File name:

Wave Browser.exe

Full analysis: https://app.any.run/tasks/c8bc6135-50dc-4ceb-a4e9-8a8fb5e0eb6d
Verdict: Malicious activity
Analysis date: April 02, 2025, 09:37:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

ED249EECA5364B32391801EC5C2D9A33

SHA1:

C2FF4AF1E6A3DEE3E8E2EED5EBD2BED216423384

SHA256:

3321B8EE0CAFE7D336A93913C455BEBBB821622C011CE10A9198A49392A3BB66

SSDEEP:

24576:653l9O0nJzu8bw5fM3/FIamqPG8xzY6CkQ+aNh1Rce:yE3iFmO53CfTRl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • SWUpdater.exe (PID: 5720)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • SWUpdater.exe (PID: 5720)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)
      • setup.exe (PID: 4172)

    • The process creates files with name similar to system file names

      • Wave Browser.exe (PID: 6480)

    • Reads security settings of Internet Explorer

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 5720)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Wave Browser.exe (PID: 6480)

    • Creates/Modifies COM task schedule object

      • SWUpdaterComRegisterShell64.exe (PID: 6108)
      • SWUpdaterComRegisterShell64.exe (PID: 1324)
      • SWUpdaterComRegisterShell64.exe (PID: 896)
      • SWUpdater.exe (PID: 864)

    • Starts itself from another location

      • SWUpdater.exe (PID: 5720)

    • Application launched itself

      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Searches for installed software

      • setup.exe (PID: 4172)

    • Creates a software uninstall entry

      • setup.exe (PID: 4172)

    • Reads the date of Windows installation

      • setup.exe (PID: 6028)

  • INFO

    • The sample compiled with english language support

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • SWUpdater.exe (PID: 5720)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)
      • setup.exe (PID: 4172)

    • Checks supported languages

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 5720)
      • SWUpdaterSetup.exe (PID: 5552)
      • SWUpdater.exe (PID: 864)
      • SWUpdaterComRegisterShell64.exe (PID: 6108)
      • SWUpdaterComRegisterShell64.exe (PID: 1324)
      • SWUpdaterComRegisterShell64.exe (PID: 896)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 1188)
      • SWUpdater.exe (PID: 5800)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 4688)
      • setup.exe (PID: 6028)
      • setup.exe (PID: 5008)

    • Reads the software policy settings

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 5800)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Create files in a temporary directory

      • Wave Browser.exe (PID: 6480)
      • SWUpdaterSetup.exe (PID: 5552)
      • svchost.exe (PID: 4448)
      • WaveInstaller-v1.5.21.2.exe (PID: 6960)

    • Wave updater related mutex has been found

      • SWUpdater.exe (PID: 5720)
      • SWUpdater.exe (PID: 864)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 1188)
      • SWUpdater.exe (PID: 5800)

    • Checks proxy server information

      • Wave Browser.exe (PID: 6480)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 5800)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Creates files or folders in the user directory

      • Wave Browser.exe (PID: 6480)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)

    • Reads the computer name

      • SWUpdater.exe (PID: 5720)
      • SWUpdater.exe (PID: 864)
      • SWUpdater.exe (PID: 4896)
      • SWUpdater.exe (PID: 1188)
      • SWUpdater.exe (PID: 5800)
      • Wave Browser.exe (PID: 6480)
      • setup.exe (PID: 6028)
      • setup.exe (PID: 4172)

    • Process checks computer location settings

      • SWUpdater.exe (PID: 5720)

    • Reads the machine GUID from the registry

      • Wave Browser.exe (PID: 6480)
      • setup.exe (PID: 4172)
      • setup.exe (PID: 6028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:01:13 22:55:03+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24576
InitializedDataSize: 118784
UninitializedDataSize: 1024
EntryPoint: 0x31d6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.1.5.3
ProductVersionNumber: 1.1.5.3
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Wavesor Software
FileDescription: WaveBrowser
FileVersion: 1.1.5.3
LegalCopyright: Copyright 2021 Wavesor Software. All rights reserved.
OriginalFileName: Wave Browser
ProductName: WaveBrowser
ProductVersion: 1.1.5.3
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
144
Monitored processes
18
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start wave browser.exe sppextcomobj.exe no specs slui.exe no specs swupdatersetup.exe swupdater.exe swupdater.exe no specs swupdatercomregistershell64.exe no specs swupdatercomregistershell64.exe no specs swupdatercomregistershell64.exe no specs swupdater.exe swupdater.exe no specs swupdater.exe svchost.exe waveinstaller-v1.5.21.2.exe setup.exe setup.exe no specs setup.exe setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /regserverC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
896"C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exe" /user C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\1.3.115.0\swupdatercomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1188"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /handoff "bundlename=WaveBrowser&appguid={EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}&appname=WaveBrowser&needsadmin=False&lang=en&usagestats=0" /installsource otherinstallcmd /sessionid "{924E76C0-E1FD-4C63-A5EA-97C724520C1E}"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1324"C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exe" /user C:\Users\admin\Wavesor Software\SWUpdater\1.3.115.0\SWUpdaterComRegisterShell64.exeSWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\1.3.115.0\swupdatercomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4172"C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\wavebrowser.packed.7z" C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe
WaveInstaller-v1.5.21.2.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser Installer
Version:
1.5.21.2
Modules
Images
c:\users\admin\appdata\local\temp\nsy6501.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4448C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
4560"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4688C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.21.2 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff7f64d8980,0x7ff7f64d898c,0x7ff7f64d8998C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exesetup.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser Installer
Version:
1.5.21.2
Modules
Images
c:\users\admin\appdata\local\temp\nsy6501.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4896"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJTV1VwZGF0ZXIiIHVwZGF0ZXJ2ZXJzaW9uPSIxLjMuMTE1LjAiIHNoZWxsX3ZlcnNpb249IjEuMy4xMTUuMCIgaXNtYWNoaW5lPSIwIiBzZXNzaW9uaWQ9Ins5MjRFNzZDMC1FMUZELTRDNjMtQTVFQS05N0M3MjQ1MjBDMUV9IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHJlcXVlc3RpZD0ie0FGNTA5NUM2LUYyRjQtNDA0QS1CMzQ0LTBDQUI4NjZEQkFCOX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iNCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7RjZGNjBBQ0UtNzFBRC00NjEwLTgwRDQtOTI1MzcyOUZCNEI3fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjExNS4wIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMzkwIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe
SWUpdater.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
Wavesor SWUpdater
Exit code:
0
Version:
1.3.115.0
Modules
Images
c:\users\admin\wavesor software\swupdater\swupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5008C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\WaveBrowser\User Data\Crashpad" --annotation=channel= --annotation=plat=Win64 --annotation=prod=WaveBrowser --annotation=ver=1.5.21.2 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x7ff7f64d8980,0x7ff7f64d898c,0x7ff7f64d8998C:\Users\admin\AppData\Local\Temp\nsy6501.tmp\setup.exesetup.exe
User:
admin
Company:
Wavesor Software
Integrity Level:
MEDIUM
Description:
WaveBrowser Installer
Version:
1.5.21.2
Modules
Images
c:\users\admin\appdata\local\temp\nsy6501.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
7 704
Read events
6 293
Write events
1 326
Delete events
85

Modification events

(PID) Process:(6480) Wave Browser.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\ClientState\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}
Operation:writeName:CustomInstallPath
Value:
C:\Users\admin\Wavesor Software\WaveBrowser
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:delete valueName:uid
Value:
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:delete valueName:old-uid
Value:
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\ClientState\{EB149AD2-CE4E-4F51-B7FC-A149FAA4CCAF}
Operation:writeName:usagestats
Value:
0
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:writeName:path
Value:
C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\Wavesor Software\SWUpdater\SWUpdater.exe" /uninstall
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\Clients\{F6F60ACE-71AD-4610-80D4-9253729FB4B7}
Operation:writeName:pv
Value:
1.3.115.0
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\Clients\{F6F60ACE-71AD-4610-80D4-9253729FB4B7}
Operation:writeName:name
Value:
SWUpdater
(PID) Process:(5720) SWUpdater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Wavesor\SWUpdater\ClientState\{F6F60ACE-71AD-4610-80D4-9253729FB4B7}
Operation:writeName:pv
Value:
1.3.115.0
Executable files
35
Suspicious files
14
Text files
6
Unknown types
1

Dropped files

PID
Process
Filename
Type
6480Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nseB587.tmp\nsDialogs.dllexecutable
MD5:68B59D5146DBAC3961030DD0A6356E8C
SHA256:B56B44111F7310C775DF3FD626CBD10ECCF29B50C3E78FE2CE4C42A7C314899C
6480Wave Browser.exeC:\Users\admin\AppData\Local\Temp\nseB587.tmp\nsResize.dllexecutable
MD5:FC98E463A6BCA53F9AAF65BFE58AC2A0
SHA256:0A26E09C338080A1C2AFB434E72BF9D4AC183D0F8E6266E1B071548BCDA7EACF
6480Wave Browser.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_9CF206332A35C57AE8DE5E518DDDA014der
MD5:95D724795BC46BCE3FF368424B59E5CB
SHA256:AB0CDB851AB341E86BC3CE94D14974AF310295875C3DCB67B80302722B1AA200
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\swupdater.dllexecutable
MD5:9D56798983584AD3CA5380416C9C9F22
SHA256:85EA15BB991937B899A0F9288B33FF2067662970AAB1A8680A14E45905745019
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\SWUpdaterBroker.exeexecutable
MD5:568FB071671D4F47DCF22505B296566B
SHA256:5D401C9CF832AD01D7040750FF8051AF8D12A11D5F50D2B3E261C19C31D803BE
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\psmachine_64.dllexecutable
MD5:70A63C1CBA054BE0E6B3A140617E9BD0
SHA256:470C2E47D872C1AE98C8A2E80EBF4167D8D0C38A3449CF54DD4E5680C0FCA15A
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\SWUpdater.exeexecutable
MD5:CE1F3290557EF976D7D0EFF3CF61BCD0
SHA256:A54A17E0964D9924501A8DDD070071AE94A6B91A954785826F4D3B86F1685F55
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\psuser.dllexecutable
MD5:AC13058CFC275B72BC96DF8F4EABAA8A
SHA256:5BBC69B326CA315D00FD04D0A48456B4E8C42F15F53961A35E1BBC62F2E017D9
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\SWUpdaterOnDemand.exeexecutable
MD5:35273CC2F11CAA7F26A0B1F2779FBDC9
SHA256:0E168707804524B695DE431E137DC318A76D14B943773291DA824672DD156D4E
5552SWUpdaterSetup.exeC:\Users\admin\AppData\Local\Temp\GUMF241.tmp\psmachine.dllexecutable
MD5:E3A0BB1EE0D0421B0D99C898B18E6CA5
SHA256:73ED221665117DD9D85A20F0AB602E7F01CB7951D863DAEA64E637AF938BC615
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6480
Wave Browser.exe
GET
200
18.245.38.41:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
whitelisted
6480
Wave Browser.exe
GET
200
18.245.65.219:80
http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAe1ZiGQuoxhCkdWaZg%2Bcrw%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3768
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3768
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6480
Wave Browser.exe
18.204.238.94:443
api.wavebrowserbase.com
AMAZON-AES
US
unknown
6480
Wave Browser.exe
18.245.38.41:80
ocsp.rootca1.amazontrust.com
US
whitelisted
6480
Wave Browser.exe
18.245.65.219:80
ocsp.r2m02.amazontrust.com
US
whitelisted
3216
svchost.exe
20.7.2.167:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
40.126.31.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
google.com
  • 142.250.185.206
whitelisted
api.wavebrowserbase.com
  • 18.204.238.94
  • 34.199.49.155
  • 44.217.59.121
  • 54.172.53.247
  • 35.169.228.217
  • 34.232.25.219
unknown
ocsp.rootca1.amazontrust.com
  • 18.245.38.41
whitelisted
ocsp.r2m02.amazontrust.com
  • 18.245.65.219
whitelisted
client.wns.windows.com
  • 20.7.2.167
whitelisted
login.live.com
  • 40.126.31.131
  • 20.190.159.129
  • 40.126.31.128
  • 20.190.159.75
  • 20.190.159.71
  • 40.126.31.129
  • 40.126.31.130
  • 20.190.159.64
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
swupdater.com
  • 3.211.24.27
  • 54.81.184.151
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Wave Browser.exe