
GET
200
143.204.101.124:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D
US
der
1.39 Kb
shared
GET
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODNjQUFXN0xyYnNNZ1UyTjZEQjNiZzhuQQ/4.10.2209.0_oimompecagnajdejgnnjijobebaeigek.crx
US
html
526 b
whitelisted
GET
302
172.217.18.110:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODNjQUFXN0xyYnNNZ1UyTjZEQjNiZzhuQQ/4.10.2209.0_oimompecagnajdejgnnjijobebaeigek.crx
US
html
526 b
whitelisted
GET
206
176.126.58.207:80
http://r4---sn-x2pm-3ufk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODNjQUFXN0xyYnNNZ1UyTjZEQjNiZzhuQQ/4.10.2209.0_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&mh=1M&mip=31.204.154.118&mm=28&mn=sn-x2pm-3ufk&ms=nvh&mt=1616808817&mv=u&mvi=4&pl=23&shardbypass=yes
PL
binary
5.67 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1492
chrome.exe
54.147.11.160:80
download.wavebrowser.co
Amazon.com, Inc.
US
unknown
142.250.185.141:443
accounts.google.com
Google Inc.
US
whitelisted
1492
chrome.exe
54.147.11.160:443
download.wavebrowser.co
Amazon.com, Inc.
US
unknown
1492
chrome.exe
142.250.186.174:443
sb-ssl.google.com
Google Inc.
US
whitelisted
142.250.186.174:443
sb-ssl.google.com
Google Inc.
US
whitelisted
1492
chrome.exe
142.250.185.99:443
ssl.gstatic.com
Google Inc.
US
whitelisted
1912
Wave Browser_nl3zh7vg_.exe
18.235.74.48:443
api.wavebrowserbase.com
US
unknown
1912
Wave Browser_nl3zh7vg_.exe
13.225.84.68:80
o.ss2.us
US
unknown
1912
Wave Browser_nl3zh7vg_.exe
143.204.101.42:80
ocsp.rootg2.amazontrust.com
US
whitelisted
1912
Wave Browser_nl3zh7vg_.exe
143.204.101.124:80
ocsp.rootg2.amazontrust.com
US
whitelisted

DNS requests

Domain
IP
Reputation
download.wavebrowser.co
  • 54.147.11.160
  • 52.1.121.174
  • 52.71.207.59
unknown
accounts.google.com
  • 142.250.185.141
shared
sb-ssl.google.com
  • 142.250.186.174
whitelisted
ssl.gstatic.com
  • 142.250.185.99
  • 142.250.185.227
whitelisted
api.wavebrowserbase.com
  • 18.235.74.48
  • 54.236.186.192
malicious
o.ss2.us
  • 13.225.84.68
  • 13.225.84.97
  • 13.225.84.66
  • 13.225.84.42
whitelisted
ocsp.rootg2.amazontrust.com
  • 143.204.101.42
  • 143.204.101.124
  • 143.204.101.74
  • 143.204.101.190
whitelisted
ocsp.rootca1.amazontrust.com
  • 143.204.101.124
  • 143.204.101.190
  • 143.204.101.74
  • 143.204.101.42
shared
ocsp.sca1b.amazontrust.com
  • 13.224.194.48
  • 13.224.194.127
  • 13.224.194.18
  • 13.224.194.189
  • 13.32.23.134
  • 13.32.23.140
  • 13.32.23.197
  • 13.32.23.35
whitelisted
swupdater.com
  • 54.160.172.209
  • 52.203.183.46
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://download.wavebrowser.co/?src=d-cp12177353273&ob=obgcobedobem&dvc=c&k=&crt=499772317102&adp=none&plc=www.freepik.es&tgt=boomuserlist::6552646826&sl=&cpd=12177353273&gclid=EAIaIQobChMI_rqVrpTP7wIVx77ACh3Tng8YEAEYASAAEgLG1fD_BwE&userid=ec6c42a4-f15b-4536-a30a-48d91461e0c0&tracking_id=nl3zh7vg&st=true