| URL: | http://download.wavebrowser.co/?src=d-cp12177353273&ob=obgcobedobem&dvc=c&k=&crt=499772317102&adp=none&plc=www.freepik.es&tgt=boomuserlist::6552646826&sl=&cpd=12177353273&gclid=EAIaIQobChMI_rqVrpTP7wIVx77ACh3Tng8YEAEYASAAEgLG1fD_BwE&userid=ec6c42a4-f15b-4536-a30a-48d91461e0c0&tracking_id=nl3zh7vg&st=true |
| Full analysis: | https://app.any.run/tasks/fe829bbc-44f0-4edd-b260-505147e5fa7e |
| Verdict: | Malicious activity |
| Analysis date: | March 27, 2021, 01:34:18 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MD5: | 92FBC9A2054D0DADF7131558609E713D |
| SHA1: | 47B661B40C34D59FC38BF91B8FB86579B7ACD90E |
| SHA256: | 6BBCD5AE0D5B1B329517A2D3863D400B22A575131D81BD5973D1B1B4BCA8A207 |
| SSDEEP: | 6:Ca5VKSWeFKHbzYRt04mYhSLD06Cyd2buWyGJcqySSkmExLeMwzUsGo+OEzHA:RpKHbzScE6CyQbuWVCqy1Ex6Mwzjlw0 |
MALICIOUS
Loads dropped or rewritten executable
- Wave Browser_nl3zh7vg_.exe (PID: 1912)
- SWUpdater.exe (PID: 1464)
- SWUpdater.exe (PID: 3816)
- SWUpdater.exe (PID: 3356)
- SWUpdater.exe (PID: 2584)
- SWUpdater.exe (PID: 1684)
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
- SearchProtocolHost.exe (PID: 1520)
- wavebrowser.exe (PID: 3752)
- wavebrowser.exe (PID: 3852)
- wavebrowser.exe (PID: 3292)
- wavebrowser.exe (PID: 856)
- wavebrowser.exe (PID: 2188)
- wavebrowser.exe (PID: 3260)
- wavebrowser.exe (PID: 3432)
- wavebrowser.exe (PID: 3196)
- wavebrowser.exe (PID: 664)
- SWUpdater.exe (PID: 2852)
- wavebrowser.exe (PID: 4080)
- wavebrowser.exe (PID: 3496)
- wavebrowser.exe (PID: 1016)
- wavebrowser.exe (PID: 3268)
- wavebrowser.exe (PID: 120)
- wavebrowser.exe (PID: 2956)
- wavebrowser.exe (PID: 1212)
- wavebrowser.exe (PID: 2364)
- wavebrowser.exe (PID: 3212)
- wavebrowser.exe (PID: 2960)
- wavebrowser.exe (PID: 1920)
- wavebrowser.exe (PID: 960)
- wavebrowser.exe (PID: 608)
- wavebrowser.exe (PID: 2684)
- wavebrowser.exe (PID: 3712)
- wavebrowser.exe (PID: 1488)
- wavebrowser.exe (PID: 2948)
- wavebrowser.exe (PID: 2740)
- wavebrowser.exe (PID: 3780)
- wavebrowser.exe (PID: 1848)
- wavebrowser.exe (PID: 2704)
- wavebrowser.exe (PID: 2800)
- wavebrowser.exe (PID: 3416)
- wavebrowser.exe (PID: 1740)
- wavebrowser.exe (PID: 2944)
- wavebrowser.exe (PID: 1756)
- wavebrowser.exe (PID: 2516)
- wavebrowser.exe (PID: 1900)
- wavebrowser.exe (PID: 712)
- wavebrowser.exe (PID: 1548)
Application was dropped or rewritten from another process
- Wave Browser_nl3zh7vg_.exe (PID: 1912)
- SWUpdater.exe (PID: 2584)
- SWUpdater.exe (PID: 1464)
- SWUpdater.exe (PID: 3816)
- SWUpdater.exe (PID: 1684)
- SWUpdater.exe (PID: 3356)
- WaveBrowserSetup_opt.exe (PID: 3792)
- setup.exe (PID: 1764)
- setup.exe (PID: 3120)
- setup.exe (PID: 952)
- setup.exe (PID: 4020)
- wavebrowser.exe (PID: 3752)
- wavebrowser.exe (PID: 3852)
- wavebrowser.exe (PID: 856)
- wavebrowser.exe (PID: 3292)
- wavebrowser.exe (PID: 2188)
- wavebrowser.exe (PID: 3260)
- SWUpdater.exe (PID: 2852)
- wavebrowser.exe (PID: 3432)
- wavebrowser.exe (PID: 3196)
- wavebrowser.exe (PID: 664)
- wavebrowser.exe (PID: 120)
- wavebrowser.exe (PID: 4080)
- wavebrowser.exe (PID: 3496)
- wavebrowser.exe (PID: 1016)
- wavebrowser.exe (PID: 3268)
- wavebrowser.exe (PID: 2956)
- wavebrowser.exe (PID: 608)
- wavebrowser.exe (PID: 3212)
- wavebrowser.exe (PID: 1212)
- wavebrowser.exe (PID: 2364)
- wavebrowser.exe (PID: 960)
- wavebrowser.exe (PID: 2960)
- wavebrowser.exe (PID: 1920)
- wavebrowser.exe (PID: 2684)
- wavebrowser.exe (PID: 3780)
- wavebrowser.exe (PID: 2948)
- wavebrowser.exe (PID: 1848)
- wavebrowser.exe (PID: 2704)
- wavebrowser.exe (PID: 2800)
- wavebrowser.exe (PID: 3416)
- wavebrowser.exe (PID: 1488)
- wavebrowser.exe (PID: 3712)
- wavebrowser.exe (PID: 2740)
- wavebrowser.exe (PID: 2516)
- wavebrowser.exe (PID: 712)
- wavebrowser.exe (PID: 2944)
- wavebrowser.exe (PID: 1756)
- wavebrowser.exe (PID: 1900)
- wavebrowser.exe (PID: 1804)
- wavebrowser.exe (PID: 1548)
- wavebrowser.exe (PID: 1740)
Drops executable file immediately after starts
- WaveBrowserSetup_opt.exe (PID: 3792)
- SWUpdater.exe (PID: 2584)
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
Changes the autorun value in the registry
- SWUpdater.exe (PID: 2584)
Loads the Task Scheduler COM API
- SWUpdater.exe (PID: 2584)
- setup.exe (PID: 1764)
- wavebrowser.exe (PID: 3752)
- wavebrowser.exe (PID: 1920)
Actions looks like stealing of personal data
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
- setup.exe (PID: 1764)
- setup.exe (PID: 3120)
SUSPICIOUS
Executable content was dropped or overwritten
- chrome.exe (PID: 2844)
- WaveBrowserSetup_opt.exe (PID: 3792)
- Wave Browser_nl3zh7vg_.exe (PID: 1912)
- SWUpdater.exe (PID: 2584)
- SWUpdater.exe (PID: 3816)
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
- setup.exe (PID: 1764)
Drops a file with a compile date too recent
- chrome.exe (PID: 2844)
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
- setup.exe (PID: 1764)
Drops a file that was compiled in debug mode
- Wave Browser_nl3zh7vg_.exe (PID: 1912)
- WaveBrowserSetup_opt.exe (PID: 3792)
- SWUpdater.exe (PID: 2584)
- SWUpdater.exe (PID: 3816)
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
- setup.exe (PID: 1764)
Creates/Modifies COM task schedule object
- SWUpdater.exe (PID: 1464)
Starts itself from another location
- SWUpdater.exe (PID: 2584)
- setup.exe (PID: 1764)
Executed via COM
- SWUpdater.exe (PID: 3356)
Drops a file with too old compile date
- WaveInstaller-v1.1.0.5.exe (PID: 2668)
- setup.exe (PID: 1764)
Application launched itself
- setup.exe (PID: 1764)
- setup.exe (PID: 3120)
- wavebrowser.exe (PID: 3752)
- SWUpdater.exe (PID: 3356)
Creates files in the user directory
- setup.exe (PID: 1764)
Creates a software uninstall entry
- setup.exe (PID: 1764)
Changes default file association
- setup.exe (PID: 3120)
- setup.exe (PID: 1764)
Reads the cookies of Google Chrome
- wavebrowser.exe (PID: 3260)
INFO
Application launched itself
- chrome.exe (PID: 2844)
Reads the hosts file
- chrome.exe (PID: 1492)
- chrome.exe (PID: 2844)
- wavebrowser.exe (PID: 3752)
- wavebrowser.exe (PID: 2188)
Reads settings of System Certificates
- SWUpdater.exe (PID: 3356)
- wavebrowser.exe (PID: 3752)
Dropped object may contain Bitcoin addresses
- setup.exe (PID: 1764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
109
Monitored processes
64
Malicious processes
17
Suspicious processes
25
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 120 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4188 /prefetch:8 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 608 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4264 /prefetch:8 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 664 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 712 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=renderer --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2352 /prefetch:1 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 856 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 /prefetch:8 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 952 | "C:\Users\admin\Wavesor Software\WaveBrowser\1.1.0.5\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win32 --annotation=prod=WaveBrowser --annotation=ver=1.1.0.5 --initial-client-data=0x17c,0x180,0x184,0x150,0x188,0x273630,0x273640,0x27364c | C:\Users\admin\Wavesor Software\WaveBrowser\1.1.0.5\Installer\setup.exe | — | setup.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: HIGH Description: WaveBrowser Installer Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 960 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4304 /prefetch:8 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 1016 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3960 /prefetch:8 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 1212 | "C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4352 /prefetch:8 | C:\Users\admin\Wavesor Software\WaveBrowser\wavebrowser.exe | — | wavebrowser.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: LOW Description: WaveBrowser Exit code: 0 Version: 1.1.0.5 Modules
| |||||||||||||||
| 1464 | "C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserver | C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe | — | SWUpdater.exe | |||||||||||
User: admin Company: Wavesor Software Integrity Level: MEDIUM Description: Wavesor SWUpdater Exit code: 0 Version: 1.3.105.0 Modules
| |||||||||||||||
Total events
7 184
Read events
4 430
Write events
2 725
Delete events
29
Modification events
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | failed_count |
Value: 0 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 2 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty |
| Operation: | write | Name: | StatusCodes |
Value: 01000000 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon |
| Operation: | write | Name: | state |
Value: 1 | |||
| (PID) Process: | (3096) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
| Operation: | write | Name: | 2844-13261282469752250 |
Value: 259 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome |
| Operation: | write | Name: | UsageStatsInSample |
Value: 0 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes |
| Operation: | delete value | Name: | 3252-13245750958665039 |
Value: 0 | |||
| (PID) Process: | (2844) chrome.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96} |
| Operation: | write | Name: | usagestats |
Value: 0 | |||
Executable files
57
Suspicious files
141
Text files
258
Unknown types
77
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-605E8BA6-B1C.pma | — | |
MD5:— | SHA256:— | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9243c43-b35a-4601-9240-a90a4a548840.tmp | — | |
MD5:— | SHA256:— | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp | — | |
MD5:— | SHA256:— | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old | text | |
MD5:D4322EEBAC92D1B8F7A6F5E39F6264B7 | SHA256:A3EEDF21B850DCC7CE5AE04395ECDD2D29DA4EA549C8A185DD9E8B552A87B8C2 | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old | text | |
MD5:C2DDBA63E4A2BD2E39A8B6C2C6384AAE | SHA256:6D5C1C78341C6F84911055D970ADDB0EC3499F8BF7FADE062122A22209CE67D9 | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF131139.TMP | text | |
MD5:FB5B20517A0D1F7DAD485989565BEE5E | SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101 | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old | — | |
MD5:— | SHA256:— | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | text | |
MD5:FB5B20517A0D1F7DAD485989565BEE5E | SHA256:99405F66EDBEB2306F4D0B4469DCADFF5293B5E1549C588CCFACEA439BB3B101 | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 2844 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF1312df.TMP | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
80
DNS requests
84
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1912 | Wave Browser_nl3zh7vg_.exe | GET | 200 | 143.204.101.124:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
1492 | chrome.exe | GET | 302 | 54.147.11.160:80 | http://download.wavebrowser.co/?src=d-cp12177353273&ob=obgcobedobem&dvc=c&k=&crt=499772317102&adp=none&plc=www.freepik.es&tgt=boomuserlist::6552646826&sl=&cpd=12177353273&gclid=EAIaIQobChMI_rqVrpTP7wIVx77ACh3Tng8YEAEYASAAEgLG1fD_BwE&userid=ec6c42a4-f15b-4536-a30a-48d91461e0c0&tracking_id=nl3zh7vg&st=true | US | html | 475 b | unknown |
1912 | Wave Browser_nl3zh7vg_.exe | GET | 200 | 13.224.194.48:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAtsfswjS%2B5SQWiuEoiZfK0%3D | US | der | 471 b | whitelisted |
1912 | Wave Browser_nl3zh7vg_.exe | GET | 200 | 13.225.84.68:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
1052 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzEBwbi4EtIEVqKGq%2FDeuw3LZDrAQU%2BCXZpjnHw4GHJT4wVJEYIUCbF50CEAGlbicmfJ%2B9cwizLdCwXcY%3D | US | binary | 5 b | whitelisted |
1052 | svchost.exe | GET | 200 | 142.250.186.99:80 | http://ocsp.pki.goog/GTSGIAG3/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCCB1hFTiyruqn | US | binary | 5 b | whitelisted |
1912 | Wave Browser_nl3zh7vg_.exe | GET | 200 | 143.204.101.42:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
1052 | svchost.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl | US | der | 1.05 Kb | whitelisted |
1764 | setup.exe | GET | 200 | 13.32.23.134:80 | http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAS0rdR4en9j4UncRxIO7Ig%3D | US | der | 471 b | whitelisted |
— | — | HEAD | 302 | 172.217.18.110:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODNjQUFXN0xyYnNNZ1UyTjZEQjNiZzhuQQ/4.10.2209.0_oimompecagnajdejgnnjijobebaeigek.crx | US | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2668 | WaveInstaller-v1.1.0.5.exe | 13.32.21.118:443 | cdn.wavebrowserbase.com | Amazon.com, Inc. | US | unknown |
1492 | chrome.exe | 54.147.11.160:80 | download.wavebrowser.co | Amazon.com, Inc. | US | unknown |
— | — | 142.250.185.141:443 | accounts.google.com | Google Inc. | US | whitelisted |
1492 | chrome.exe | 54.147.11.160:443 | download.wavebrowser.co | Amazon.com, Inc. | US | unknown |
1492 | chrome.exe | 142.250.186.174:443 | sb-ssl.google.com | Google Inc. | US | whitelisted |
— | — | 142.250.186.174:443 | sb-ssl.google.com | Google Inc. | US | whitelisted |
1492 | chrome.exe | 142.250.185.99:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
1912 | Wave Browser_nl3zh7vg_.exe | 18.235.74.48:443 | api.wavebrowserbase.com | — | US | unknown |
1912 | Wave Browser_nl3zh7vg_.exe | 13.225.84.68:80 | o.ss2.us | — | US | unknown |
1912 | Wave Browser_nl3zh7vg_.exe | 143.204.101.42:80 | ocsp.rootg2.amazontrust.com | — | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
download.wavebrowser.co |
| unknown |
accounts.google.com |
| shared |
sb-ssl.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
api.wavebrowserbase.com |
| malicious |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |
ocsp.rootca1.amazontrust.com |
| shared |
ocsp.sca1b.amazontrust.com |
| whitelisted |
swupdater.com |
| unknown |