File name:

Wave Browser.exe

Full analysis: https://app.any.run/tasks/c8bc6135-50dc-4ceb-a4e9-8a8fb5e0eb6d
Verdict: Malicious activity
Analysis date: April 02, 2025, 09:37:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

ED249EECA5364B32391801EC5C2D9A33

SHA1:

C2FF4AF1E6A3DEE3E8E2EED5EBD2BED216423384

SHA256:

3321B8EE0CAFE7D336A93913C455BEBBB821622C011CE10A9198A49392A3BB66

SSDEEP:

24576:653l9O0nJzu8bw5fM3/FIamqPG8xzY6CkQ+aNh1Rce:yE3iFmO53CfTRl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • SWUpdater.exe (PID: 5720)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 5720)
      • setup.exe (PID: 6028)
      • setup.exe (PID: 4172)

    • Executable content was dropped or overwritten

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • SWUpdater.exe (PID: 5720)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)
      • setup.exe (PID: 4172)

    • The process creates files with name similar to system file names

      • Wave Browser.exe (PID: 6480)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Wave Browser.exe (PID: 6480)

    • Starts itself from another location

      • SWUpdater.exe (PID: 5720)

    • Creates/Modifies COM task schedule object

      • SWUpdaterComRegisterShell64.exe (PID: 1324)
      • SWUpdaterComRegisterShell64.exe (PID: 6108)
      • SWUpdaterComRegisterShell64.exe (PID: 896)
      • SWUpdater.exe (PID: 864)

    • Application launched itself

      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Searches for installed software

      • setup.exe (PID: 4172)

    • Reads the date of Windows installation

      • setup.exe (PID: 6028)

    • Creates a software uninstall entry

      • setup.exe (PID: 4172)

  • INFO

    • Checks proxy server information

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 5800)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • The sample compiled with english language support

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • SWUpdater.exe (PID: 5720)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)
      • setup.exe (PID: 4172)

    • Checks supported languages

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • SWUpdater.exe (PID: 5720)
      • SWUpdater.exe (PID: 864)
      • SWUpdater.exe (PID: 4896)
      • SWUpdaterComRegisterShell64.exe (PID: 6108)
      • SWUpdaterComRegisterShell64.exe (PID: 896)
      • SWUpdaterComRegisterShell64.exe (PID: 1324)
      • SWUpdater.exe (PID: 5800)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 4688)
      • SWUpdater.exe (PID: 1188)
      • setup.exe (PID: 6028)
      • setup.exe (PID: 5008)

    • Reads the computer name

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 5720)
      • SWUpdater.exe (PID: 864)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 5800)
      • setup.exe (PID: 4172)
      • SWUpdater.exe (PID: 1188)
      • setup.exe (PID: 6028)

    • Reads the software policy settings

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 5800)
      • SWUpdater.exe (PID: 4896)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Reads the machine GUID from the registry

      • Wave Browser.exe (PID: 6480)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Creates files or folders in the user directory

      • Wave Browser.exe (PID: 6480)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Create files in a temporary directory

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • svchost.exe (PID: 4448)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)

    • Wave updater related mutex has been found

      • SWUpdater.exe (PID: 5720)
      • SWUpdater.exe (PID: 864)
      • SWUpdater.exe (PID: 1188)
      • SWUpdater.exe (PID: 5800)
      • SWUpdater.exe (PID: 4896)

    • Process checks computer location settings

      • SWUpdater.exe (PID: 5720)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:01:13 22:55:03+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24576
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x31d6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.1.5.3
ProductVersionNumber: 1.1.5.3
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Wavesor Software
FileDescription: WaveBrowser
FileVersion: 1.1.5.3
LegalCopyright: Copyright 2021 Wavesor Software. All rights reserved.
OriginalFileName: Wave Browser
ProductName: WaveBrowser
ProductVersion: 1.1.5.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
18
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wave browser.exe sppextcomobj.exe no specs slui.exe no specs swupdatersetup.exe swupdater.exe swupdater.exe no specs swupdatercomregistershell64.exe no specs swupdatercomregistershell64.exe no specs swupdatercomregistershell64.exe no specs swupdater.exe swupdater.exe no specs swupdater.exe svchost.exe waveinstaller-v1.5.21.2.exe setup.exe setup.exe no specs setup.exe setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserverC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
896"C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exe" /user C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\1.3.115.0\swupdatercomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1188"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=0" /installsource otherinstallcmd /sessionid "{924E76C0-E1FD-4C63-A5EA-97C724520C1E}"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1324"C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exe" /user C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\1.3.115.0\swupdatercomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4172"C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\wavebrowser.packed.7z" C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe
WaveInstaller-v1.5.21.2.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser Installer
Version:
1.5.21.2
Modules
Images
c:\users\admin\appdata\local\temp\nsy6501.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4448C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4560"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4688C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.21.2 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff7f64d8980,0x7ff7f64d898c,0x7ff7f64d8998C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exesetup.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser Installer
Version:
1.5.21.2
Modules
Images
c:\users\admin\appdata\local\temp\nsy6501.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4896"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTE1LjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMTUuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins5MjRFNzZDMC1FMUZELTRDNjMtQTVFQS05N0M3MjQ1MjBDMUV9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0FGNTA5NUM2LUYyRjQtNDA0QS1CMzQ0LTBDQUI4NjZEQkFCOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iNCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjExNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMzkwIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe
SWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5008C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.21.2 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff7f64d8980,0x7ff7f64d898c,0x7ff7f64d8998C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exesetup.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser Installer
Version:
1.5.21.2
Modules
Images
c:\users\admin\appdata\local\temp\nsy6501.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
7 704
Read events
6 293
Write events
1 326
Delete events
85

Modification events

(PID) Process:(6480) Wave Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\ClientState\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}
Operation:writeName:CustomInstallPath
Value:
C:\Users\admin\Wavesor Software\WaveBrowser
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:delete valueName:uid
Value:
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:delete valueName:old-uid
Value:
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\ClientState\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}
Operation:writeName:usagestats
Value:
0
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:writeName:path
Value:
C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /uninstall
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\Clients\{F6F60ACE-71AD-4610-80D4-9253729FB4B7}
Operation:writeName:pv
Value:
1.3.115.0
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\Clients\{F6F60ACE-71AD-4610-80D4-9253729FB4B7}
Operation:writeName:name
Value:
SWUpdater
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\ClientState\{F6F60ACE-71AD-4610-80D4-9253729FB4B7}
Operation:writeName:pv
Value:
1.3.115.0
Executable files
35
Suspicious files
14
Text files
6
Unknown types
1

Dropped files

PID
Process
Filename
Type
6480Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nseB587.tmp\inetc.dllexecutable
MD5:77712B0AB4C825BF3CB82D89BDD0083D
SHA256:ECE8274B656EE8DCED08FCBA0365E1344CD1F1558203EAC4C5BA53BAA41F279B
6480Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:BB7FAFF6EB542552C6E171F5C556BEA6
SHA256:0BF3AB9E4A29B2D18888FCCB5FDBFDD54AAC020127A8706A431D0865F21436F4
6480Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:36F5B7CE77223D8611E33307D8359025
SHA256:EC86CA141AD794F77600DF34DA29F9B90A83CB6C1B833867DF24F3177F8009A8
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\psmachine_64.dllexecutable
MD5:70A63C1CBA054BE0E6B3A140617E9BD0
SHA256:470C2E47D872C1AE98C8A2E80EBF4167D8D0C38A3449CF54DD4E5680C0FCA15A
6480Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nseB587.tmp\Info.rtftext
MD5:18344164F7BBF9B056A543F9A026D6A1
SHA256:F67FABD560B4F57931D0F945F7673DC34B2F91AA80E5455F024B95A84F8F358D
6480Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nseB587.tmp\nsArray.dllexecutable
MD5:FBD9CD84DA2090B46B3192157A1FDCC4
SHA256:DEAED02C720ABCF82A76615F5F0DEEBDCDF72412CC716D133AEA0C624D84921F
6480Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nseB587.tmp\nsResize.dllexecutable
MD5:FC98E463A6BCA53F9AAF65BFE58AC2A0
SHA256:0A26E09C338080A1C2AFB434E72BF9D4AC183D0F8E6266E1B071548BCDA7EACF
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\swupdater.dllexecutable
MD5:9D56798983584AD3CA5380416C9C9F22
SHA256:85EA15BB991937B899A0F9288B33FF2067662970AAB1A8680A14E45905745019
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\SWUpdater.exeexecutable
MD5:CE1F3290557EF976D7D0EFF3CF61BCD0
SHA256:A54A17E0964D9924501A8DDD070071AE94A6B91A954785826F4D3B86F1685F55
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\psmachine.dllexecutable
MD5:E3A0BB1EE0D0421B0D99C898B18E6CA5
SHA256:73ED221665117DD9D85A20F0AB602E7F01CB7951D863DAEA64E637AF938BC615
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6480
Wave Browser.exe
GET
200
18.245.38.41:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
whitelisted
6480
Wave Browser.exe
GET
200
18.245.65.219:80
http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAe1ZiGQuoxhCkdWaZg%2Bcrw%3D
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3768
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3768
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6480
Wave Browser.exe
18.204.238.94:443
api.wavebrowserbase.com
AMAZON-AES
US
unknown
6480
Wave Browser.exe
18.245.38.41:80
ocsp.rootca1.amazontrust.com
US
whitelisted
6480
Wave Browser.exe
18.245.65.219:80
ocsp.r2m02.amazontrust.com
US
whitelisted
3216
svchost.exe
20.7.2.167:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
40.126.31.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
google.com
  • 142.250.185.206
whitelisted
api.wavebrowserbase.com
  • 18.204.238.94
  • 34.199.49.155
  • 44.217.59.121
  • 54.172.53.247
  • 35.169.228.217
  • 34.232.25.219
unknown
ocsp.rootca1.amazontrust.com
  • 18.245.38.41
whitelisted
ocsp.r2m02.amazontrust.com
  • 18.245.65.219
whitelisted
client.wns.windows.com
  • 20.7.2.167
whitelisted
login.live.com
  • 40.126.31.131
  • 20.190.159.129
  • 40.126.31.128
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.129
  • 40.126.31.130
  • 20.190.159.64
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
swupdater.com
  • 3.211.24.27
  • 54.81.184.151
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Wave Browser.exe