File name:

Wave Browser.exe

Full analysis: https://app.any.run/tasks/bc1c1987-7d7b-4d52-a926-7e2b2630f9bc
Verdict: Malicious activity
Analysis date: November 13, 2023, 20:03:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

A69D796AB71F88742EBC5317FF46015A

SHA1:

E0161537372941371751CFC3DEFE9041B03251C1

SHA256:

204259FC2CAF158EB9BFAE76AA4204DDE93A18643F5CBB578D8F93260F11593D

SSDEEP:

49152:prU1o43o9bUFcRfZQ2hTh9kuuSRONSOykQeEZV1rj6oGiTmOV8LBqsU9/Cywt9Bu:pA1o44xUF4ZQ2Fh9kuuSROrBQea1/6HW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Wave Browser.exe (PID: 3432)
      • SWUpdater.exe (PID: 3528)
      • SWUpdaterSetup.exe (PID: 3444)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Wave Browser.exe (PID: 3432)
      • SWUpdater.exe (PID: 3852)
      • SWUpdater.exe (PID: 3936)

    • Reads security settings of Internet Explorer

      • Wave Browser.exe (PID: 3432)

    • Checks Windows Trust Settings

      • Wave Browser.exe (PID: 3432)

    • Reads settings of System Certificates

      • Wave Browser.exe (PID: 3432)
      • SWUpdater.exe (PID: 3852)
      • SWUpdater.exe (PID: 3936)

    • The process creates files with name similar to system file names

      • Wave Browser.exe (PID: 3432)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Wave Browser.exe (PID: 3432)

    • Starts itself from another location

      • SWUpdater.exe (PID: 3528)

    • Creates/Modifies COM task schedule object

      • SWUpdater.exe (PID: 3652)

  • INFO

    • Checks supported languages

      • Wave Browser.exe (PID: 3432)
      • wmpnscfg.exe (PID: 3608)
      • SWUpdater.exe (PID: 3528)
      • SWUpdater.exe (PID: 3652)
      • SWUpdater.exe (PID: 3852)
      • SWUpdater.exe (PID: 3876)
      • SWUpdaterSetup.exe (PID: 3444)
      • SWUpdater.exe (PID: 3936)

    • Reads the computer name

      • Wave Browser.exe (PID: 3432)
      • wmpnscfg.exe (PID: 3608)
      • SWUpdater.exe (PID: 3876)
      • SWUpdater.exe (PID: 3528)
      • SWUpdater.exe (PID: 3852)
      • SWUpdater.exe (PID: 3936)

    • Checks proxy server information

      • Wave Browser.exe (PID: 3432)

    • Reads the machine GUID from the registry

      • Wave Browser.exe (PID: 3432)
      • SWUpdater.exe (PID: 3528)
      • wmpnscfg.exe (PID: 3608)
      • SWUpdater.exe (PID: 3852)
      • SWUpdater.exe (PID: 3876)
      • SWUpdater.exe (PID: 3936)

    • Create files in a temporary directory

      • Wave Browser.exe (PID: 3432)
      • SWUpdaterSetup.exe (PID: 3444)

    • Creates files or folders in the user directory

      • Wave Browser.exe (PID: 3432)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3608)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:09:14 21:13:20+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24576
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x31d6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.3.15.3
ProductVersionNumber: 1.3.15.3
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Wavesor Software
FileDescription: WaveBrowser
FileVersion: 1.3.15.3
LegalCopyright: Copyright 2023 Wavesor Software. All rights reserved.
OriginalFileName: Wave Browser
ProductName: WaveBrowser
ProductVersion: 1.3.15.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
8
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start wave browser.exe wmpnscfg.exe no specs swupdatersetup.exe no specs swupdater.exe no specs swupdater.exe no specs swupdater.exe swupdater.exe no specs swupdater.exe

Process information

PID
CMD
Path
Indicators
Parent process
3432"C:\Users\admin\AppData\Local\Temp\Wave Browser.exe" C:\Users\admin\AppData\Local\Temp\Wave Browser.exe
explorer.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser
Exit code:
0
Version:
1.3.15.3
Modules
Images
c:\users\admin\appdata\local\temp\wave browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3444"C:\Users\admin\AppData\Local\Temp\nsp7758.tmp\SWUpdaterSetup.exe" /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"C:\Users\admin\AppData\Local\Temp\nsp7758.tmp\SWUpdaterSetup.exeWave Browser.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater Setup
Exit code:
0
Version:
1.3.133.0
Modules
Images
c:\users\admin\appdata\local\temp\nsp7758.tmp\swupdatersetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3528C:\Users\admin\AppData\Local\Temp\GUMBC11.tmp\SWUpdater.exe /install "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1"C:\Users\admin\AppData\Local\Temp\GUMBC11.tmp\SWUpdater.exeSWUpdaterSetup.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.133.0
Modules
Images
c:\users\admin\appdata\local\temp\gumbc11.tmp\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3608"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
3652"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserverC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.133.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3852"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTMzLjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMzMuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9IntCMTYyNjFENC05QTA5LTQ3OTEtODRFQy1GMjA1MzExOUI0MzR9IiB1c2VyaWQ9InthYjBhY2QwNi1hZjNjLTQxNTItOTgxYS0wYjIyYzhiNThkYjJ9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0QwREE5MzBDLTM5NDItNEMwRC1BNjhFLTY4QjE0QUQ5QkQ5Qn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMjQ1NDYiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0ie0Y2RjYwQUNFLTcxQUQtNDYxMC04MEQ0LTkyNTM3MjlGQjRCN30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xMzMuMCIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM0NCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe
SWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.133.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3876"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=1&installdataindex=1" /installsource otherinstallcmd /sessionid "{B16261D4-9A09-4791-84EC-F2053119B434}"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.133.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
3936"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" -EmbeddingC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe
svchost.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.133.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
Total events
12 783
Read events
12 336
Write events
430
Delete events
17

Modification events

(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000059010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3432) Wave Browser.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3608) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{81FE3DAC-547A-41C7-AD60-A5B17B703631}\{03A0301B-64CE-43A4-8FC2-11A08DE58BCE}
Operation:delete keyName:(default)
Value:
Executable files
31
Suspicious files
10
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3432Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nsp7758.tmp\inetc.dllexecutable
MD5:01E912F4DCC1962E4CAF95CF06824BD6
SHA256:7DE65937B8B6DCEBE11E373630B32979DD51DD642F5024C398E235FC603683DA
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:50E620783E56A55E7D777118689BC431
SHA256:D6602F15CAAFDC410C901FF32F86812D76262767B1DBECA43F5E79FBC410BAFA
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:5BCAC512EA2322DA11E7DA15123FA6F3
SHA256:C81CD5734644D653702A9F5C425800F96E9FAC88041F21A0D5E2B027CEFF48D1
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8binary
MD5:9B82DC57AFD3377E27167C5C46E97715
SHA256:FD0F9AC613F17B023E265913D2326BD14770D1D0765780BEC0A50E5F53DA3145
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8binary
MD5:68024A4790D8A65828E40CFD4323460D
SHA256:3BB54D61B4C3A5BB450E16539A1133A6416E7048490CD6BE2B2EE1593CE554CD
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:56FD06D81971DC808288B1B81EC43403
SHA256:E8EEC6148520F0487E19407697F9567DAC2CFA2F797A996E5E738AF9E8E0118D
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:B72E0E8A9382B12CD760D2871DDA000C
SHA256:4B24A73CED6C6EE64149CFEC4BEB11AC1AB111A7BFB43AB86BA0EFA50DC04298
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:6954615F68998164A6361E081DCB9734
SHA256:96F384CE6773F245170429DD09F29555DA457DE64FA46147DD9222B313E8C113
3432Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_879B5BB4D389070BD08B98FB516E4EFAbinary
MD5:025D68764CDC6F7C8B6EBA84D6E351DF
SHA256:92552A765B45652341AF120DAEC1167026584EE888153D8C8A7791490551752E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
13
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3432
Wave Browser.exe
GET
200
108.156.0.231:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
binary
2.02 Kb
unknown
3432
Wave Browser.exe
GET
200
8.248.149.254:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f3b75637f54ac101
unknown
compressed
4.66 Kb
unknown
3432
Wave Browser.exe
GET
200
18.164.122.57:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
binary
1.51 Kb
unknown
3432
Wave Browser.exe
GET
200
108.138.216.113:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
binary
1.39 Kb
unknown
3432
Wave Browser.exe
GET
200
99.86.160.14:80
http://ocsp.r2m01.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBShdVEFnSEQ0gG5CBtzM48cPMe9XwQUgbgOY4qJEhjl%2Bjs7UJWf5uWQE4UCEASvMWuUfgVrMIzyBjvGjBw%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3432
Wave Browser.exe
18.235.232.220:443
AMAZON-AES
US
unknown
3432
Wave Browser.exe
8.248.149.254:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
3432
Wave Browser.exe
108.156.0.231:80
o.ss2.us
AMAZON-02
US
unknown
3432
Wave Browser.exe
18.164.122.57:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
unknown
3432
Wave Browser.exe
108.138.216.113:80
ocsp.rootca1.amazontrust.com
AMAZON-02
US
unknown
3432
Wave Browser.exe
99.86.160.14:80
ocsp.r2m01.amazontrust.com
AMAZON-02
US
unknown
868
svchost.exe
95.101.148.135:80
Akamai International B.V.
NL
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 8.248.149.254
  • 67.26.137.254
  • 8.248.115.254
  • 8.241.122.254
  • 8.248.147.254
whitelisted
o.ss2.us
  • 108.156.0.231
  • 108.156.0.223
  • 108.156.0.68
  • 108.156.0.98
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.164.122.57
whitelisted
ocsp.rootca1.amazontrust.com
  • 108.138.216.113
shared
ocsp.r2m01.amazontrust.com
  • 99.86.160.14
whitelisted
armmf.adobe.com
  • 88.221.124.138
whitelisted
swupdater.com
  • 3.86.137.148
  • 44.215.227.187
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Wave Browser.exe