URL:

https://www.getdiscoverbrowser.com/

Full analysis: https://app.any.run/tasks/0c7de585-1109-448b-9c9e-4492485fe20c
Verdict: Malicious activity
Analysis date: March 24, 2021, 12:20:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

8A25F719C7D0D0D04959C4362A99BDE2

SHA1:

DAED9670F6355FB60DD97BF3FF799F34B60EE98A

SHA256:

8A0346F383AD88331E757A424D0E97DBF2804D889319F14BDEC9E5EF57B74BF1

SSDEEP:

3:N8DSLqIUXKlyyK3:2OLqNatK3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • WebDiscover-4.52.2.exe (PID: 3032)
      • WebDiscover-4.52.2.exe (PID: 1812)
      • browser.exe (PID: 2832)
      • browser.exe (PID: 3292)
      • browser.exe (PID: 2944)
      • browser.exe (PID: 3876)
      • browser.exe (PID: 2496)
      • browser.exe (PID: 2664)
      • browser.exe (PID: 4080)
      • browser.exe (PID: 3320)
      • browser.exe (PID: 2688)
      • browser.exe (PID: 1200)
      • browser.exe (PID: 3864)
      • browser.exe (PID: 2888)
      • browser.exe (PID: 2880)
      • browser.exe (PID: 2812)
      • browser.exe (PID: 3156)
      • browser.exe (PID: 2612)
      • browser.exe (PID: 2060)
      • browser.exe (PID: 3492)
      • browser.exe (PID: 2728)

    • Changes settings of System certificates

      • WebDiscover-4.52.2.tmp (PID: 3448)
      • browser.exe (PID: 3876)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 2080)
      • schtasks.exe (PID: 3328)
      • schtasks.exe (PID: 3924)
      • schtasks.exe (PID: 1572)
      • schtasks.exe (PID: 2520)
      • schtasks.exe (PID: 3816)

    • Uses Task Scheduler to run other applications

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Changes the autorun value in the registry

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Uses Task Scheduler to autorun other applications

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Loads dropped or rewritten executable

      • browser.exe (PID: 2832)
      • browser.exe (PID: 2944)
      • browser.exe (PID: 3292)
      • browser.exe (PID: 3876)
      • browser.exe (PID: 2496)
      • browser.exe (PID: 2664)
      • browser.exe (PID: 1200)
      • browser.exe (PID: 4080)
      • browser.exe (PID: 3320)
      • browser.exe (PID: 2728)
      • browser.exe (PID: 3864)
      • browser.exe (PID: 2688)
      • browser.exe (PID: 2888)
      • browser.exe (PID: 2812)
      • browser.exe (PID: 3156)
      • browser.exe (PID: 2880)
      • browser.exe (PID: 2612)
      • browser.exe (PID: 3492)
      • browser.exe (PID: 2060)

    • Steals credentials from Web Browsers

      • browser.exe (PID: 3876)

    • Actions looks like stealing of personal data

      • browser.exe (PID: 3876)

  • SUSPICIOUS

    • Reads Windows owner or organization settings

      • WebDiscover-4.52.2.tmp (PID: 1540)
      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2488)
      • WebDiscover-4.52.2.exe (PID: 3032)
      • WebDiscover-4.52.2.exe (PID: 1812)
      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Reads the Windows organization settings

      • WebDiscover-4.52.2.tmp (PID: 1540)
      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Adds / modifies Windows certificates

      • WebDiscover-4.52.2.tmp (PID: 3448)
      • browser.exe (PID: 3876)

    • Creates a directory in Program Files

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Drops a file that was compiled in debug mode

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Drops a file with too old compile date

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Creates files in the user directory

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Starts SC.EXE for service management

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Application launched itself

      • browser.exe (PID: 2832)
      • browser.exe (PID: 3876)

    • Searches for installed software

      • WebDiscover-4.52.2.tmp (PID: 3448)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2488)

    • Reads the hosts file

      • chrome.exe (PID: 2488)
      • chrome.exe (PID: 2704)
      • browser.exe (PID: 3876)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2488)
      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Application was dropped or rewritten from another process

      • WebDiscover-4.52.2.tmp (PID: 1540)
      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Creates files in the program directory

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Dropped object may contain Bitcoin addresses

      • WebDiscover-4.52.2.tmp (PID: 3448)

    • Creates a software uninstall entry

      • WebDiscover-4.52.2.tmp (PID: 3448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
91
Monitored processes
40
Malicious processes
6
Suspicious processes
10

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs webdiscover-4.52.2.exe webdiscover-4.52.2.tmp webdiscover-4.52.2.exe webdiscover-4.52.2.tmp schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs sc.exe no specs schtasks.exe no specs schtasks.exe no specs browser.exe browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1008,15571839112162812154,7478397354272688630,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1242617932245106422 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1200"C:\Program Files\WebDiscoverBrowser\4.52.2\browser.exe" --type=utility --field-trial-handle=2068,779053618075301482,9276563546761874938,131072 --lang=en-US --service-sandbox-type=utility --service-request-channel-token=54A793E0EB84CEE99B1D6E2B693CFFD1 --mojo-platform-channel-handle=2764 --ignored=" --type=renderer " /prefetch:8C:\Program Files\WebDiscoverBrowser\4.52.2\browser.exebrowser.exe
User:
admin
Company:
WebDiscover Media
Integrity Level:
LOW
Description:
WebDiscover Browser
Exit code:
0
Version:
4.52.2
Modules
Images
c:\program files\webdiscoverbrowser\4.52.2\browser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\webdiscoverbrowser\4.52.2\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1540"C:\Users\admin\AppData\Local\Temp\is-T02I7.tmp\WebDiscover-4.52.2.tmp" /SL5="$20162,45047751,225280,C:\Users\admin\Downloads\WebDiscover-4.52.2.exe" C:\Users\admin\AppData\Local\Temp\is-T02I7.tmp\WebDiscover-4.52.2.tmp
WebDiscover-4.52.2.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
1699
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-t02i7.tmp\webdiscover-4.52.2.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1572"schtasks" /delete /tn "WebDiscover Browser Update Task" /fC:\Windows\system32\schtasks.exeWebDiscover-4.52.2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1812"C:\Users\admin\Downloads\WebDiscover-4.52.2.exe" /SL5="$20162,45047751,225280,C:\Users\admin\Downloads\WebDiscover-4.52.2.exe" C:\Users\admin\Downloads\WebDiscover-4.52.2.exe
WebDiscover-4.52.2.tmp
User:
admin
Company:
WebDiscover Media
Integrity Level:
HIGH
Description:
WebDiscover Browser Setup
Exit code:
0
Version:
4.52.2
Modules
Images
c:\users\admin\downloads\webdiscover-4.52.2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1896"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1008,15571839112162812154,7478397354272688630,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14336488128362501596 --mojo-platform-channel-handle=3440 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2060"C:\Program Files\WebDiscoverBrowser\4.52.2\browser.exe" --type=renderer --field-trial-handle=2068,779053618075301482,9276563546761874938,131072 --service-pipe-token=1FA9CD2701C2CDBC00B8917B1532BB56 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=1FA9CD2701C2CDBC00B8917B1532BB56 --renderer-client-id=16 --mojo-platform-channel-handle=4244 /prefetch:1C:\Program Files\WebDiscoverBrowser\4.52.2\browser.exebrowser.exe
User:
admin
Company:
WebDiscover Media
Integrity Level:
LOW
Description:
WebDiscover Browser
Exit code:
0
Version:
4.52.2
Modules
Images
c:\program files\webdiscoverbrowser\4.52.2\browser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\webdiscoverbrowser\4.52.2\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2080"schtasks" /delete /tn "WebDiscover Browser Launch Task" /fC:\Windows\system32\schtasks.exeWebDiscover-4.52.2.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
2488"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://www.getdiscoverbrowser.com/"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2496"C:\Program Files\WebDiscoverBrowser\4.52.2\browser.exe" --type=renderer --field-trial-handle=2068,779053618075301482,9276563546761874938,131072 --service-pipe-token=488AA2AD3CB814A8837503ADD49FEAA6 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=488AA2AD3CB814A8837503ADD49FEAA6 --renderer-client-id=2 --mojo-platform-channel-handle=2100 /prefetch:1C:\Program Files\WebDiscoverBrowser\4.52.2\browser.exebrowser.exe
User:
admin
Company:
WebDiscover Media
Integrity Level:
LOW
Description:
WebDiscover Browser
Exit code:
0
Version:
4.52.2
Modules
Images
c:\program files\webdiscoverbrowser\4.52.2\browser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\webdiscoverbrowser\4.52.2\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
1 977
Read events
1 730
Write events
233
Delete events
14

Modification events

(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2488-13261062023591000
Value:
259
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2488) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3252-13245750958665039
Value:
0
(PID) Process:(2488) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
12
Suspicious files
52
Text files
151
Unknown types
83

Dropped files

PID
Process
Filename
Type
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-605B2E88-9B8.pma
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\de00a33b-0750-4016-88da-fc179b42fbaa.tmp
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF12c1d1.TMPtext
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF12c1c2.TMPtext
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2488chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF12c490.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
64
DNS requests
34
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
173.194.164.169:80
http://r3---sn-4g5edned.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx?cms_redirect=yes&mh=cF&mip=157.97.122.3&mm=28&mn=sn-4g5edned&ms=nvh&mt=1616588179&mv=m&mvi=3&pl=24&shardbypass=yes
US
whitelisted
HEAD
302
216.58.212.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
US
whitelisted
3876
browser.exe
GET
301
172.67.191.142:80
http://cdn.getwebdiscover.com/misspell_wd.json
US
whitelisted
3876
browser.exe
GET
200
173.194.164.156:80
http://r6---sn-4g5edne6.gvt1.com/edgedl/release2/chrome_component/Zfqevgz5opNxfpakpaGhCw_6502/AJ6mdvwBTd_wwrfggQx2lS4?cms_redirect=yes&mh=gB&mip=157.97.122.3&mm=28&mn=sn-4g5edne6&ms=nvh&mt=1616588179&mv=m&mvi=6&pl=24&shardbypass=yes
US
crx
23.8 Kb
whitelisted
GET
302
216.58.212.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
US
html
523 b
whitelisted
GET
302
216.58.212.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
US
html
523 b
whitelisted
GET
206
173.194.164.169:80
http://r3---sn-4g5edned.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx?cms_redirect=yes&mh=cF&mip=157.97.122.3&mm=28&mn=sn-4g5edned&ms=nvh&mt=1616588179&mv=m&mvi=3&pl=24&shardbypass=yes
US
compressed
10.4 Kb
whitelisted
GET
206
173.194.164.169:80
http://r3---sn-4g5edned.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx?cms_redirect=yes&mh=cF&mip=157.97.122.3&mm=28&mn=sn-4g5edned&ms=nvh&mt=1616588179&mv=m&mvi=3&pl=24&shardbypass=yes
US
binary
10.1 Kb
whitelisted
GET
206
173.194.164.169:80
http://r3---sn-4g5edned.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx?cms_redirect=yes&mh=cF&mip=157.97.122.3&mm=28&mn=sn-4g5edned&ms=nvh&mt=1616588179&mv=m&mvi=3&pl=24&shardbypass=yes
US
binary
93.6 Kb
whitelisted
GET
302
216.58.212.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvN2MwQUFWdmlaX0VYMlk3YWlITHpVbV9MZw/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
US
html
523 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2704
chrome.exe
172.67.171.34:443
www.getdiscoverbrowser.com
US
suspicious
2704
chrome.exe
142.250.185.173:443
accounts.google.com
Google Inc.
US
suspicious
2704
chrome.exe
104.16.124.175:443
unpkg.com
Cloudflare Inc
US
shared
2704
chrome.exe
142.250.74.142:443
www.google-analytics.com
Google Inc.
US
whitelisted
2704
chrome.exe
173.194.76.157:443
stats.g.doubleclick.net
Google Inc.
US
whitelisted
2704
chrome.exe
142.250.185.67:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2704
chrome.exe
104.21.47.119:443
www.getdiscoverbrowser.com
Cloudflare Inc
US
unknown
2704
chrome.exe
104.21.92.104:443
cdn.getwebdiscover.com
Cloudflare Inc
US
suspicious
2704
chrome.exe
172.217.22.206:443
sb-ssl.google.com
Google Inc.
US
whitelisted
3448
WebDiscover-4.52.2.tmp
104.21.47.119:443
www.getdiscoverbrowser.com
Cloudflare Inc
US
unknown

DNS requests

Domain
IP
Reputation
www.getdiscoverbrowser.com
  • 172.67.171.34
  • 104.21.47.119
malicious
accounts.google.com
  • 142.250.185.173
shared
unpkg.com
  • 104.16.124.175
  • 104.16.125.175
  • 104.16.126.175
  • 104.16.123.175
  • 104.16.122.175
whitelisted
fonts.googleapis.com
  • 172.217.23.42
whitelisted
fonts.gstatic.com
  • 172.217.18.67
whitelisted
www.google-analytics.com
  • 142.250.74.142
whitelisted
stats.g.doubleclick.net
  • 173.194.76.157
  • 173.194.76.154
  • 173.194.76.156
  • 173.194.76.155
whitelisted
ssl.gstatic.com
  • 142.250.185.67
whitelisted
cdn.getwebdiscover.com
  • 172.67.191.142
  • 104.21.92.104
whitelisted
sb-ssl.google.com
  • 172.217.22.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.getdiscoverbrowser.com/